From d2c500c94a8f0af5916c55c0b728979614da3b71 Mon Sep 17 00:00:00 2001
From: Fredrik Eriksson <feffe@fulh.ax>
Date: Sun, 17 May 2020 20:31:52 +0200
Subject: [PATCH] more selinux fixes

---
 net-analyzer/icinga2/Manifest                 |      1 -
 sec-policy/selinux-base-policy/Manifest       |      6 +-
 .../files/cron_allow_watch_crontabs.patch     |      8 +
 .../files/git_portage_repo_fix.patch          |      9 +
 .../files/logging_init_read_config.patch      |     10 +
 .../files/sysadm_allow_watch.patch            |      9 +
 .../selinux-base-policy-2.20190609-r1.ebuild  |      3 +
 .../selinux-feffe-policies/files/feffe.if     |      1 +
 .../selinux-feffe-policies/files/feffe.pp     |    Bin 0 -> 94126 bytes
 .../selinux-feffe-policies/files/feffe.te     |     46 +-
 .../files/tmp/all_interfaces.conf             | 285730 +++++++++++++++
 .../files/tmp/feffe.tmp                       |   5160 +
 .../files/tmp/iferror.m4                      |      1 +
 sec-policy/selinux-icinga2/Manifest           |      4 +-
 .../selinux-icinga2/files/gentoonize.patch    |     65 +-
 .../selinux-icinga2-2.11.3.ebuild             |      2 +-
 16 files changed, 291017 insertions(+), 38 deletions(-)
 create mode 100644 sec-policy/selinux-base-policy/files/cron_allow_watch_crontabs.patch
 create mode 100644 sec-policy/selinux-base-policy/files/git_portage_repo_fix.patch
 create mode 100644 sec-policy/selinux-base-policy/files/logging_init_read_config.patch
 create mode 100644 sec-policy/selinux-base-policy/files/sysadm_allow_watch.patch
 create mode 100644 sec-policy/selinux-feffe-policies/files/feffe.if
 create mode 100644 sec-policy/selinux-feffe-policies/files/feffe.pp
 create mode 100644 sec-policy/selinux-feffe-policies/files/tmp/all_interfaces.conf
 create mode 100644 sec-policy/selinux-feffe-policies/files/tmp/feffe.tmp
 create mode 100644 sec-policy/selinux-feffe-policies/files/tmp/iferror.m4

diff --git a/net-analyzer/icinga2/Manifest b/net-analyzer/icinga2/Manifest
index e88e0bd..b1e5773 100644
--- a/net-analyzer/icinga2/Manifest
+++ b/net-analyzer/icinga2/Manifest
@@ -1,3 +1,2 @@
-AUX icinga2.initd-3 2390 BLAKE2B 1ead1dd958d978324dfa043abcc58be7ed389207e2bf4dc4786bd2705f94c70a03b84f34a55435f6d9dfcc0483e35da60c1f536dec1060bdc232108c622e0615 SHA512 a43911717fe891e70690647daa57426f70d10f9cb02c721962be4c13cfe8a95bc3ff84b9ba2a293adafc8ddacf8ea6771bd66e7ff6dabe3e732176bf6e6e474a
 DIST icinga2-2.11.3.tar.gz 7475785 BLAKE2B baabe8c90170a7b2ddb3ae7e95ef3cd042e64f68dbfdb50f5a981bc63ae5aa1e8ec4082729456d1b3fc02c0c74a98e15383cc56e56c53a2ab6181db94125365c SHA512 616e938fabaa6565fb9ac4824649c09801dd53b3517c0a9b5b62307293bc838377c18818cc13dd40e240902f02455c421d433b6ee54671403598c5b7aeb78ea1
 EBUILD icinga2-2.11.3.ebuild 4615 BLAKE2B 15e2025925303b103de145a66ba3a04881cf6957e0f0ff6fcf5082ec5b47180cb06dcbc2f14dcf2bd9f0d1735c532a0980bb1d03f6ede46af07fdf7c3d064dff SHA512 2b365a8c1e5a14c528ea572e19a498f56389c32141a7e64d7e2af07095880986bc889fbc6a4b32ed1c71180b08579720c5bcfd6ec7ffd99abfa17fe8e59cb1a6
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index a4131b7..900d293 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -1,7 +1,11 @@
+AUX cron_allow_watch_crontabs.patch 305 BLAKE2B bcc4c3663c7100c8c40531e5a5832efeaad3cfe8ba343dd29976f84e62676bf21a5e5aaf38edfb5e2e3fa960fcaa3f6b15bdf5ce8532ccc6c4c2d201b664e680 SHA512 8ddacea7990bdbfec2cbb4d542f739704fe6e8379877c3c6578f09f5a93aac1f57cfedc4e7d0ccf13eb9d4c9269fe5817b4b9ad74c8907831de353c06558e0fc
+AUX git_portage_repo_fix.patch 366 BLAKE2B d78d6fe0913a51071ba4a594cbfdc2c665e98c14789e2bcd45a691c5d4a62ccfd6f4f802dd32e6792a346cc3f44fbd164b5a72eaf04efc75ea57b4d4f9c45d5a SHA512 ce4b013d7038a40f9dc25803fe7af94cfbab9cc071f8334c241f1704b1d410c3843c42c3c57fb0f2ef1e8274237fcaf355a168593b7fe6e9e14ba24c19d2e777
 AUX init_paths.patch 427 BLAKE2B adaa31a8df2ba0ad77b58a0b1bddfd9bcbd48e19c8790ac51f2e679463413c237e12977363ad6156fe329da0b976d277d352db19429870a6df9a50da223c9e9f SHA512 8275af9ef8a1ad2bd57bde249b6d7e72518897e4acc864170c69274f08e410c9b888820c9c936b2e8a7682663c5311e5d2a47da20acf9297da64eae4875d142c
 AUX init_read_syslog_config.patch 422 BLAKE2B 41814137d275eec4e6d801a318586c4040e22a512187a91dea9440026e2dc01dacc46404b7592ca71970c886b2a99f7d98989bfffc9e4e096042f13738a3003e SHA512 11cbed7bda6992a292e88628598026f8b1703b7ae258188d43e98ae140463bb5e28cfa64a9cc3864356f34b9089f79f51db4b60f2faeb05c03f8246e81d06737
+AUX logging_init_read_config.patch 400 BLAKE2B 91899869ab8ba4923e4e26ec16317d4e23734043df0d27f7693e6445669fc21e3948cd3082a3193e01ef368a967ec2d43fd5d1e0ed3172637bce1a5dc3c1c495 SHA512 06b38922971178e45492bb1a29d0d18990b8e00cc492571d78b0aaca1514f5dc0540d692fe2159afe51c09717ec02f7ea2cf795f0cfe62f566a107092bd602a0
 AUX mta_user_mail_newaliases.patch 406 BLAKE2B b8b23b24790267f301de0d6e17f9a25ac455dc3f6f7dee9f291c1e122d39fa125e86a4c5d1b3a8ac575576eebc3683b15fa1f7b8dee3016a8f046bb644ac7f42 SHA512 1515d0d79e7f33c80cebc5bd0babc2731595f31105de86df84d4940167693a274ae2271de3607369956750f22ab469fea8b247ba34cc8bb61f6a0a15d56a9328
 AUX portage_paths.patch 1745 BLAKE2B ec0d213d13ac0e1d1d9bd52d2811b37814c00c2f385af4a074267144976634d2bce66fd0b530e61924c7f3fc0abd3b0c5a9c6aab72c2834ff1cf935dff91edae SHA512 31933e1f8588d16b4f336b571ce388bc2a6204db7c99f242826c172fe9417f88cc7c40030a0712315539b1dcc2b4a56d54a194852d6123d9ef5f58750fc87ef2
+AUX sysadm_allow_watch.patch 317 BLAKE2B 5b54c9bcc242d6a8bc5ffb77d7774f325bb54dec9e370d25ce01b8597f91dee19b16aff9dd50bb12aa1420cb09ff463b3dc2ea6322c5fcc16f8f55274a438699 SHA512 730c9ad70817216f122ed4a7fad8931b6aec42e6dcc72f7e97ab1986b4d3900daeb1403380028db009c640fa4f1d1fff97e9c03913f24ba0023638b0782eb059
 DIST patchbundle-selinux-base-policy-2.20190609-r1.tar.bz2 407664 BLAKE2B e6b6b56f990389365c062522582e2177bc3b70040c99948efad25737e69178f9f72149cc443cb9edacfdd1aa6bc29f637cc61939f66e5cc3841f83298b33c41e SHA512 16195b51bb414ac82821f93756b3b5d0ec206b7035a50379c1f796082d9c53b11369e15086e1e26521808944266364470c43dcfdd1818ba079fda1613b7ef9bd
 DIST refpolicy-2.20190609.tar.bz2 555882 BLAKE2B abc45d9c906e0c880b7c47b0fb8e33f4a277c73244e20e8a95c44452db817241110127a5f8a3347cfbf5e30bf91f9dd4e5dd826426eb88b383fdbff5963f5fcd SHA512 f05ca08d31e62b7bf7203d7b243cce9ba87dd68d13b30067b99a44d5007449078fa82d591faa88c2955d370a346e69faedc850c02bd77c5624a8c746a13467f3
-EBUILD selinux-base-policy-2.20190609-r1.ebuild 3990 BLAKE2B a884c64c29bfea455af98463d44303ec6a81e2e62f9b9452617e7f28b1cc6505ab38317a1145d848e5751c4ceb87ff111f89336d5605906c53ee8f01630dc0f8 SHA512 bb3ceb178f4d4e081aae7954ae752e40e29b5921ccc898b4ad760b34535a2cec012b3b7c469553504b01186b93053ee9819f66cd40bc718e5dff4c7ba44f622a
+EBUILD selinux-base-policy-2.20190609-r1.ebuild 4113 BLAKE2B 6b340a9535c63ce7a9206a6929828ec5bda4e9bea2cfe9369d37332f4ccb48bea5cce7efd0bb20353d1e8572f0727944b207a494d00226660d240fcd602a7f66 SHA512 a2c75d9b362bb7f4f65aeb0cc3894f5df546c7cecc11bd7afa43e54873618eab799a678696fd672432944457f7269cde31975c0b2b9c8f980a4694c0a4709c84
diff --git a/sec-policy/selinux-base-policy/files/cron_allow_watch_crontabs.patch b/sec-policy/selinux-base-policy/files/cron_allow_watch_crontabs.patch
new file mode 100644
index 0000000..e0a7742
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/cron_allow_watch_crontabs.patch
@@ -0,0 +1,8 @@
+--- work/refpolicy/policy/modules/services/cron.te.orig	2020-05-17 19:58:38.079815252 +0200
++++ work/refpolicy/policy/modules/services/cron.te	2020-05-17 20:12:21.892774990 +0200
+@@ -779,3 +779,5 @@
+ optional_policy(`
+ 	unconfined_domain(unconfined_cronjob_t)
+ ')
++
++allow crond_t cron_spool_t:dir watch;
diff --git a/sec-policy/selinux-base-policy/files/git_portage_repo_fix.patch b/sec-policy/selinux-base-policy/files/git_portage_repo_fix.patch
new file mode 100644
index 0000000..99fbd3b
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/git_portage_repo_fix.patch
@@ -0,0 +1,9 @@
+--- work/refpolicy/policy/modules/admin/portage.te.orig	2020-05-17 16:34:20.542137399 +0200
++++ work/refpolicy/policy/modules/admin/portage.te	2020-05-17 16:35:31.601142871 +0200
+@@ -538,3 +538,6 @@
+ 
+ 	files_manage_etc_runtime_files(portage_eselect_domain)
+ ')
++
++# required when using git to manage portage repositories
++allow portage_t portage_ebuild_t:file map;
diff --git a/sec-policy/selinux-base-policy/files/logging_init_read_config.patch b/sec-policy/selinux-base-policy/files/logging_init_read_config.patch
new file mode 100644
index 0000000..47adcec
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/logging_init_read_config.patch
@@ -0,0 +1,10 @@
+--- work/refpolicy/policy/modules/system/logging.te.orig	2020-05-17 16:50:17.101211062 +0200
++++ work/refpolicy/policy/modules/system/logging.te	2020-05-17 16:51:46.283217930 +0200
+@@ -631,4 +631,7 @@
+ 	manage_files_pattern(syslogd_t, syslogmanaged, syslogmanaged)
+ 
+ 	files_rw_var_lib_dirs(syslogd_t)
++	
++	# openrc init script needs to read rsyslog config
++	logging_read_syslog_config(initrc_t)
+ ')
diff --git a/sec-policy/selinux-base-policy/files/sysadm_allow_watch.patch b/sec-policy/selinux-base-policy/files/sysadm_allow_watch.patch
new file mode 100644
index 0000000..580f714
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/sysadm_allow_watch.patch
@@ -0,0 +1,9 @@
+--- work/refpolicy/policy/modules/roles/sysadm.te.orig	2020-05-17 20:18:02.631758336 +0200
++++ work/refpolicy/policy/modules/roles/sysadm.te	2020-05-17 20:18:42.373756394 +0200
+@@ -1457,3 +1457,6 @@
+ 		vde_role(sysadm_r, sysadm_t)
+ 	')
+ ')
++
++allow sysadm_t file_type:file watch;
++allow sysadm_t file_type:dir watch;
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild
index 7dd7db8..4e08de9 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild
@@ -34,6 +34,9 @@ PATCHES=(
 	${FILESDIR}/init_read_syslog_config.patch
 	${FILESDIR}/init_paths.patch
 	${FILESDIR}/mta_user_mail_newaliases.patch
+	${FILESDIR}/git_portage_repo_fix.patch
+	${FILESDIR}/sysadm_allow_watch.patch
+	${FILESDIR}/cron_allow_watch_crontabs.patch
 )
 
 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
diff --git a/sec-policy/selinux-feffe-policies/files/feffe.if b/sec-policy/selinux-feffe-policies/files/feffe.if
new file mode 100644
index 0000000..3eb6a30
--- /dev/null
+++ b/sec-policy/selinux-feffe-policies/files/feffe.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/sec-policy/selinux-feffe-policies/files/feffe.pp b/sec-policy/selinux-feffe-policies/files/feffe.pp
new file mode 100644
index 0000000000000000000000000000000000000000..82db376e145c8ed0ec68cd7fc61903f0f153851a
GIT binary patch
literal 94126
zcmeHQ2b3gNbzK&jAac&oAi@e3u~WGOm<EJEfIuKbhIUVP%}leM)M0lAu(jYE$j&A>
zfKA3Zf{k;|IUAgF4&Wfa`)~c%RWq+=XLd)+N@xC=UsLz}bnnkqU0waA8(;gWTOB%d
z=&<;EihtV+ZguDlV!Ml+U;DJivwOq&sm9f#?z~_4D2RSL@o=9deyvzrD{d_(E0-N>
z%D=6yB?kDrmI2R||Mx0AOsoBQF&m9$8?EW6bG(=#t2>Avw8yuRe;12ykH^KZdy$;o
zQT%Fe*uAa%zmxdRXgDl7GeksiXHv9h1y~`Mlat=8KvtkTDf;czqQ5p74G<0$y-{b@
zzrCD*&agcwTF4rCp(>_Q<ZOh35P!XxwP&*lAR<f&af+&HcRIz`v4Bd6I~vcx2X!Wt
zT%LE6b4ey4pmTSijrpuQIynTshxkd+IRSo1iGuo4AD{<c(w~h`<ed@No6d?Mh{8Qw
z{QXN0JS=AY-tc&<J@58r+bb58a$iL252oua<h_Y}&$X^m6=1<^XR}R~zvm`^zWZrD
zsKD{0cLLemN3E`LLHcIXR;b;3D}Shh1rGHFW$<vb&Uky9?MDOcxh2r`9OqGYe@6!f
zvTIBXyK)qtml1<P;2t0z_3zt22Ez4Fi-Fgk%2d>onFMu?nPM@oz~Z_d;$q;=hrLrW
zg4%9M!g%i%)7fOSiF_~#RVEG;T}~W0#kArRf<-aBeqPKAoFa3Vu})!PICQ1>>dZMA
zO^XYppP*W9HUkl4;R5k!2;U_z`xg_85w|)F#>Heh8cH`nJ0sF;(jHFNiV4oq)SY&}
zkFkq(mWD+?o)xENt-<;PCOCA12bUhW+jBuEL>4%70fbHlVh1fWK36*+l*6uvY*12h
zs_4wmyuu+NmPf1s$OxltJ_M?*eaI2Zz{&Qkv(Y-)lQmd04-gyc6BiGxZPO_TW5`U3
z!RSQM!fFW<W@)BIPo9G2^3@X6h~=T(?YazrA1HoOjN6l9I74c5B8VJ}+<ISKK(Q)F
zG$|PgF?q1$=_;6DmLeXE=0mp@KS)f|qCM$sfD=ZJi-5{OQRecB0Ibw5lhF`yu{4il
z1A-td@7K>qvo?bS9lA_B`U^bVxL^kX#)=MdaL*B69lf*OxN|Ui_rB#p<HPyxhb{=W
z+CSb}>-F7M6k*%;j~C#G+SBma&*5=X3<%#an8P5<H%w<^a?milowsg^hVg3==0of(
z;NfHf!YTUI`Q7ns-{Qam_Z0EfNwPOSbudSs{Tzwrtq#S$ToNA4k-OYN+!R9*yDhj_
ze6^qZ>-F+VXf!$K^?UF2n8@I;X?#fOfya{(wy;?Lv4@l^vJUSpVgD=pc0ovr_MZ0E
zr*ex1&~55_>z$2$7sCh{O3F#UH|Wg}6<fjShHPB@HWu5~jiNpF>mPESPq4AYb_Baf
zv8+wGp~oJZ`_tL+Vv{xyM5hoEz2OG-@8~Yw&7r&Q=*@bgA@YX2g#|lQY&F+Llj8_Q
zS;BKFg3I{WQV&OMF$tXl(vU_9Io|8{0a32N;k@tehG8cyOsN#%*bkSNvCxXzKnWt&
zUG%zJS%qBq6deSEge2EsD3$2r^`73flVCuUixgu~(<zWGt}u|#bk^prFYNM3q^uEK
zEg^TgHMXcUkc5D?lY>hPcL`ApP=|2O5MLc`?b%>@;$ZiE7B?Kxz2F`v9_<GYCu69+
z+Uxgbn*kaeJ#x_QwB%ZGGU;_)<D%cf*6t2^t|KEYuQ74)2;|1x=CnUrN6TT9t>P-J
zHJwj!2N+!oefMPhc+qP2+miwEghMw%necFHU1S9`pSn9LFuq89wHFN64!XcubOGPw
zkCy606T!ocWy}_Cu7gG9qm%7Pw>6r(JK<;w+)+pKq0vyTZ%!YzH^dx(hO6D}7VPHj
zYSSHjRIuld3Q*f{PZZxMz5K(-ZOI^+4Bg!ugvk85R<4O?5X{yB(d=lwHTlG%m|(zR
za-MEZTdVTv4Hj0+-oUu=FB_S)-Z~~`gvj=$HEEwjZf<pvNIDC+g;5N0nJD>yrTe5r
zEOHM>K6gSQx5S7=^5~5)zn}|sx6ChCka17N@dHyZ#u|rZ9=!?)Fw?YnQwSNm<yJD5
zzT25$&Ozp2yE+-QyPfuQhFme}IiuVll*E%0y^dS;u{=ZYu*6t-Tm|$7?$)sz2U2~#
zF3xbPYjAuxax<M<vWi({6_j{$M#R3LU$m!AI!K{xS6?846_B&0yEzPTs5H5`H$T<t
z4F>aBd$sT8Ja<DD;@tX*jIfDeTHLCfjQVIs<bZm^ObhwAV1SBAF&)h(9rtk>hHqy>
zY8I6Shuo@H7Hhq=(ZQv~XYwi^Jsu9d9wQMR?&fs8hmP#_fYLcP$D<y%&gf^mzR8S%
zwO==pF={bGocXpfW(mLVl>76o;i%=d=wP$A+sT;fFuVDkjm#HrE&=98(tfYwmu_IV
zmy55aEH8Tkln?uGG?fX4yxheEW@ZfR;c#5BVy1+9g?Ll|JlyJd4TB%uOmbeA>7wl}
zj1XV$wYJ=B1TH8G228bRP!s{o{W@YGOP9xFKEy-<_jK{q6~0?^Fzp>I^m|_D{TBV1
zTWYj7>9!B*bMLnmd=I^LOMQ+vMh88VJNdJGYUQC@YE-JzJ+(4ilPkc3uDbWGis=^a
zD)H6Hbkdz3ROjBS)6b+&lIp}>-`~BRc4h|;=tzCI3$<N6(uSHu?fK7{<kloM64)M@
zAH!o4i|q-Ya`WB#m13!O>r>qer5V82U2feR9vbvJyvGP>v;aJu+=zw_K<?GBPeWw4
zwL^PhD|ez-oWwZ-F<T=#lF9Weo{&Tkc7Xnt9x$)B{pd-=Qf)<@_2srhuRkjeKKt-H
zd(<7OcNaqhoewS)Z&hw@+L`ta)_}dQ0k~fU*AR~zUhr_f*UGb+-Cp}b*{xun1w%f8
z>&ETPYHGqvj~e$6Cbzq|9)^P|g!uMwk4MUrmPLDT-nuoee^Gw<DeY{8IS_N=E#OIV
zthR8+#8>Yk9G5%8Mc?1`#Jxg<a(!?&{Nz^d6lT<e+(#CqpZfSo3AZe*u``hm2QHK+
zSZ{eF2lsN}o+ZAzB#g)7(ZN$SXR*d&y9@UM@zo0L6-AL93s&Ojyv;<npozy%@K2Ch
z#T)_;*OL#BhP~CceB>gV>hWmeKA%D8pgnA_%e*mPl|>jIAHn6~tBvB<=Sg>PaM$ZB
zI=jE?_0;Y4Dqm4L=;(XjN&3q!d=7|xj=!p%ZVa%oz((I+9-p5tp5XEVByf3w|6sBB
z)`_S0Y_V1cR=<Dn)WlhgC%<pKWJ`7Wd1_kl6WoIjJofy7hwrKA&yCW{zsfU77+VeT
za*yKR$%ca`8_XvgZ~*}K+2V1{3=b!dz69k1GT2db19H<p+2-jSl`^Z>PTkJImqXDs
zyTA9mhr4LL(yx&Ms%u_v-Z^ow<=Oj|2RjNl44mrILRjPuo)-E{J}u<0WpPu!+SA?s
zue&}uk9XB>LD#Z=C-RalwR*gBaK&^MduBWc33o(%wUhci^YPK@tK{t;t$A@mzGZPR
zLGOKn#>5QwV)4})KH+BQgKLqqz81lxhS|W+2zUxp9;%%c+pqQUL>v}M_q}rYrVKVA
zNM3nk4X$6Xjj4PK2dP{Nc}m*PpzcfSh|3RP72?jreCVL(<sNB7sn|>D<M#e$+QY<H
z-E{f^cWP~Np-g0`B~ZNOeA4B|;`2mRbu3O!O%C1^Abs?#$KusnDzwuc9;_96uTDQX
zJaS8Q`pKa?oE)sdXVFdloxyZTy{;GXeVg9FP1m!iTK^%&6<exSzW+Hs`2OeF%&Gnk
z$&<I%=&2w+m{j*Zsp7*RxJ-O?(f5-o9@}!?B*6!u2Nk^c3ij8KkB|zkZfQrW(@|f(
zwcheI-5V!sCohm1zU6Ih{dLgOw)FFZY2&QELE)$2=WnUb-n4tLw>^uEg72Q#i&dv#
zc_jJ*nG$fFezSSP9CsPuaLG`8m{8{0-Wrs^SggzEaPCXz_)M)gbg&_(aQLS3j??v8
zZ&I9;_b*-`&2!6}vHjlJ4+s2*<7*x+kZQkKjS4@>w4@e693D>Ixw+PIx3Ccd_xaox
z_TBfNF_I8Zzk&e+zFUENdKg8W@f_iRd{h_dF`)3uN?+n*OB?KPgJK}xzn#gwbKC-i
zb%1Z^zPgx<kP#fd&0HP2@_t;OGroqrxXaindM671^zch1mG3af<$8Isz+`stjgE6z
zl2)V|u`K!91he^txx(Z2B{<5LfZFmlS@$ku^b&N~^1d}7I&1k=A)MmL@z2=X)BW(k
zxA&`6JilPRSBBvUW_Sz0&F}5>s8_g4#aCwqdBd?>dbQ<+tp}el?fI^@UxzQ>QmOtr
zwj*!On2io<cJH?e{0A_2HljKm;H^U!$`?&<-V=hqY<-l}Fm@C0aQ?aH@{NVqgUA|z
zcNEF%)Uixpi?Vq83HBv^MaAc!$Ywn15AYguU&M7{tIj!{c5m%qQ0#qB_?;cDJ*)NU
zr<;Qre9tpD_B?Qp7mtqZcjc9Dyo}55Vk3wz;P?A-JVu8}03L2?JW=3B%;H<zu((SI
zB*Tz#&w1fG!f)jF{IeC<JR!HmHwI7$9H^q(_^!j}9xzBTIPrc}#6((o&*yADMLg^h
z`Mx)KZ;<RAr*7DT>7>B><v<fxq}|>WuQx*mn6Bj!Izh-5mNEmpnFuLSd3dpz)awXQ
zFl`7IyjujyK?vDywEM0w(2yq~Br(W9p3s}PH`^g<nNlVt+&D(Co2Hnbl<YT?FO-n#
zKxy|clrIOPif%Tyko-K}6w=kjxYrpRti}8B(@~g6;3DzW{^}?8wce_{<7;$$exX$N
z&8qui{(-|Bgn7%~O>-|{mbc_$vcde(84bqx613crSuG}*(l8}?E8feAnC?bT8IzMb
zW*d|t+oVFKH+fAXO29lNuVt2ptINF;mKrzd%5DmFnOkw=2YDj?iFUu&l^?j_>)#L=
zmF!C|9}5E^H(3`mnTh+z4ih9M%9iZ9dYw&}KpnGc#pI??yo$Obzwgo>0HQj4_HFk9
zSTP)WnfPiKoDL42cJTXKze?@m9U%U8onQM<wdE7ClO{mvn*K!oSI@n<YC~Sg7mn+A
z%jMM+jK+lX;Z28lsGfUs)%FN6!lNgm>5-SuuPNu=$yb19trP7@OI{V&(z}(2={H18
zA65S2Da+Pub6lV|;^Tv5*>)$rR=2==Tw61&F1XvdEK>}^*2ajxQzoNr=1Ra|!KheP
z!XlOYv{TFd<{t`L7TuG<$bzzE@njsg+zXX4P?tqolXvhU9JR14j=Q7ewpCaNmc^1L
zM`oA;9=by`d7K8(Kpr35EX(awchH)F6u$GlERw6Z?&^Fhuc}0i;eDWpYqj@qB=<t`
zT6>vM-S<gc)A$)`SqZ1Q>#dI5qm;G>89!VQ9j@t)Jh-UtRmLs%TrMWfW!Y}b<gH-t
zF%1_LH@}ueU33oDr7^~rMIDS@Ew3<cx7?hK&(oGgbbY^^_FL|?#b~u<vCFaCnT&?7
z8m&^CpP-QjuIY|Exc-k9G&5@q`DIzND<79}E1UJ>tr^DFB|F4Fg`Y$yhSRpZE55Z+
z^yTA_7T({_L4z--EGwzAE^iQ#cbB5yJ#2?~^22T%5E!&eGb`i)8<$mMhgf~t6}jPn
zPPQy7_c13+#PdDNqPbq+USNQka9ONDF_jk>Y_#R4>3pxnCLR;#vLvo2cKSWcRprNZ
z?&S$cw=B(Z{1T|2g^)R3+OjNit;t-^#67cRvCF<zj%m#HcqnIC>{{MscW|TR;X5Xh
zw{lAb%_NR<m@T}A0qx*^skT+i-|bk?w-E=7;IMEoE`~>Ix;d1-IC4t>g3<TkFc&bI
zG-ONWHW<AsA8C3FmL`I{!)O<e7{0{LF>pnfg6pgtLmbD6@ECgdUn7n<2|nfw|GF@&
zIK%%g41vpH#1xW*S#Bz3_~$DQUHmsFjvW3P#j(TRq&RW-1Bz3JzejQA@Q*0YokFxd
zT!+Q~ED@lK{_BcK_YV~_{$DC4-G5e0y8o@1bU&-C-%dcfcTr5b_ft%|mnbG(tYvT=
z7WY^m9FlITm~@}4m~@||nCY)mOu8+_q}x+Wx>LoZ`?-oq_lp&i?xkdVsKe~v;)5g7
z{RYLP`yR!l`w_*Y`vZ!Z-;XOM-CtBpy1%WMbU&e(bpKW{>4u&zv-@`+9Fy*iib?nO
z<&f&cq<as=r28Pnr28nv%zs5O={{aD={`*{={{F6=|0iZW%8H!;DmHLib>c1G)X5R
z-IE$ly024Ax?irCbiYb5%X^n%(tV#|()}*Qr2BMFm(f4wgHzJ|X~m@btBOhY_Z5@w
zpDQNae^gAmpHfV^xAs#}%JT1|m~`)>m~@}#=`#4CJ~$)Y$0#P<STX57NipeOrI>WD
zRZP0CP)xe(ib?l+#pLrE#iWZXR=7^?Cay2^!8z%^Nipeuonq4c7R99dA;qNoeTqr<
zM-`Lq&nqU~-&9Pxf2=q^hK4B{N7ex>B!A;WWg%I?O0y;&PF5Bd;olY!R-EDg7KUI2
z=h!#H$-;sR#tt~>@T(OE4u65-(BU^KjvW44#j(TRtT=J_gNjp!zgKbQ@W&PB4*#6T
z!7)b{*AZ|X()kS{Ko|Xw6f^v<6qD}1C??(iQB1nG@l#bmx_4Dfy7yO1x(`=Ox|ewz
zl5WH2&*C!;Cf%nfCf#Q%X8ac_Cf(0bOuDa9Ou940r2Bb_N%u<>lkQtRj!5^>o-T`f
zy9Sf)w<;#xZ&ysZKd6}Le?l?o{*q$S{T;=m`$@&5`*(^-_dh(2NjLIznY|wzotShl
z_A^;by7yE}x(`-Nx<?c<zd$kRK0z_*Ua6RLuTf08FZDPfUA&J3uEXrQ8ce!F#iV;m
zG3mZuG3kDVV$%I;#mxU36_f7!6_f6FD<<6^_BbWoXOQio4wL_k29xfuDJI=NP)xdi
zp_p|4NipeuS~2Nf<Y%Uo<=t5^>E2f{=|0TkjCAn;HC%_$k7_XKCW=Y7shD)1shD(M
zpqO-DshD&(6qBz1o$yY^@?Wdrr29o4=cM~`vXynmO<Zr*VAB11#iaXg#iaXT#iaZF
zib?m!6qD{RC??(CQcSvkqBwW!#NT=>D@%Z-=HC~Fl>jTnx)-p*2sbVw1TMn$8et_s
z7_PG5I!yl>B0v}Y3l)bBze#cA@YgAh9sU-@iNhaKoI3n{iZh3QRB`SGc1c&34ygHg
z9~vBU_%{`kJgy|+IwbqYM1U^(Un?g0e^pHK|ErkfZ|i5WfaLF{nB*UznB*U!ICtee
z&f}1DbH$|lP+uPDJXM29_iDuqf01I+Z7U|-<BCalu9$RhP)xdCs+e@&=5a*2?@&y-
zkMVR_{I_W^>3)Y|()}UDjQ^90N%xl(lkV>-Cfz?(OuB!sm~{Ws<Ct`B<)^BcbYoAK
z#oa-JN%vlgN%tX&N%vC4Odl#H-6tw0-KQ%i-RCJL-IsZskZz%vbf4tuGW(GRlkTQs
z(*1nJr27WNr293Bncp`lCfyGxCf)B*Ou9efaZ0*BtC)1J@^qQquWK;r{-I*h{Y%B9
z`_GC=_rDdB?q~UVDrNq6QB1n`Q%t&-cq}i5#Z2*7#iV<!r_1E229xfS6_f6>6qD|C
zib=Pnm~?xJNq4H4<$bPV(*0tObJBf_V$ywur_1Qypuwd39>t{l5yhnY1Byxa#}$+A
zFDfS8-&RbzpHQ5;W##WYmUSk?I`bb3!-_NbN6X}rCJ5008(zW6F^4CLR~&w=;vht3
zxCIK=Vel6b0lMgKRvbC}^@?MM->o=t_``}*hreHO=J1ax&K>>*j|0;EEyd*XCyGfI
zx5?o;RQoqXfG)d#Q%t)5r<ina=jX0~bnmX1bRVdgbRVfWck>Wx7_Q?=bN4(QBKgaG
z?2zQIP)za<b7_&<C4Y_v6Tet7$*(FV`MzS3KcSf9Pb((*FH_9A{z{J{(tW35(tWRD
z(mm?wlFoN(FzJ3&F~fgKG3ow_V$%IR#iaXZib?k$6qD|Mc^s4OVLw&Hq<crjq?>rU
zEdJgaOu7xlr2A;aj2|f`-OpA`y3bHdy3bckx-a)QA>B2_q&rqjx=l})#l2dCN%spB
zlkOW8lkV3lX8LbdOu8RbOuFBzm~=nxaZ0*Br<inqLow+-)6-@4f26^r`&Wud_g@r~
z?*Awz-P`zyEM<OoRZP0~S4_GO_c$Zn%M_DtrkHeJ;OR2Er)V(gK3g&AzECmgevV?&
zeU)O;ohfGipQo5~zr^F5bl<9&bl<L+bYJP|GWoY^FzJ4~V$%IV#iaWaib?mE6qD}n
zC??%cD$d<1^7kIgIul`?`Ok%6CBmfF^8{CpIXqR&@Xu8oxbQDl97f0spGd-W82v3o
zfG+wsD2^R|kK)APk0?$Z{sG0A!#}P#clZ}Q4oLU66|?+LC??&%RZO~gRsgQU;D09q
zblKmim~?ONr>cN-@1dA<AEcOcAElUdS3C|$_wkBJ_i2jB=edeW_Y%)1bo5@L!KB+!
zOu7Tbq<c~^>Ap@e>3+H5+|82cA#fd6+E@9|h~(d;nB?E5nB>1pG08ucnMrOgyN_uw
z@lPuz`CnB`^1rW`<o{eT$^WBb*7c`6j!E~{erAeE_fCpQ_dbeAH}!N$=b;)*x{p!J
z@K`bFK1ng@UZt3HuT@OCukbh_-F3yJd%a@PeT`z$eX^&^;=fRXN%u{PN%!j%Gyb<I
zCfyGyCf)B-Ou9enaZ0*Bub6ayQ!(lOv0~DFmZ!_&{#t`c_g@v0?*A$#-P`(kD`on-
zDJI<qC??%Uc$|^$;}nx_u9$S6s+e@I^K_a0)f!B?FH%gpZN;Q}Trug+6*IpZ6qD|k
zdYqH)+Z2=TI~0@dw<#vwmZ!_?zC(ja_lFdd?oTQv-CtHry1%QKbpKRw?pBe1@K~0W
z7?Z|-EetC$mX%j|LMz7{o+)Pd=P3?c_?IXS9e%6gC`R6R7zwV!<ZmYebkV<6apLf|
zD^4B$LB*NFKcP5x_?J8mNcVRXv%F6#Cf&bNOuGM}m~`>T5L}1R{c{omU2zxtsVX4d
zdnzW~2P-DsBZ^5k@HiyhCnzS}D;2Z+YZR02OBIvu!^u{zUmU%z29xekG3lOCOuDaE
zOuAp8m~_9|<A`*>Q8DShUoq)^w_@`7Va23-nWq~$x<8}Ar2A`%N%s#FlkQ(ACf$Eh
zoV!UKPaeW`T<)Ltp)tu{<Y%Us<nOGQ<nODP<R7M(<TGY2xx4I-YA|u4nB<#^N&cCN
zN&W?jS=X=hI3e8)#iTn?OuDaCOuApBm~@}w>5|TyHJEh2UNOVpt(bH_teAAaUoq+a
zn8zvU{(@rC{Vm0$`zMM?_iq%F?z25z7XNP=OuGN4m~?OF=dG0S@2;41AE=mgAL(&M
zy6&MMbd`*BFV}F=y+SeRK1VU>zR=TUaWB?j(p^<dx_!l@dqOeOpH@t|U*>U6x?ic7
zbl<6%bl<C(biY$E>3)u<%j`d@!KC|Bib?lZ6qD}nDJI=NQ=Ge1<R3kjWhKF~@~MSk
zCBd?C+!I(i=I~rG!*5U=xbQDk96J0q#gW7BP#h;H>u!o&@V70X!{4Deb@+!AXAb|Q
z;@sh1_BbHj-&IVyf2x>t|6Vca{-<Kny_KJf0@8hehP&eKpuvg5_fkx{4^d3ImntUR
z(BqJFpQxC0pRSm6pQo5~U#6IJ3&o`S2v3*MM;c7Jn~F*I^A(fs8x)i7*LWO}?l&nW
z-47@x-S1J%@_$4z>He%@(tVt#%iv$vVAB0V#iaX}ib?mM6_f6NdmNMQXZg7(Cf&Oz
zCf)lfCf!RElh0!nlWy+m#;);G4JO?uD<<7%DJI?P6z6UYx~<R7<<|0{3CZ^qll)XM
z$$ze5lK*1GB>xu0B>z+`%@y|z8cg!<QB3k5QB3kbpqO?2;~uA^`-_T6_qP?3?k5zJ
z?%ygV-G5h1x>tL;q;sPNlkV;Pyp=Ni9*Rl#L5fNDQ66Wc>z?_MB4k-{)$w=@C*7wh
zCf(;MCf%1PCfyf#x-7n<!K6D-Ou8o(GydxolkS&$oRjWXDJI=_DJI?bDJI?TQcSuZ
zQ%t&TPnX60v<8#zuPP?p-&ah!f37%ptH?ijEXzuYW#!Wg!%B)}rSA(|Ip**Q#SA~K
zIB?-#rZ{x?D-}l$zf*DS@Ou>}DayXPVi)|K3+V7i6=x3rl;YgsU-38~-QQD8x__pa
zbpJsy>He2u(mm{Frhs(ssF-vgsPSF#_txOl;f7+;eY9fIjXVxX_p=p~?lTmV?(-Fs
z?#mUE?wVrK9V;f?M|!$U{%Q>--7io~x^GlWx?k&YM7rOsm~=m=m~_8aG0Xe7V$%IN
z#iaWiib?mFr_1Pnq`{>7SBgpZUlfz>|9Bje?rr>B6qD{<6_f7$6_f766|?-y6q9bI
zm~=1qbQ$~<4JO@ZD<<6+Dkj~}@i-yfS1BglnPSrYJjJB@C5lP+t%}L#?TShF3Qsq2
zef3*4m~_8gG3oxG;@mBuxAVze>YwnTDarqmVv_$I#U%ep#U%fCib?)I6qEcRKQW~w
z{~Rsd6@Re?ll(mull+4fv#yVLoRO}39!av4WyR(91Pv$MD;1OOHHu01rHV<ntC)0O
z?CFxuP=iVLlwyXzUNPx@g~vJRezjuK{YJ&4`+miw``wC3_lFge?$0PD-BnMQ#s8WH
zlkOiVCf&bKoV!)zpFNgkCBw4v-wVS^hGk{o3s^bk@JYoCf1TpMg@3u?(BZFA969_h
z#j(ThQ=B;bU5e8TT<)RR1%GS-9sX&>xx>HeaX`Aiub6cITruhXqhiwilw#7owV#;+
z(!G;n(!Gyj(tVJocXS@A!I{I4QB1nA$06xHNipeOrI>WDRZP0CP)xe(ib?l+#iaWh
z#iaWvPnX$!p$3!gn-r7o*LfU~?zbo=-47`y-S1P({C`w2>HfT8()~@vr2EH;Nq5E5
zW%9q)VAB0p#iaYc9>=76TR&CBq<c5Tr27EHr27cPEbnoONjFzax=&S1x{vpC8U1Pv
zCfye)Cf&Bj3F#hJOuBQ$q<e#6(*07!r296-EdL#fN%z|nlkU?zT?T)L29xd&DJI>Y
z^f)EmUsg=IzpI#Z|5P#Q{=H(-{ZGZDdn-Q`rQ~x5#iaXOPd9Z#>s}g6x(`vDyXF7(
zKDvv2sSnLa-aT$4F=SbB;ZM|Xl7G5ll7F6Jl7E?Ek}njK{75m$zeL%%;x;vy<Ue0A
z>-r5I=cM~Jib?mI6qD`;6qD}vC??$>QB1l&tC)0uT`}o)JYCZHLk%X~zf_#NRpehh
zmSrW!vhqI*!%B{2W#}_pIp**w#SDMF;=qM}h2qfRuT~s6{EdoZhu^O_arnCxrw;$H
z;w%TZdn$IpKeK=i|C+}E>HdLY()|m?r29{bN%zx=N%tZ@GX<o3XT_v@U&W;RFvX<%
zV9n3bJF3CC!->Zs={6OU?lTpW?h6!??kg3O?uKI0ohT;V*D5C6FH%gpM?76-|7Hy)
z-LLmJBHec@CfyG!Cf)B>%=~^#G3ow-V$%IB#iaWuib?lx6q9b?=`y>2(_qs5KaXS5
zy`7)9V$!|4V$yw}V$yx2V&;ELG3j2em~^jDOuEleOuA3-bea6c8ce#Y9w(&RS4_Gm
z6qD|0#iaXXib?k?6|=l|Dkk0cDkk0UR7|>8db*7MQ4J>DpYk{*-Ct2my1%EGbpK2-
z>HdRa()};Rq<h#;MJda_qhiv%w_?)0#?xhRLxV~8(H>`{>mDeQB(jjWq4?PvPP)%f
zOuElkOu8>uOuB1|Nq4N6d|s`XbYJS}X0G@z(BRzdRxb9zF7%B)G$;A5RZQ~VteE6K
zsF>uxS24+dTrtW2oMMvy4aFq?M~X?ltLz-TztZ45$C&dTvC1H|0beEFU+gyJ9KIZ@
za(1YJLlcLJYsxu%C7$aruvHzx%iGC!MH#@&(pS<p#AKEMJ6zKp7YC$u1<Jo2xZf2i
znmANkQ_kTl<vabbRUN`T=Y1#x>-RP;D5F|GK2B3kD*Se<V`&+;LB<m5^F;pe9?R+O
z$~Y`B#Wme=aX>!UD&qF0&$B7#@E*(QIhTRDy6d5f?&|YI{_q~l>F&xX6CiEX!MtB(
zI3ki?vs!?hql`O>zv1$Wly_4w{9bkJR0eds=+H&}o~_G&zstCjlyOVYfxdf#JfGp~
zAN2(9v7GLzUwx+AW534vPC8J=EuqaZK5ob^@}EiEB;#WjW3VAKT-o^VT~kiregA97
zIb72n7YBsnO3|-V2x*qyrxm!XzANz#i#N+an_nvnh|jZG#`9R<IhRqLcaiU2%8=;J
zHOv40AM&}6_y@~pA)aefFuccdx?Aq9f{?cAkPqtT9#>rCKTg{d_ok$+a9LVLwSFYY
zIhBEpLKB%(+<xm=R>pqnI4t~|6%9CrjtiuW2KY2_sJNz_!&loJ=de|sZ;vzV+ZssI
z#G&Gvat^=SGR`ocHzccbDg*7YAA6BQhrwh!7wA0Lf7aW4r!{=P#>e?61MQ7+nmDPr
zU5<}k&+R*v@uI`~vi2?2v0v?h>RF}(Wn8xp*8^uN;|$kl4Ww`4P;pH;hu8V)+{SrB
zvO1?ScF`WYE29+D1fhz9dB4hV9bEEjR`SQ`&8-Y@Ue<Saab43u`X&w)*OYU3?N@TX
zQyFI%=M71IPG#&@n}f$P9lIFk4Ww`4P;pH;hu=+I?V}D?9LlXa-*@GjW2bvP4Wwz}
zP;pH;hp*_^v5bA0ugc<3Zq=dSUF=I5NYlij;+k>}f1&8u#Wi3<=w2u~PFq}1m%F%D
zYglQUVuY`>$7zAv^dfv0<HJqcO=M7UO*x0xGENH+*L26l!Ry$UYx2{~x4FpPot-Zo
zsH-!K^WD`|S!p+^j`LB*VK&4~s-x^uRvG?YQYqE-J;d`^P8;I4^~q*wTf~E9dpv}@
z57c)4JfdNxZHf_ow`J_ldft!{Z5{hI&db_tx{?-$UDnm^#>W}TI740SvW$i!-&{y=
zXVBs6su~14{9*C;F3*9RrN=oP&zc^V|Esuqj$ouXBL4ojyOs8rreOHp<Xex&B(PN-
z^6|QSo=vgAd+g6(tGcED_(i<)QO0R0k>$FR@&FE47k9o7M5fI$jsFJ>ztC}7kX;7q
zYUlevyDj5<)YbVY<20(u)t@^l52yvy)y|(!?6$5>yIh;@xH$MS_NP7E^kC{Z^S*Jn
zI+mBQe`9dxGWMrEb}qxW2Wkav2G1IjlkyC<s%ut2^&DoTJ&cnbKfl>+8{n?K-Cxnp
z{$91soh+J&S8>fH=P)bxhF89~I%$@9$Ukv>ilgby7YCGq{m4b<p?-GWub+DxoOv9u
z5}FJ7?hF{74CKTie*~uUb>-U`)@JD!Y4@j$GwerPW1{S;YYKp0aA^p#b@;k+5y}J7
zdH;~|96`;}`+R}nn(nwb0K@xuhfWI+*L26l0pS=gr{%=QZ3>33Vu9PzA`ZNdw^JF=
zxG!ZKmW;$T-EnaMhcn&Z@M-*ipBflmb?i`vZz~^nYg%BqraLYU!0<kuKY^|45Wa6^
zoMz5V{?jAMIMW`>r}6)NVqkdHaaw@5raLYUUWZ>p5YjBYPYVp!bjQU37~aP_bXb76
zraLYU2)|ji`Dt=*@}C}kUG21{`!xQ)PYevNb@e&{;+pQbIQTO5r9H~btupqlJ$5K#
z-^RxdWt?fR=(YR*he`(wuk8UKuIY}8gKv+W?)myO{=ZKR48PklcDkp9eBheyxHtgA
zYZ(mz;+pQbI3WDd;tz}Wahq}uU&R8qr9~WgAMa2@fVieRE)EDs8TjwxHsu_?iUn><
zi#YH;p8K$(w8=kp2)~O%O^w?W4DZw89Iok(ivuvck5_K*w#7p@o=e5E&OUBa&f%+A
z;I_1g1MlNu-vifl$Hf8R_|E0NlyR8(Hu+DFC}ZEo`3`05+c+;P&C;=7Wt=W+$0}pL
z>T0Jl&W8?^u^)5EXIe+~`cNdfG1Qd*er(|!uIY}812DXgcUsQjn(nwbAbh{pkJDwg
z&GNthhcbMddz*j$61Z7<&sE^Au2Xz`q^~-!37_`z>h-261DbX!<8Vo;S^oF`fZ;v=
za(Xn|=1gT&^+}fMnsNs3%i!G;+Qh8R*A@CeHLs>%pSEh(gmQv7@IGEc&f%KwxHupj
z?X3|PLAAI|v7Z)ySUlW~rEBusy{ru9@V-nRcdH#qaV-kFcTG8g_i0(Tv{mgs95$?7
zzV5d0aqzT6@%E2b&QXZBH!J6-E9W1toF5V)8ozRWx^n*U$~hKIjbAxGT{-`F<-8@_
znx&UwopTjb+M4oT?Kj?N*7c1~a>=&mBSa9=EWPF<<-;{gul5^nbX9NIT?t$5KHXNk
z6zhV{zx^SH;I@~0!xFobWyH7bWwmXKzs$~_Zt+>hbD7=dvo!y*VYb%8Ql88D!!rAl
z{LAjSt$y}yUsew{ENRDO@o#hrw${UPK6XCb)1P}gGWYHIP}O$(GM>xE-7@==T&-=-
ze`$XxCzP%AwqNzIwBME!-_~+(>iEm*ZJ8bOJF0Xm&t>&oM&B0y#wGQ9Q|mp*AFYRV
z`XTOrQ;zVyy$|eC8RC}B53IHA{eM}#RmTN$X4<`;Hzk2@qv{^f%E#Nz^?yq;z&>-e
zKQCsZ(QKnN9d(WuGw|>pFAf<Nvwm-Qyw#p}dov>rK9ieu#zqLPG6vIi_nIc3;~m5{
z8Og8NZ!ZiN1gpJaw{S1u@CndV-CoUve8)vS8uFd>#vLPHTuiL?kGIx(efPdwpEK;8
zjmb7UN|c;@H2jCg-uTp#%==P1TQk3}r0_M@84ZU;XEvG`>CxKb$*5CIr_}=Sh28dS
zFg;-jg4RxZ++OYVd$Y};n(nX!t+}_udn>39*Q{(%-{bbyCWm!<+aMPyvNfL;lVOc1
zZr`l+)<)ZE0IjsOR$v>By4#wetbv*oG{frHy-Lz+L9KL)j?}ABlc<&6q}w)vkZ!y&
zveQ-j_;9U1S~oI){7H9egrL-EXJ&POBs$f#LLlvU;ohd~rB(Zj@RW+16;^+#vh7Vf
z)1JWzPiXnRCnK}lYg?LduXR4`NvEDoiuS<B=gyAiWLWfD((EUCom#t9nM_9WnKh*G
z{rT~DJhDa(-sIgYib8(Aa3zk6;z6)CT<Z;ctL<U8RSdi1(WEv#;a08}I_VCUHN8Zc
zj4Xj@hv|m<O&;G4XtaLc8ZOmZofa}B&Mj5tKq<$j&lUg6Q5zUz2tnPBIfuGlJ@1?_
z>IWkaBX!%zL(RID?XFMEh6Tyv9jiw0hCg4U$49HLl4+|oFHRIgYs8^-PdEnlgn`jN
z-JH&fS`Akl?bO=DVu6e&rzYlX&I%qH^-;~ZJDgaIt8KVm42wz6YUy(F9WR}H+oyuq
zAb_{<`pU!5oK4!pDf+At7Zp8PosRm23>=@RH%``08j+#dF4A?6Y1gU_*T}`Dksa=g
zNs+zU+}f}Rt@S3w$#!4H|F*4xn^WEDVFaS=aWPqIxvo<k1qc}w1DWt=(zmK17>u%8
zsG2YVT`x=VWM)l;$Z9rUCVg(syx8!x$78AWw(JPDtGbtj`_|}8HpjD(5y^GW_Q{?#
zwWC4WQ^~m3p7loVcUin51a;cIH6up|^~G){g{#xbL^$5EbhufpKE~W4zHQ{8!rFan
zEpXkaGq42RuR?9Dx7zBDM#tw?L~N&~MQ1*dJ&Bi$|0s1ju*MlSD@aw&Gwz2^d`g#_
zQ_!mI{T?ClQCqSq%vvYflh#CfK&>BfL((r=v(0gB!9ufjC%sm;z*1IEgoy!ro7To?
zP_$&jHp7&+H3u}rB9`n*>zRPFl{v;+G3(SLyY11mZbP$SdsMe#izw6R+Lp*L&j#bI
zW)ya+JE&&?>5h1Jbw2IZ!`z%Wl3`S~om)<}Nk<Pk)m?9O+MSIp{E)c|8p&e4Ue6rK
zHfFLta?@a~oe;FB%vunda4>pxuitOivqQ^cRbdOAk{0s)1^+R)x!$xolhN>1qt$x2
zBZKyx$mLEw2uay=$E9C&d(-3f@cT>nscC0Y6vJuz1o}zQmkF*_oGP}oD>^}ET{cAH
zdJbq8xw@$v(cqmz7KoY-MD5E^s~OSUZqlxsk%OznT4XGRgJLQhqK&p(Pg$*o?VD?v
zPQQn~&MSd>=9uG;%baWu8MH;MN@@%cTDFDJ=P=FI(w5a(%L2XN6gHkBpcWu@cLk62
zcCA=jD_XU@WH;M&;~4Xc?;m)(2;-t_w5FRwX}8g~Xi&^(QmHK&N7X!#7x46$&lUgi
zc@3<cniZ3>{4#VkB1XKJYBn@AY?iT}x{MjrVlvBmMB1!)p^-K+Y_VZW3|ng0GQ*bF
zY_4VudO^JsoQ%Mb7FcNwX@MavFr)>Bw7`%S7}5emnn5Krq=kmG(2y2d`5DqeLt1D^
z3k_+ZAuTkd8O271w8)Sa8PXy{T4a@BNQ(?<ks&QIq(z1_qlnm$78}xHLt1P|iw$Y9
zRjwf|Hl)RdwAhelWS1Dy5<^;INJ|W9i6Jd9q$L&?Lt0`;OAKj7($tWa8q!ijT53p3
z4QZ(%Ej6U27C%E;YDhDpWrnoOkd_(JGDBKsNXraqnISDRq-7RoLt5SBCi>ivmK)M?
zLt1V~%MEF{AuTtg<%YD}ke1hVxIMs1b;0+Gd(Ft@`B=?XMqIIsLCwf*Ma{$v>uG7L
zC#5Yk(nf|YHf)JuOAT9Q*z)bRpk4{w7Z}kDX@MavFr)>Bw7`%S7}5emT3|>E3~8Yu
z&7c<=(n3R8Xr(ozg@&}ykQN%!LPJ_;NQ(?<29?N=78%kaLt13zXGn_-X^|l<GNeU@
zwAhel6dN1TVnbSNNQ(_=u~mj4EjFaZhP2p_mKf5EA`(MdVn|C2X^9~%F{C9{xrVgF
zkd_$IQbU@NU1~^64QZ(%Ej6U2hP2d>mRej4X{jMCGo%?wGecTtNXraqnISDRq-BP*
z%#fB@{0wQiA<c?rNXrdrxgjk#q~(UR+>n+V(sDyuUgzvr{MrYZes!-I%WXi-Rz?hJ
z#&UVD*|-a+naUO4u!V*#GHkJ7OAK3T*fPVG*KBTgRI@n7!7;<OQnPViP%|;9QBQ#(
zHZa5nhS<Om8yI2(Lu^nN>-dF+w9t@dP!0`gp%u@N78=q*Lt1D^3k_+ZAuTebMTRtk
zUSvp%3~7;-){qt%(jr4zWJrq)X|W+KHl!I;VnbSNNQ(_=v6Y`8EjFaZhP2p_mKf3!
zLz+=+Vn|C2X^9~%F{C9{8HTjPkd_$IQbSs5NHdB^4QZ(%Ej6U2hP2d>mRjW+(o#d3
zJRVWKrgT$FW=J!#%M59mAuThcWrnoOkd_(JGK-5LEjOg)hBPawAuTtg<%YD}kd_<L
zazk2fNXzT|{2m~zHk;oASjM1cbPc?6%&@H(wt8Cb3yf%?VT%k~Y}gXRmKwIqu;trr
zfgvq0qy>hwx{130Lt0=+3k+$2AuTYZ1%|YsF3oLkwu=o7v7sS0tSfWvXb1}}n;|wd
z#D<30&=4CMV#B&vSMiY{Ei$A<hBSk6WJrswc!spdkQN!zB12kaNQ(_=u^}xsq#5*L
zLt1P|i><VVwAhdq8`5G!T4G2`3~7lW&7hJP(h@^jVn|D@{0wP{AuTbarG~WBkd_+K
zjABzmT53p34QZ(%Ew#!pq@{+m%#fBD(lSGuQAB1)%M59mAuThcWrnoOD%X&f8`5$^
zT5d?QvNNRRhP2#}mK)M?Lt1V~%j;bH9w4&z05xN|+#9wP!xk8}ux8^Hpk`tbkztDs
zTVmK!!<HGge7h|;X4njAfgvq0q*>7nX@MavFr)>Bw7`%S7}7#RT4+cM4bGt<t!{Fy
z78=q*Lt1D^3k_+ZAuX&+b32*sZ5A0~BSUOth>hyXTo*NjMV8GF8yR9FLu_P-jp|}u
zCC7%e*pL<*(qcoJK{+<0#a28+T5L#*4Qa6<Eit4ehP1?xmKf3udWj(|F{C9{T0>f5
zNJ|W9sUa;jq@{+m)R1OSNeyYKAuTnerB;51wA7H68PYOCT4qSg3~5HOnISDRq-BP*
z%#fB@Wf;<OLt1V~%MEF{A<Zhnkd_<Lazk2fNXrdrdA(e}+{e~(Uo)1=y<uB1Y=L15
z4O>*RaSKp0vDnzKC5A0EY?)!px7&hahRu)`7}5emT3|@Ck{Z$iLt0=+3k+$2AuTkd
zg@&}y;1?RwLPMGr&5#xv(n3R8Xh;hUX^|l<GNeU@w8-Eb8Pe(|*C8WAT4YFz3~7-e
zEvid%JDKg>F*d};hS=B;8yjNdx-vKV3}LZlGsMP**w_#o*TuRDO$=#?AuTbaC5E)b
zkY-R$3~7lK&ybcF(h@^jYDh~BX{jMCHKe76G=pAhNJ|ZAsg>4{mKxGBLt17?%M59m
zAuThc8B{VuT4qSg3~8B_pCK(bq~(UR+>n+V(sDzZRjeT`H>Bl;wA_%E*URwBePS*5
zHDkHl8@3h078thButkO~uGzQ+sF_G5F>I+}%M4q--4+}(Y=*SJkQNxy0z+D0NVBpt
zqy>hwz>pRg(n3R8Xh;hUE}<bUG^B-wG%KkgEi|NshP2R-78%kaLt11=iwu5|AuTeb
zS<wt>ks&QIq(z3b*pL<*(qcneY)Fd@&aok_ZgOKSHl)RdwAhdq*QL3g%=VF%7-ADc
zY+{H_46%tJHmNIf6N@1%v22Fe#1Na*#k$H%4QZ(%Ej6U2hP2d>mKxFw%BdkOwc;7l
zQbSs1NXraqnISDRq-BP*%#dc#%M59mAuY4g8q#t@T5d?o4QaU{EjOg)hBS+cAuTtg
z<%YDpo}XXtQ){`e8O!C~u&o%jz_5jeEi!DeVM}T@ZUJg0(n}3nX4vxWw&0jyGo%HE
zw7`%S7}5emT3|@CiZG-FhP1$t78=q*Lt1E*8yeC=Lt1D^3k_*jc80XjkQN%!B12ka
zNQ(?<k-;T0q(z3b$dG0wHKav`w8)Sa8`5G!T5L#*4Qa8#FE*sbhBPahAuTqf#fG%R
zkd_$I5<^;INJ|W9iNQHBq}5Gs8c7Uki6JeiOLIG!?UP7qh)oT#sUbEs#HNPW)DWB2
zmAN_75SCgtLu^_X>nbWUq-BP*%#fBD(lSF@W=P8nX$IxYkd|5T3~9L`EjOg)hP2#}
zmK)M?Lt1V~v*;Ppazk2PPwSWa%v$bi#&WqgY%7K>Fl?b=iws+A*b>8*)@<AY)J&wD
z8Mb`8EjVV_3~7NOEij}7hP1$t78ue3Lz-2rAuTYZg@&}ykQN$cgod=xkQN%!LPJ_;
zNVAGCq=kmG$dDEp(jr4zWRx2j(jr4zWJrq)X;yZIw8)Sa8`5G!T5L#*4Qa8#B{rnR
zhP2p_W+gSG#fG%Rkd_$I5<^;INJ|W9iNP;1q$P$lE1DrKF{Gu2wA7H68q!ijT53p3
z4QZ*tIW?r!O>Txv4QXjzn%l{2pC2<rY-Whf46&IZHZ#O#hS<yyo7I)M<-ib@S+=@Z
zS1Gw6EjOg)hP2#}mK)M?Lt1V~%MEE3WkXtCkLQ>B+*<By#&WqgY%7K>Fl?b=iws+A
z*b>8*8n&!v;})Q1qKtgIEjVV_3~7NOEij}7hP1$t78ue3Lt0=+v#1!-LPJ_;NDGbp
zLPJ_;NDB>Vp&>0aq=kkwt5`!?WJrq)X^|l<GRlYyX^|l<GNeU@w8)TV6=6t=4Qa6<
zEjFaZhP2oyH#VfjhP2p_78}y6><np%AuTbaC5E)bkd_$I5`#-(NJ|W9i6PBOYDh~B
zX{jMCHKe76wA7H68q!jOUusB84QW<1Lt17?%M59mAuThcWrnoOkd_(JGJ|twNUNLN
z<e$~0xt+}RsXsTw=7!kZ5Strfb3<%yh|LYLxgj>MD|0JdT^M&Qb(_3z@6elXeC?+$
zx%iUC74mjlyq0~lF>cS~b=$*f<A}V}^U{kEcuia0oh&csolGwmv~pRaI~ufm!v@|7
zDu&>)2Hp}XmSW;kF{ev?cqj=pd#1T~Cx;@RU#!pj?MVY~xU5hD+%HZp>s`?CR6*<7
z&B5xZ-|IB+GXND{{<Zh#mm3%zxo&vrP+F(kxTZHQrjNVwsw<ycA*QdR|4cIDYka2_
zTClj6tDa9<sII5<rQ`-*Z`#27Wh<oo4<npUP8YiY_S6j-VI3J@OPKkeW;p-MuEhAm
zAZg9;2JaqT<g8V;Pm{y2IN9KPkNu1hUFHp)zPv&DNHG=VjhBtaD8Ai)MI*k<%?#-H
zjU%1Lbharp<>meI-sT40dAf<3k|f=cH1ez=?|vW78V?UHmw8CS2cr}6qH#&<hBmsz
zle+_%&&sK<u{Pqw<KFzcOOeyje9|dAZ9lCbZ@hlq&zKwuzM!d{cbV0mC)qM{mfes#
zoV6$G#mtxOIZ3_j(m8t9&gDl7CbPz%EpLmRy1JPbvuR_r=Eb@;Dy9wjWrBvh2zbz&
zPNkVB?gbk?NrO%_-5AaL-NtCx-)wBidxLAKx1?=I3BJI`Hf9^erqpAnJ!I-hu~tlq
z;i9%H1Rf_%SK)A(wD2y)N>fQ8S8rEY<}Sf5#*_Q~%5nzHPF^LJMjMWXk6o;M)o7O?
zHy7_Yh~wVEUCU<?;fkFCL8ff>l0YS4d)CH}9xRP;t^2WyrNP$?$CKU(X}Wb;T<V21
zjufXl{khDZ6TJKVXrp{#`%&rH_z{&$$>N-=zS5GYFf`CLiw@S9jT(c|Tt+rpVLs$J
zJDYo5`gBnl)npjn^J#CmUaHz5n!M#&-d!&-T?xBOQ)XSQ+&z|X4oTf_6YR0Lvq)36
z_n9k@m9Ztdn?y#^xbAlWrZT|WGTcYq-rA;2;_X>+rgqy+e)5YFcwhFJGMvh9skjEl
zNb0T2>as)aQO&ikb2VPrxayjxx^Z0HAzq<7UB7?!q2+&c;@a-^2zsnruP`OZ4qz->
zajArEL*5E0Z*Ex$x8&d<a;k4gk5u=eJ{tccvb9%~eSU3^SWo4K+#=bv>?(~Tm=1LR
zR!f3%wr#Sckm}~DmcSKZZh$0Jb>mY{wYRzD+HoPjLeZ}*4On8ZM7iRxo60r<`vy18
zPs-0W6ms=~nFjp<u^6w^zc4(j*wjp(IvNaQbL5xpZQCVRI9J7O7gV(+UusY;spLiU
zxEdSvWPWpVTDh*v)l_X=cVuLB91Udq(&O)7UEa82(Tk2qH<EW79b36nWuP|JdeXy|
zlD(;Tinb@uXL9*ClZ&YHUixlp37vR%G#e*-vyH}DQFK>j<*W3so3H|}*p$7iRNwX;
zx$Dfk>0Cw+63NfU2$0pWka^HI4t|cT(Uq;lIp%#0f7q?j#!kB@TXi@0`<?K)WWLM&
zoh#xQ?x!lst)*C;ak|l4n+=Z)=YyktVRqSNm+?Bw*|GbStNrP$A>oZ#Pku@Q>0H9z
zn*2iFn(T$flcTfAylAcB>hkEC%o*i5Ga5uvo3cU1rHI@5&SY1-SmRpwJukVTP_$Yu
z+wOcY*d#}6ae6~p$YhTro2-+Fby-7pFEVzep`^`<$wank!`V?;iyhZaUw%?h>Q#2g
zLVYU5V&lAu8#VYrLHRY8t_*_-Zuj&zOA>pjLfL(fNBxuS$?%BO#k9R%-jH!Dge5|-
zpq7EGti2Z?y3G8CP%Im`GW)X-AU}5Hes}B$ek%l5fwF5AQN2?~8x#2rD*5pjsmwut
zD!=rx)}Hrgefi<0J}ok*uS@io4LVc#9g$hFKAQB3=_|N+?^2`8Ez%Sq;eJ}@)a*$4
z|0v3o?FcTiPsk4k9W{&DQz_E&?q^w!aHc(qpJ<uS+N*xQv8T*Hd37}EA8~b7R*wAc
zko;z*-@Rag`3$=~OOke+9(fK2s{Ej$+;nt9#x*X^j$sUTjy&hFvVOXaz}|Kqs5La|
zwjvfSEu~CdDH2Ia;gTXPCYukr$aUjZhAu8e+y#itL-?__#%LlxXT!*nygxcwOfd^E
zkB#2C4E|ZkSf;C8I_;dU*GpzcuV&Q{H`e6W1536QvWu}$*4L4%&$7CnA{yoHDu!GG
z{j9v<z#X?}bQ?5?^U8Lqi=(c3buSBdX9E+}YB4)0zhxxzr@MnAlUuKY`wh6{>yO%9
z3>Vpl!HSENIqqffo(MSXT)wN$D`mQBcimM6789QbE_4PmA3G(x%todx=?d~Eo71(n
z{8H*s^iF?YOzy1cVlgSMpUb64!!1cHqQPGlYOKwN9o$Hh&LZ7P2t|#Pa{s;|>lifi
zMi08(noQ?daT;<Dr;WW6=r)dAa_Qx}(tVYDLLhqA=CipFS#b8Zf>xattzy;-_f1kW
z<G$1n=bDMsIqm?;)Uu0uI)`GF<F;~lRq}Jo`;)%6Y)ExV{jKko`4#w#MTWi9%Ua{4
z-ZDd@qaw>GS6W7X>d*B`H~BW&GJoifes$Bu)m|)pPclPtx#>BX^yHomQ<eAQq!F;2
z*e%7UosykfXV$<%P{<A8hWy$oZUxE~1KS|k5J<<8MY-W_{0(JaESL8q8DnzW_2g)B
sTs9xFPgz8j=H?W(b;E+lxO=yo7Jorm9h|=1#&WlMeA04!S6l4=0nD5iR{#J2

literal 0
HcmV?d00001

diff --git a/sec-policy/selinux-feffe-policies/files/feffe.te b/sec-policy/selinux-feffe-policies/files/feffe.te
index 9824836..dd29aec 100644
--- a/sec-policy/selinux-feffe-policies/files/feffe.te
+++ b/sec-policy/selinux-feffe-policies/files/feffe.te
@@ -1,5 +1,23 @@
 policy_module(feffe, 1.0)
 
+
+gen_require(`
+  attribute file_type;
+
+  type devicekit_disk_t;
+  type etc_t;
+
+  type mozilla_t;
+  type xdg_cache_t;
+  type fs_t;
+')
+
+dontaudit user_t file_type:file watch;
+dontaudit user_t file_type:dir watch;
+dontaudit devicekit_disk_t etc_t:dir watch;
+dontaudit mozilla_t xdg_cache_t:file { read write };
+dontaudit mozilla_t fs_t:filesystem quotaget;
+
 gen_tunable(feffe_cron_sync_to_home, false)
 tunable_policy(`feffe_cron_sync_to_home',`
   gen_require(`
@@ -45,6 +63,9 @@ tunable_policy(`feffe_use_xdm',`
 gen_tunable(feffe_xscreensaver_read_home, false)
 tunable_policy(`feffe_xscreensaver_read_home',`
   gen_require(`
+    attribute user_home_content_type;
+    attribute non_security_file_type;
+
     type user_t;
     type xscreensaver_helper_t;
     type xscreensaver_t;
@@ -54,11 +75,6 @@ tunable_policy(`feffe_xscreensaver_read_home',`
     type bin_t;
     type xscreensaver_helper_exec_t;
     type fs_t;
-
-    type usr_t;
-    type var_t;
-    type xdg_data_t;
-    type xauth_home_t;
     type xserver_t;
   ')
   dev_rw_dri(xscreensaver_helper_t)
@@ -76,22 +92,16 @@ tunable_policy(`feffe_xscreensaver_read_home',`
   search_dirs_pattern(xscreensaver_helper_t, bin_t, bin_t)
   exec_files_pattern(xscreensaver_helper_t, xscreensaver_helper_exec_t, xscreensaver_helper_exec_t)
   exec_files_pattern(xscreensaver_helper_t, bin_t, bin_t)
+  allow xscreensaver_helper_t self:unix_stream_socket { create getattr connect write read shutdown };
+  read_files_pattern(xscreensaver_helper_t, user_home_content_type, user_home_content_type)
 
   allow xscreensaver_t fs_t:filesystem getattr;
   xdg_manage_cache(xscreensaver_helper_t)
 
-  allow xscreensaver_helper_t self:unix_stream_socket create_stream_socket_perms;
-  allow xscreensaver_helper_t xserver_t:fd use;
-  allow xscreensaver_t self:process execmem;
-
-  read_files_pattern(xscreensaver_helper_t, xauth_home_t, xauth_home_t)
-
-  dontaudit xscreensaver_helper_t usr_t:file map;
-  dontaudit xscreensaver_helper_t usr_t:dir search;
-  dontaudit xscreensaver_helper_t var_t:dir search;
-  dontaudit xscreensaver_helper_t xdg_data_t:dir search;
-  dontaudit xscreensaver_helper_t self:process setsched;
-  dontaudit xscreensaver_t xdg_config_t:dir search;
-  dontaudit xscreensaver_t xdg_data_t:dir search;
+  dontaudit xscreensaver_helper_t non_security_file_type:file map;
+  dontaudit xscreensaver_helper_t non_security_file_type:dir search;
+  dontaudit xscreensaver_helper_t xserver_t:fd use;
+  dontaudit xscreensaver_t self:process execmem;
+  dontaudit xscreensaver_t user_home_content_type:dir search;
 ')
 
diff --git a/sec-policy/selinux-feffe-policies/files/tmp/all_interfaces.conf b/sec-policy/selinux-feffe-policies/files/tmp/all_interfaces.conf
new file mode 100644
index 0000000..bb92e66
--- /dev/null
+++ b/sec-policy/selinux-feffe-policies/files/tmp/all_interfaces.conf
@@ -0,0 +1,285730 @@
+divert(-1)
+#
+# Directory patterns (dir)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. directory type
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Regular file patterns (file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Symbolic link patterns (lnk_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# (Un)named Pipes/FIFO patterns (fifo_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# (Un)named sockets patterns (sock_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Block device node patterns (blk_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Character device node patterns (chr_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# File type_transition patterns
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. new object type
+# 4. object class(es)
+# [optional] 5. filename (c style strcmp ready)
+#
+
+# do not grant $2:dir remove_name
+
+
+
+
+#
+# Admin pattern for file_type
+#
+# Parameters:
+# 1. domain type
+# 2. source object type
+#
+
+#
+# unix domain socket patterns
+#
+# Parameters:
+# 1. source domain type
+# 2. container (directory) type
+# 3. socket type
+# 4. target domain type
+#
+
+
+
+########################################
+#
+# Support macros for sets of object classes and permissions
+#
+# This file should only have object class and permission set macros - they
+# can only reference object classes and/or permissions.
+
+
+########################################
+#
+# Macros for sets of classes
+#
+
+#
+# All directory and file classes
+#
+
+
+#
+# All non-directory file classes.
+#
+
+
+#
+# Non-device file classes.
+#
+
+
+#
+# Device file classes.
+#
+
+
+#
+# All socket classes.
+#
+
+
+#
+# Datagram socket classes.
+#
+
+
+#
+# Stream socket classes.
+#
+
+
+#
+# Unprivileged socket classes (exclude rawip, netlink, packet).
+#
+
+
+
+########################################
+#
+# Macros for sets of permissions
+#
+
+#
+# Permissions to mount and unmount file systems.
+#
+
+
+#
+# Permissions for using sockets.
+#
+
+
+#
+# Permissions for creating and using sockets.
+#
+
+
+#
+# Permissions for using stream sockets.
+#
+
+
+#
+# Permissions for creating and using stream sockets.
+#
+
+
+#
+# Permissions for creating and using sockets.
+#
+
+
+#
+# Permissions for creating and using sockets.
+#
+
+
+#
+# Permissions for creating and using netlink sockets.
+#
+
+
+#
+# Permissions for using netlink sockets for operations that modify state.
+#
+
+
+#
+# Permissions for using netlink sockets for operations that observe state.
+#
+
+
+#
+# Permissions for sending all signals.
+#
+
+
+#
+# Permissions for using System V IPC
+#
+
+
+
+
+
+
+
+
+
+
+#
+# Directory (dir)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Regular file (file)
+#
+
+
+
+
+# deprecated 20171213
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Symbolic link (lnk_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# (Un)named Pipes/FIFOs (fifo_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# (Un)named Sockets (sock_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Block device nodes (blk_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Character device nodes (chr_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+########################################
+#
+# Special permission sets
+#
+
+#
+# Use (read and write) terminals
+#
+
+
+
+#
+# Sockets
+#
+
+
+
+#
+# Keys
+#
+
+#
+# Common domain transition pattern perms
+#
+# Parameters:
+# 1. source domain
+# 2. entry point file type
+# 3. target domain
+#
+
+
+# compatibility: Deprecated (20161201)
+
+
+
+#
+# Specified domain transition patterns
+#
+# Parameters:
+# 1. source domain
+# 2. entry point file type
+# 3. target domain
+#
+
+
+#
+# Automatic domain transition patterns
+#
+# Parameters:
+# 1. source domain
+# 2. entry point file type
+# 3. target domain
+#
+
+
+# compatibility: Deprecated (20161201)
+
+
+#
+# Automatic domain transition patterns
+# with feedback permissions
+#
+# Parameters:
+# 1. source domain
+# 2. entry point file type
+# 3. target domain
+#
+
+
+#
+# Dynamic transition pattern
+#
+# Parameters:
+# 1. source domain
+# 2. target domain
+#
+
+
+#
+# Read foreign domain proc data
+#
+# Parameters:
+# 1. source domain
+# 2. target domain
+#
+
+
+#
+# Process administration pattern
+#
+# Parameters:
+# 1. source domain
+# 2. target domain
+#
+
+
+########################################
+#
+# Helper macros
+#
+
+#
+# shiftn(num,list...)
+#
+# shift the list num times
+#
+
+
+#
+# ifndef(expr,true_block,false_block)
+#
+# m4 does not have this.
+#
+
+
+#
+# __endline__
+#
+# dummy macro to insert a newline.  used for
+# errprint, so the close parentheses can be
+# indented correctly.
+#
+
+
+########################################
+#
+# refpolwarn(message)
+#
+# print a warning message
+#
+
+
+########################################
+#
+# refpolerr(message)
+#
+# print an error message.
+#
+
+
+########################################
+#
+# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_categories])
+#
+
+
+########################################
+#
+# gen_context(context,mls_sensitivity,[mcs_categories])
+#
+
+########################################
+#
+# can_exec(domain,executable)
+#
+
+
+########################################
+#
+# gen_bool(name,default_value)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+########################################
+#
+# gen_cats(N)
+#
+# declares categores c0 to c(N-1)
+#
+
+
+
+
+########################################
+#
+# gen_sens(N)
+#
+# declares sensitivites s0 to s(N-1) with dominance
+# in increasing numeric order with s0 lowest, s(N-1) highest
+#
+
+
+
+
+
+
+########################################
+#
+# gen_levels(N,M)
+#
+# levels from s0 to (N-1) with categories c0 to (M-1)
+#
+
+
+
+
+########################################
+#
+# Basic level names for system low and high
+#
+
+
+
+
+
+########################################
+#
+# Macros for switching between source policy
+# and loadable policy module support
+#
+
+##############################
+#
+# For adding the module statement
+#
+
+
+##############################
+#
+# For use in interfaces, to optionally insert a require block
+#
+
+
+# helper function, since m4 wont expand macros
+# if a line is a comment (#):
+
+##############################
+#
+# In the future interfaces should be in loadable modules
+#
+# template(name,rules)
+#
+
+
+##############################
+#
+# In the future interfaces should be in loadable modules
+#
+# interface(name,rules)
+#
+
+
+
+
+##############################
+#
+# Optional policy handling
+#
+
+
+##############################
+#
+# Determine if we should use the default
+# tunable value as specified by the policy
+# or if the override value should be used
+#
+
+
+##############################
+#
+# Extract booleans out of an expression.
+# This needs to be reworked so expressions
+# with parentheses can work.
+
+
+
+##############################
+#
+# Tunable declaration
+#
+
+
+##############################
+#
+# Tunable policy handling
+#
+
+## <summary>System shutdown command.</summary>
+
+########################################
+## <summary>
+##	Role access for shutdown.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`shutdown_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shutdown_role'($*)) dnl
+	
+	gen_require(`
+		type shutdown_t;
+	')
+
+	shutdown_run($2, $1)
+
+	allow $2 shutdown_t:process { ptrace signal_perms };
+	ps_process_pattern($2, shutdown_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shutdown_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run shutdown.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`shutdown_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shutdown_domtrans'($*)) dnl
+	
+	gen_require(`
+		type shutdown_t, shutdown_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, shutdown_exec_t, shutdown_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shutdown_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute shutdown in the shutdown
+##	domain, and allow the specified role
+##	the shutdown domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shutdown_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shutdown_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role shutdown_roles;
+	')
+
+	shutdown_domtrans($1)
+	roleattribute $2 shutdown_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shutdown_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to shutdown.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shutdown_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shutdown_signal'($*)) dnl
+	
+	gen_require(`
+		type shutdown_t;
+	')
+
+	allow shutdown_t $1:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shutdown_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Send SIGCHLD signals to shutdown.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`shutdown_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shutdown_sigchld'($*)) dnl
+	
+	gen_require(`
+		type shutdown_t;
+	')
+
+	allow $1 shutdown_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shutdown_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of shutdown executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shutdown_getattr_exec_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shutdown_getattr_exec_files'($*)) dnl
+	
+	gen_require(`
+		type shutdown_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	allow $1 shutdown_exec_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shutdown_getattr_exec_files'($*)) dnl
+	')
+
+## <summary>Ruby on rails deployment for Apache and Nginx servers.</summary>
+
+######################################
+## <summary>
+##	Execute passenger in the passenger domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`passenger_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `passenger_domtrans'($*)) dnl
+	
+	gen_require(`
+		type passenger_t, passenger_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, passenger_exec_t, passenger_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `passenger_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute passenger in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`passenger_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `passenger_exec'($*)) dnl
+	
+	gen_require(`
+		type passenger_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, passenger_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `passenger_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read passenger lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`passenger_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `passenger_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type passenger_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `passenger_read_lib_files'($*)) dnl
+	')
+
+## <summary>Policy for dmesg.</summary>
+
+########################################
+## <summary>
+##	Execute dmesg in the dmesg domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dmesg_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dmesg_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dmesg_t, dmesg_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dmesg_exec_t, dmesg_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dmesg_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dmesg in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dmesg_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dmesg_exec'($*)) dnl
+	
+	gen_require(`
+		type dmesg_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, dmesg_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dmesg_exec'($*)) dnl
+	')
+
+
+# This should be in an ifdef distro_gentoo but that is not allowed in an if file
+
+########################################
+## <summary>
+##	Execute dmesg in the dmesg_t domain, and allow the calling role
+##	the dmesg_t domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dmesg_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dmesg_run'($*)) dnl
+	
+	gen_require(`
+		type dmesg_t;
+	')
+
+	dmesg_domtrans($1)
+	role $2 types dmesg_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dmesg_run'($*)) dnl
+	')
+
+## <summary>Abstract Machine Test Utility.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run Amtu.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`amtu_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amtu_domtrans'($*)) dnl
+	
+	gen_require(`
+		type amtu_t, amtu_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, amtu_exec_t, amtu_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amtu_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run
+##	Amtu, and allow the specified role
+##	the Amtu domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amtu_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amtu_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role amtu_roles;
+	')
+
+	amtu_domtrans($1)
+	roleattribute $2 amtu_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amtu_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an amtu environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`amtu_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amtu_admin'($*)) dnl
+	
+	gen_require(`
+		type amtu_t, amtu_initrc_exec_t;
+	')
+
+	allow $1 amtu_t:process { ptrace signal_perms };
+	ps_process_pattern($1, amtu_t)
+
+	init_startstop_service($1, $2, amtu_t, amtu_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amtu_admin'($*)) dnl
+	')
+
+## <summary>Standards Based Linux Instrumentation for Manageability.</summary>
+
+########################################
+## <summary>
+##	Execute gatherd in the gatherd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`sblim_domtrans_gatherd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sblim_domtrans_gatherd'($*)) dnl
+	
+	gen_require(`
+		type sblim_gatherd_t, sblim_gatherd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, sblim_gatherd_exec_t, sblim_gatherd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sblim_domtrans_gatherd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read gatherd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sblim_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sblim_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type sblim_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 sblim_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sblim_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an sblim environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sblim_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sblim_admin'($*)) dnl
+	
+	gen_require(`
+		attribute sblim_domain;
+		type sblim_initrc_exec_t, sblim_runtime_t;
+	')
+
+	allow $1 sblim_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, sblim_domain)
+
+	init_startstop_service($1, $2, sblim_domain, sblim_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, sblim_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sblim_admin'($*)) dnl
+	')
+
+## <summary>Digital Certificate Tracking.</summary>
+
+########################################
+## <summary>
+##	Domain transition to certwatch.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`certwatch_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certwatch_domtrans'($*)) dnl
+	
+	gen_require(`
+		type certwatch_exec_t, certwatch_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, certwatch_exec_t, certwatch_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certwatch_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute certwatch in the certwatch
+##	domain, and allow the specified role
+##	the certwatch domain.
+##	backchannel.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`certwatch_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certwatch_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role certwatch_roles;
+	')
+
+	certwatch_domtrans($1)
+	roleattribute $2 certwatch_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certwatch_run'($*)) dnl
+	')
+
+## <summary>Linux hardware error daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run mcelog.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mcelog_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mcelog_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mcelog_t, mcelog_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mcelog_exec_t, mcelog_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mcelog_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an mcelog environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mcelog_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mcelog_admin'($*)) dnl
+	
+	gen_require(`
+		type mcelog_t, mcelog_initrc_exec_t, mcelog_log_t;
+		type mcelog_runtime_t, mcelog_etc_t;
+	')
+
+	allow $1 mcelog_t:process { ptrace signal_perms };
+	ps_process_pattern($1, mcelog_t)
+
+	init_startstop_service($1, $2, mcelog_t, mcelog_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, mcelog_etc_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, mcelog_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, mcelog_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mcelog_admin'($*)) dnl
+	')
+
+## <summary>Advanced Linux Sound Architecture utilities.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run Alsa.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_domtrans'($*)) dnl
+	
+	gen_require(`
+		type alsa_t, alsa_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, alsa_exec_t, alsa_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run
+##	Alsa, and allow the specified role
+##	the Alsa domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role alsa_roles;
+	')
+
+	alsa_domtrans($1)
+	roleattribute $2 alsa_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write Alsa semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_rw_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_rw_semaphores'($*)) dnl
+	
+	gen_require(`
+		type alsa_t;
+	')
+
+	allow $1 alsa_t:sem rw_sem_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_rw_semaphores'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write Alsa shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_rw_shared_mem',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_rw_shared_mem'($*)) dnl
+	
+	gen_require(`
+		type alsa_t;
+	')
+
+	allow $1 alsa_t:shm rw_shm_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_rw_shared_mem'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read Alsa configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_read_config'($*)) dnl
+	
+	gen_require(`
+		type alsa_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 alsa_etc_t:dir list_dir_perms;
+	read_files_pattern($1, alsa_etc_t, alsa_etc_t)
+	read_lnk_files_pattern($1, alsa_etc_t, alsa_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage Alsa config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_manage_config'($*)) dnl
+	
+	gen_require(`
+		type alsa_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 alsa_etc_t:dir list_dir_perms;
+	manage_files_pattern($1, alsa_etc_t, alsa_etc_t)
+	read_lnk_files_pattern($1, alsa_etc_t, alsa_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	alsa home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_manage_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_manage_home_files'($*)) dnl
+	
+	gen_require(`
+		type alsa_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 alsa_home_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_manage_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read Alsa home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_read_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_read_home_files'($*)) dnl
+	
+	gen_require(`
+		type alsa_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 alsa_home_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_read_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel alsa home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_relabel_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_relabel_home_files'($*)) dnl
+	
+	gen_require(`
+		type alsa_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 alsa_home_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_relabel_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the generic alsa
+##	home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_home_filetrans_alsa_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_home_filetrans_alsa_home'($*)) dnl
+	
+	gen_require(`
+		type alsa_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, alsa_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_home_filetrans_alsa_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read Alsa lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_read_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_read_lib'($*)) dnl
+	
+	gen_require(`
+		type alsa_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
+
+	ifdef(`distro_gentoo',`
+		# gentoo saves the files in /var/lib/alsa/oss/CardName
+		list_dirs_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_read_lib'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Write Alsa lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_write_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_write_lib'($*)) dnl
+	
+	gen_require(`
+		type alsa_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	write_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
+
+	ifdef(`distro_gentoo',`
+		# gentoo saves the files in /var/lib/alsa/oss/CardName
+		rw_dirs_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_write_lib'($*)) dnl
+	')
+
+
+# Gentoo specific for now, but cannot use ifdef distro_gentoo in an interface
+
+# alsa_domain - see http://oss.tresys.com/pipermail/refpolicy/2014-March/007029.html
+#                   http://oss.tresys.com/pipermail/refpolicy/2014-April/007044.html
+
+########################################
+## <summary>
+##	Mark the selected domain as an alsa-capable domain
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain that links with alsa
+##	</summary>
+## </param>
+## <param name="tmpfstype">
+##	<summary>
+##	Tmpfs type used for shared memory of the given domain
+##	</summary>
+## </param>
+#
+ 	 	define(`alsa_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `alsa_domain'($*)) dnl
+	
+	gen_require(`
+		attribute alsadomain;
+		attribute alsatmpfsfile;
+	')
+
+	typeattribute $1 alsadomain;
+	typeattribute $2 alsatmpfsfile;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `alsa_domain'($*)) dnl
+	')
+
+
+
+## <summary>Generate debugging information for system.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run sosreport.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`sosreport_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sosreport_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sosreport_t, sosreport_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, sosreport_exec_t, sosreport_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sosreport_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute sosreport in the sosreport
+##	domain, and allow the specified
+##	role the sosreport domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sosreport_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sosreport_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role sosreport_roles;
+	')
+
+	sosreport_domtrans($1)
+	roleattribute $2 sosreport_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sosreport_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for sosreport.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`sosreport_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sosreport_role'($*)) dnl
+	
+	gen_require(`
+		type sosreport_t;
+	')
+
+	sosreport_run($2, $1)
+
+	allow $2 sosreport_t:process { ptrace signal_perms };
+	ps_process_pattern($2, sosreport_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sosreport_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read sosreport temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sosreport_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sosreport_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type sosreport_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, sosreport_tmp_t, sosreport_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sosreport_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append sosreport temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sosreport_append_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sosreport_append_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type sosreport_tmp_t;
+	')
+
+	files_search_tmp($1)
+	append_files_pattern($1, sosreport_tmp_t, sosreport_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sosreport_append_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete sosreport temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sosreport_delete_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sosreport_delete_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type sosreport_tmp_t;
+	')
+
+	files_delete_tmp_dir_entry($1)
+	delete_files_pattern($1, sosreport_tmp_t, sosreport_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sosreport_delete_tmp_files'($*)) dnl
+	')
+
+## <summary>Red Hat utility to change fstab.</summary>
+
+########################################
+## <summary>
+##	Execute updfstab in the updfstab domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`updfstab_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `updfstab_domtrans'($*)) dnl
+	
+	gen_require(`
+		type updfstab_t, updfstab_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, updfstab_exec_t, updfstab_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `updfstab_domtrans'($*)) dnl
+	')
+
+## <summary>Utilities for the tboot TXT module.</summary>
+
+########################################
+## <summary>
+##	Execute txt-stat in the txtstat domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tboot_domtrans_txtstat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tboot_domtrans_txtstat'($*)) dnl
+	
+	gen_require(`
+		type txtstat_t, txtstat_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, txtstat_exec_t, txtstat_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tboot_domtrans_txtstat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute txt-stat in the txtstat domain, and
+##	allow the specified role the txtstat domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the txtstat domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`tboot_run_txtstat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tboot_run_txtstat'($*)) dnl
+	
+	gen_require(`
+		attribute_role txtstat_roles;
+	')
+
+	tboot_domtrans_txtstat($1)
+	roleattribute $2 txtstat_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tboot_run_txtstat'($*)) dnl
+	')
+
+## <summary>Read files into page cache for improved performance.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition
+##	to run readahead.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`readahead_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `readahead_domtrans'($*)) dnl
+	
+	gen_require(`
+		type readahead_t, readahead_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, readahead_exec_t, readahead_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `readahead_domtrans'($*)) dnl
+	')
+
+## <summary>Network analysis utilities</summary>
+
+########################################
+## <summary>
+##	Execute network utilities in the netutils domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`netutils_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_domtrans'($*)) dnl
+	
+	gen_require(`
+		type netutils_t, netutils_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, netutils_exec_t, netutils_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute network utilities in the netutils domain, and
+##	allow the specified role the netutils domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`netutils_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_run'($*)) dnl
+	
+	gen_require(`
+		type netutils_t;
+	')
+
+	netutils_domtrans($1)
+	role $2 types netutils_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute network utilities in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`netutils_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_exec'($*)) dnl
+	
+	gen_require(`
+		type netutils_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, netutils_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to network utilities.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`netutils_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_signal'($*)) dnl
+	
+	gen_require(`
+		type netutils_t;
+	')
+
+	allow $1 netutils_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ping in the ping domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`netutils_domtrans_ping',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_domtrans_ping'($*)) dnl
+	
+	gen_require(`
+		type ping_t, ping_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ping_exec_t, ping_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_domtrans_ping'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a kill (SIGKILL) signal to ping.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`netutils_kill_ping',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_kill_ping'($*)) dnl
+	
+	gen_require(`
+		type ping_t;
+	')
+
+	allow $1 ping_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_kill_ping'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to ping.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`netutils_signal_ping',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_signal_ping'($*)) dnl
+	
+	gen_require(`
+		type ping_t;
+	')
+
+	allow $1 ping_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_signal_ping'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ping in the ping domain, and
+##	allow the specified role the ping domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`netutils_run_ping',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_run_ping'($*)) dnl
+	
+	gen_require(`
+		type ping_t;
+	')
+
+	netutils_domtrans_ping($1)
+	role $2 types ping_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_run_ping'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Conditionally execute ping in the ping domain, and
+##	allow the specified role the ping domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`netutils_run_ping_cond',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_run_ping_cond'($*)) dnl
+	
+	gen_require(`
+		type ping_t;
+		bool user_ping;
+	')
+
+	role $2 types ping_t;
+
+	if ( user_ping ) {
+		netutils_domtrans_ping($1)
+	}
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_run_ping_cond'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ping in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`netutils_exec_ping',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_exec_ping'($*)) dnl
+	
+	gen_require(`
+		type ping_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, ping_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_exec_ping'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute traceroute in the traceroute domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`netutils_domtrans_traceroute',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_domtrans_traceroute'($*)) dnl
+	
+	gen_require(`
+		type traceroute_t, traceroute_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, traceroute_exec_t, traceroute_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_domtrans_traceroute'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute traceroute in the traceroute domain, and
+##	allow the specified role the traceroute domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`netutils_run_traceroute',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_run_traceroute'($*)) dnl
+	
+	gen_require(`
+		type traceroute_t;
+	')
+
+	netutils_domtrans_traceroute($1)
+	role $2 types traceroute_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_run_traceroute'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Conditionally execute traceroute in the traceroute domain, and
+##	allow the specified role the traceroute domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`netutils_run_traceroute_cond',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_run_traceroute_cond'($*)) dnl
+	
+	gen_require(`
+		type traceroute_t;
+		bool user_ping;
+	')
+
+	role $2 types traceroute_t;
+
+	if( user_ping ) {
+		netutils_domtrans_traceroute($1)
+	}
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_run_traceroute_cond'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute traceroute in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`netutils_exec_traceroute',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netutils_exec_traceroute'($*)) dnl
+	
+	gen_require(`
+		type traceroute_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, traceroute_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netutils_exec_traceroute'($*)) dnl
+	')
+
+## <summary>
+##	Determine of the console connected to the controlling terminal.
+## </summary>
+
+########################################
+## <summary>
+##	Execute consoletype in the consoletype domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`consoletype_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consoletype_domtrans'($*)) dnl
+	
+	gen_require(`
+		type consoletype_t, consoletype_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, consoletype_exec_t, consoletype_t)
+
+	ifdef(`hide_broken_symptoms', `
+		dontaudit consoletype_t $1:socket_class_set { read write };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consoletype_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute consoletype in the consoletype domain, and
+##	allow the specified role the consoletype domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`consoletype_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consoletype_run'($*)) dnl
+	
+	gen_require(`
+		type consoletype_t;
+	')
+
+	consoletype_domtrans($1)
+	role $2 types consoletype_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consoletype_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute consoletype in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`consoletype_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consoletype_exec'($*)) dnl
+	
+	gen_require(`
+		type consoletype_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, consoletype_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consoletype_exec'($*)) dnl
+	')
+
+## <summary>Sectool security audit tool.</summary>
+
+########################################
+## <summary>
+##	Role access for sectoolm.
+## </summary>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`sectoolm_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sectoolm_role'($*)) dnl
+	
+	gen_require(`
+		type sectoolm_t;
+	')
+
+	allow sectoolm_t $2:unix_dgram_socket sendto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sectoolm_role'($*)) dnl
+	')
+
+## <summary>Check file integrity.</summary>
+
+#######################################
+## <summary>
+##	The template to define a samhain domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`samhain_service_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samhain_service_template'($*)) dnl
+	
+	gen_require(`
+		attribute samhain_domain;
+		type samhain_exec_t;
+	')
+
+	type $1_t, samhain_domain;
+	domain_type($1_t)
+	domain_entry_file($1_t, samhain_exec_t)
+
+	files_read_all_files($1_t)
+
+	mls_file_write_all_levels($1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samhain_service_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute samhain in the samhain domain
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`samhain_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samhain_domtrans'($*)) dnl
+	
+	gen_require(`
+		type samhain_t, samhain_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, samhain_exec_t, samhain_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samhain_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute samhain in the samhain
+##	domain with the clearance security
+##	level and allow the specifiled role
+##	the samhain domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute samhain in the samhain
+##	domain with the clearance security
+##	level and allow the specifiled role
+##	the samhain domain.
+##	</p>
+##	<p>
+##	The range_transition rule used in
+##	this interface requires that the
+##	calling domain should have the
+##	clearance security level otherwise
+##	the MLS constraint for process
+##	transition would fail.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed to access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samhain_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samhain_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role samhain_roles;
+		type samhain_exec_t;
+	')
+
+	samhain_domtrans($1)
+	roleattribute $2 samhain_roles;
+
+	ifdef(`enable_mls', `
+		range_transition $1 samhain_exec_t:process mls_systemhigh;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samhain_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	samhain configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samhain_manage_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samhain_manage_config_files'($*)) dnl
+	
+	gen_require(`
+		type samhain_etc_t;
+	')
+
+	files_rw_etc_dirs($1)
+	allow $1 samhain_etc_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samhain_manage_config_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	samhain database files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samhain_manage_db_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samhain_manage_db_files'($*)) dnl
+	
+	gen_require(`
+		type samhain_db_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, samhain_db_t, samhain_db_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samhain_manage_db_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	samhain init script files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samhain_manage_init_script_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samhain_manage_init_script_files'($*)) dnl
+	
+	gen_require(`
+		type samhain_initrc_exec_t;
+	')
+
+	files_search_etc($1)
+	manage_files_pattern($1, samhain_initrc_exec_t, samhain_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samhain_manage_init_script_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	samhain log and log.lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samhain_manage_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samhain_manage_log_files'($*)) dnl
+	
+	gen_require(`
+		type samhain_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, samhain_log_t, samhain_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samhain_manage_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	samhain pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samhain_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samhain_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type samhain_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, samhain_runtime_t, samhain_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samhain_manage_pid_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	All of the rules required to
+##	administrate the samhain environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samhain_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samhain_admin'($*)) dnl
+	
+	gen_require(`
+		attribute samhain_domain;
+		type samhain_db_t, samhain_etc_t;
+		type samhain_initrc_exec_t, samhain_log_t, samhain_runtime_t;
+	')
+
+	allow $1 samhain_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, samhain_domain)
+
+	# duplicate role transition: remove samhain_admin(sysadm_t, sysadm_r) first
+	# init_startstop_service($1, $2, samhain_domain, samhain_initrc_exec_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, samhain_db_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { samhain_initrc_exec_t samhain_etc_t })
+
+	logging_list_logs($1)
+	admin_pattern($1, samhain_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, samhain_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samhain_admin'($*)) dnl
+	')
+
+## <summary>Configuration management system.</summary>
+
+########################################
+## <summary>
+##	Execute puppetca in the puppetca
+##	domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`puppet_domtrans_puppetca',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_domtrans_puppetca'($*)) dnl
+	
+	gen_require(`
+		type puppetca_t, puppetca_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, puppetca_exec_t, puppetca_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_domtrans_puppetca'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Execute puppetca in the puppetca
+##	domain and allow the specified
+##	role the puppetca domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`puppet_run_puppetca',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_run_puppetca'($*)) dnl
+	
+	gen_require(`
+		attribute_role puppetca_roles;
+	')
+
+	puppet_domtrans_puppetca($1)
+	roleattribute $2 puppetca_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_run_puppetca'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Read puppet configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`puppet_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_read_config'($*)) dnl
+	
+	gen_require(`
+		type puppet_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 puppet_etc_t:dir list_dir_perms;
+	allow $1 puppet_etc_t:file read_file_perms;
+	allow $1 puppet_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_read_config'($*)) dnl
+	')
+
+
+################################################
+## <summary>
+##	Read Puppet lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`puppet_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type puppet_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, puppet_var_lib_t, puppet_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_read_lib_files'($*)) dnl
+	')
+
+
+###############################################
+## <summary>
+##	Create, read, write, and delete
+##	puppet lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`puppet_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type puppet_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, puppet_var_lib_t, puppet_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_manage_lib_files'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Append puppet log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`puppet_append_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_append_log_files'($*)) dnl
+	
+	gen_require(`
+		type puppet_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, puppet_log_t, puppet_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_append_log_files'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Create puppet log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`puppet_create_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_create_log_files'($*)) dnl
+	
+	gen_require(`
+		type puppet_log_t;
+	')
+
+	logging_search_logs($1)
+	create_files_pattern($1, puppet_log_t, puppet_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_create_log_files'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read puppet log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`puppet_read_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_read_log_files'($*)) dnl
+	
+	gen_require(`
+		type puppet_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, puppet_log_t, puppet_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_read_log_files'($*)) dnl
+	')
+
+
+################################################
+## <summary>
+##	Read and write to puppet tempoprary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`puppet_rw_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_rw_tmp'($*)) dnl
+	
+	gen_require(`
+		type puppet_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 puppet_tmp_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_rw_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an puppet environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`puppet_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `puppet_admin'($*)) dnl
+	
+	gen_require(`
+		type puppet_initrc_exec_t, puppetmaster_initrc_exec_t, puppet_log_t;
+		type puppet_var_lib_t, puppet_tmp_t, puppet_etc_t;
+		type puppet_runtime_t, puppetmaster_tmp_t;
+		type puppet_t, puppetca_t, puppetmaster_t;
+	')
+
+	allow $1 { puppet_t puppetca_t puppetmaster_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { puppet_t puppetca_t puppetmaster_t })
+
+	init_startstop_service($1, $2, puppet_t, puppet_initrc_exec_t)
+	init_startstop_service($1, $2, puppetmaster_t, puppetmaster_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, puppet_etc_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, puppet_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, puppet_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, puppet_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, { puppet_tmp_t puppetmaster_tmp_t })
+
+	puppet_run_puppetca($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `puppet_admin'($*)) dnl
+	')
+
+## <summary>Policy for managing user accounts.</summary>
+
+########################################
+## <summary>
+##	Execute chfn in the chfn domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_domtrans_chfn',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_domtrans_chfn'($*)) dnl
+	
+	gen_require(`
+		type chfn_t, chfn_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, chfn_exec_t, chfn_t)
+
+	ifdef(`hide_broken_symptoms',`
+		dontaudit chfn_t $1:socket_class_set { read write };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_domtrans_chfn'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute chfn in the chfn domain, and
+##	allow the specified role the chfn domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_run_chfn',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_run_chfn'($*)) dnl
+	
+	gen_require(`
+		attribute_role chfn_roles;
+	')
+
+	usermanage_domtrans_chfn($1)
+	roleattribute $2 chfn_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_run_chfn'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute groupadd in the groupadd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_domtrans_groupadd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_domtrans_groupadd'($*)) dnl
+	
+	gen_require(`
+		type groupadd_t, groupadd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, groupadd_exec_t, groupadd_t)
+
+	ifdef(`hide_broken_symptoms',`
+		dontaudit groupadd_t $1:socket_class_set { read write };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_domtrans_groupadd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute groupadd in the groupadd domain, and
+##	allow the specified role the groupadd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`usermanage_run_groupadd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_run_groupadd'($*)) dnl
+	
+	gen_require(`
+		attribute_role groupadd_roles;
+	')
+
+	usermanage_domtrans_groupadd($1)
+	roleattribute $2 groupadd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_run_groupadd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute passwd in the passwd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_domtrans_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_domtrans_passwd'($*)) dnl
+	
+	gen_require(`
+		type passwd_t, passwd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, passwd_exec_t, passwd_t)
+
+	ifdef(`hide_broken_symptoms',`
+		dontaudit passwd_t $1:socket_class_set { read write };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_domtrans_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send sigkills to passwd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_kill_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_kill_passwd'($*)) dnl
+	
+	gen_require(`
+		type passwd_t;
+	')
+
+	allow $1 passwd_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_kill_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Check if the passwd binary is executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_check_exec_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_check_exec_passwd'($*)) dnl
+	
+	gen_require(`
+		type passwd_exec_t;
+	')
+
+	allow $1 passwd_exec_t:file { execute getattr_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_check_exec_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute passwd in the passwd domain, and
+##	allow the specified role the passwd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_run_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_run_passwd'($*)) dnl
+	
+	gen_require(`
+		attribute_role passwd_roles;
+	')
+
+	usermanage_domtrans_passwd($1)
+	roleattribute $2 passwd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_run_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute password admin functions in
+##	the admin passwd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_domtrans_admin_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_domtrans_admin_passwd'($*)) dnl
+	
+	gen_require(`
+		type sysadm_passwd_t, admin_passwd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, admin_passwd_exec_t, sysadm_passwd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_domtrans_admin_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute passwd admin functions in the admin
+##	passwd domain, and allow the specified role
+##	the admin passwd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`usermanage_run_admin_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_run_admin_passwd'($*)) dnl
+	
+	gen_require(`
+		attribute_role sysadm_passwd_roles;
+	')
+
+	usermanage_domtrans_admin_passwd($1)
+	roleattribute $2 sysadm_passwd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_run_admin_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use useradd fds.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_dontaudit_use_useradd_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_dontaudit_use_useradd_fds'($*)) dnl
+	
+	gen_require(`
+		type useradd_t;
+	')
+
+	dontaudit $1 useradd_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_dontaudit_use_useradd_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute useradd in the useradd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_domtrans_useradd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_domtrans_useradd'($*)) dnl
+	
+	gen_require(`
+		type useradd_t, useradd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, useradd_exec_t, useradd_t)
+
+	ifdef(`hide_broken_symptoms',`
+		dontaudit useradd_t $1:socket_class_set { read write };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_domtrans_useradd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Check if the useradd binaries are executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_check_exec_useradd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_check_exec_useradd'($*)) dnl
+	
+	gen_require(`
+		type useradd_exec_t;
+	')
+
+	allow $1 useradd_exec_t:file { execute getattr_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_check_exec_useradd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute useradd in the useradd domain, and
+##	allow the specified role the useradd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`usermanage_run_useradd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_run_useradd'($*)) dnl
+	
+	gen_require(`
+		attribute_role useradd_roles;
+	')
+
+	usermanage_domtrans_useradd($1)
+	roleattribute $2 useradd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_run_useradd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the crack database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`usermanage_read_crack_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usermanage_read_crack_db'($*)) dnl
+	
+	gen_require(`
+		type crack_db_t;
+	')
+
+	files_search_var($1)
+	read_files_pattern($1, crack_db_t, crack_db_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usermanage_read_crack_db'($*)) dnl
+	')
+
+## <summary>Execute a command with a substitute user</summary>
+
+#######################################
+## <summary>
+##	The role template for the sudo module.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domain which is allowed
+##	to change the linux user id, to run commands as a different
+##	user.
+##	</p>
+## </desc>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The user role.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The user domain associated with the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`sudo_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sudo_role_template'($*)) dnl
+	
+
+	gen_require(`
+		type sudo_exec_t;
+		attribute sudodomain;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	type $1_sudo_t, sudodomain;
+	userdom_user_application_domain($1_sudo_t, sudo_exec_t)
+	domain_interactive_fd($1_sudo_t)
+	domain_role_change_exemption($1_sudo_t)
+	role $2 types $1_sudo_t;
+
+	##############################
+	#
+	# Local Policy
+	#
+
+	# Use capabilities.
+	allow $1_sudo_t self:capability { chown dac_override fowner kill setgid setuid sys_nice sys_resource };
+	allow $1_sudo_t self:process { signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr getrlimit rlimitinh siginh transition setsockcreate dyntransition noatsecure setkeycreate };
+	allow $1_sudo_t self:process { setexec setrlimit };
+	allow $1_sudo_t self:fd use;
+	allow $1_sudo_t self:fifo_file rw_fifo_file_perms;
+	allow $1_sudo_t self:shm create_shm_perms;
+	allow $1_sudo_t self:sem create_sem_perms;
+	allow $1_sudo_t self:msgq create_msgq_perms;
+	allow $1_sudo_t self:msg { send receive };
+	allow $1_sudo_t self:unix_dgram_socket create_socket_perms;
+	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
+	allow $1_sudo_t self:unix_dgram_socket sendto;
+	allow $1_sudo_t self:unix_stream_socket connectto;
+	allow $1_sudo_t self:key manage_key_perms;
+
+	allow $1_sudo_t $3:key search;
+
+	# Transmit SIGWINCH to children
+	allow $1_sudo_t $3:process signal;
+
+	# Enter this derived domain from the user domain
+	domtrans_pattern($3, sudo_exec_t, $1_sudo_t)
+
+	# By default, revert to the calling domain when a shell is executed.
+	corecmd_shell_domtrans($1_sudo_t, $3)
+	corecmd_bin_domtrans($1_sudo_t, $3)
+	allow $3 $1_sudo_t:fd use;
+	allow $3 $1_sudo_t:fifo_file rw_fifo_file_perms;
+	allow $3 $1_sudo_t:process signal_perms;
+
+	kernel_read_kernel_sysctls($1_sudo_t)
+	kernel_read_system_state($1_sudo_t)
+	kernel_link_key($1_sudo_t)
+
+	corecmd_exec_all_executables($1_sudo_t)
+
+	dev_getattr_fs($1_sudo_t)
+	dev_read_urand($1_sudo_t)
+	dev_rw_generic_usb_dev($1_sudo_t)
+	dev_read_sysfs($1_sudo_t)
+
+	domain_use_interactive_fds($1_sudo_t)
+	domain_sigchld_interactive_fds($1_sudo_t)
+	domain_getattr_all_entry_files($1_sudo_t)
+
+	files_read_etc_files($1_sudo_t)
+	files_read_var_files($1_sudo_t)
+	files_read_usr_symlinks($1_sudo_t)
+	files_getattr_usr_files($1_sudo_t)
+	# for some PAM modules and for cwd
+	files_dontaudit_search_home($1_sudo_t)
+	files_list_tmp($1_sudo_t)
+
+	fs_search_auto_mountpoints($1_sudo_t)
+	fs_getattr_xattr_fs($1_sudo_t)
+
+	selinux_validate_context($1_sudo_t)
+	selinux_compute_relabel_context($1_sudo_t)
+
+	term_getattr_pty_fs($1_sudo_t)
+	term_dontaudit_getattr_unallocated_ttys($1_sudo_t)
+	term_relabel_all_ttys($1_sudo_t)
+	term_relabel_all_ptys($1_sudo_t)
+
+	auth_run_chk_passwd($1_sudo_t, $2)
+	# sudo stores a token in the pam_pid directory
+	auth_manage_pam_pid($1_sudo_t)
+	auth_use_pam($1_sudo_t)
+	auth_pid_filetrans_pam_var_run($1_sudo_t, dir, "sudo")
+
+	init_rw_utmp($1_sudo_t)
+
+	logging_send_audit_msgs($1_sudo_t)
+	logging_send_syslog_msg($1_sudo_t)
+
+	miscfiles_read_localization($1_sudo_t)
+
+	seutil_read_default_contexts($1_sudo_t)
+	seutil_libselinux_linked($1_sudo_t)
+
+	userdom_spec_domtrans_all_users($1_sudo_t)
+	userdom_create_all_users_keys($1_sudo_t)
+	userdom_create_user_pty($1_sudo_t)
+	userdom_manage_user_home_content_files($1_sudo_t)
+	userdom_manage_user_home_content_symlinks($1_sudo_t)
+	userdom_manage_user_tmp_files($1_sudo_t)
+	userdom_manage_user_tmp_symlinks($1_sudo_t)
+	userdom_setattr_user_ptys($1_sudo_t)
+	userdom_use_user_terminals($1_sudo_t)
+	# for some PAM modules and for cwd
+	userdom_dontaudit_search_user_home_content($1_sudo_t)
+	userdom_dontaudit_search_user_home_dirs($1_sudo_t)
+
+	ifdef(`hide_broken_symptoms', `
+		dontaudit $1_sudo_t $3:socket_class_set { read write };
+	')
+
+	tunable_policy(`use_nfs_home_dirs',`
+		fs_manage_nfs_files($1_sudo_t)
+	')
+
+	tunable_policy(`use_samba_home_dirs',`
+		fs_manage_cifs_files($1_sudo_t)
+	')
+
+	optional_policy(`
+		dbus_system_bus_client($1_sudo_t)
+
+		ifdef(`init_systemd',`
+			init_dbus_chat($1_sudo_t)
+		')
+	')
+
+	optional_policy(`
+		fprintd_dbus_chat($1_sudo_t)
+	')
+
+	ifdef(`distro_gentoo',`
+		# Fix bug 549640 - Add dontaudit getattr on chr and blk devices as is done with regular user domains too
+		dev_dontaudit_getattr_all_blk_files($1_sudo_t)
+		dev_dontaudit_getattr_all_chr_files($1_sudo_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sudo_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGCHLD signal to the sudo domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sudo_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sudo_sigchld'($*)) dnl
+	
+	gen_require(`
+		attribute sudodomain;
+	')
+
+	allow $1 sudodomain:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sudo_sigchld'($*)) dnl
+	')
+
+## <summary>fake-hwclock - Control fake hardware clock.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run fake-hwclock.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`fakehwclock_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fakehwclock_domtrans'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	gen_require(`
+		type fakehwclock_t, fakehwclock_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, fakehwclock_exec_t, fakehwclock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fakehwclock_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute fake-hwclock in the fake-hwclock domain,
+##	and allow the specified role
+##	the fake-hwclock domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fakehwclock_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fakehwclock_run'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	gen_require(`
+		attribute_role fakehwclock_roles;
+	')
+
+	fakehwclock_domtrans($1)
+	roleattribute $2 fakehwclock_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fakehwclock_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All the rules required to
+##	administrate an fake-hwclock environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fakehwclock_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fakehwclock_admin'($*)) dnl
+	
+	gen_require(`
+		type fakehwclock_t, fakehwclock_backup_t, fakehwclock_initrc_exec_t;
+		type fakehwclock_unit_t;
+	')
+
+	admin_process_pattern($1, fakehwclock_t)
+
+	init_startstop_service($1, $2, fakehwclock_t, fakehwclock_initrc_exec_t, fakehwclock_unit_t)
+
+	files_search_etc($1)
+	admin_pattern($1, fakehwclock_backup_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fakehwclock_admin'($*)) dnl
+	')
+
+## <summary>Manage temporary directory sizes and file ages.</summary>
+
+########################################
+## <summary>
+##	Execute tmpreaper in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tmpreaper_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tmpreaper_exec'($*)) dnl
+	
+	gen_require(`
+		type tmpreaper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, tmpreaper_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tmpreaper_exec'($*)) dnl
+	')
+
+## <summary>Anaconda installer.</summary>
+## <summary>IEEE 802.11 wireless LAN sniffer.</summary>
+
+########################################
+## <summary>
+##	Role access for kismet.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_role'($*)) dnl
+	
+	gen_require(`
+		type kismet_home_t, kismet_tmp_t, kismet_tmpfs_t;
+		type kismet_t;
+	')
+
+	kismet_run($1, $2)
+
+	allow $2 kismet_t:process { ptrace signal_perms };
+	ps_process_pattern($2, kismet_t)
+
+	allow $2 kismet_home_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 kismet_home_t:file { manage_file_perms relabel_file_perms };
+	userdom_user_home_dir_filetrans($2, kismet_home_t, dir, ".kismet")
+
+	allow $2 kismet_tmp_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 kismet_tmp_t:file { manage_file_perms relabel_file_perms };
+	allow $2 kismet_tmp_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	allow $2 kismet_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 kismet_tmpfs_t:file { manage_file_perms relabel_file_perms };
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run kismet.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`kismet_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_domtrans'($*)) dnl
+	
+	gen_require(`
+		type kismet_t, kismet_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, kismet_exec_t, kismet_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute kismet in the kismet domain, and
+##	allow the specified role the kismet domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role kismet_roles;
+	')
+
+	kismet_domtrans($1)
+	roleattribute $2 kismet_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kismet pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type kismet_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 kismet_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	kismet pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type kismet_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 kismet_runtime_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search kismet lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_search_lib'($*)) dnl
+	
+	gen_require(`
+		type kismet_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 kismet_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kismet lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type kismet_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 kismet_var_lib_t:dir list_dir_perms;
+	allow $1 kismet_var_lib_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	kismet lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type kismet_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	kismet lib content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_manage_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_manage_lib'($*)) dnl
+	
+	gen_require(`
+		type kismet_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
+	manage_files_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
+	manage_lnk_files_pattern($1, kismet_var_lib_t, kismet_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_manage_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kismet log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kismet_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_read_log'($*)) dnl
+	
+	gen_require(`
+		type kismet_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, kismet_log_t, kismet_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append kismet log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_append_log'($*)) dnl
+	
+	gen_require(`
+		type kismet_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, kismet_log_t, kismet_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	kismet log content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kismet_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_manage_log'($*)) dnl
+	
+	gen_require(`
+		type kismet_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_dirs_pattern($1, kismet_log_t, kismet_log_t)
+	manage_files_pattern($1, kismet_log_t, kismet_log_t)
+	manage_lnk_files_pattern($1, kismet_log_t, kismet_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an kismet environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kismet_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kismet_admin'($*)) dnl
+	
+	gen_require(`
+		type kismet_t, kismet_var_lib_t, kismet_runtime_t;
+		type kismet_log_t, kismet_tmp_t, kismet_initrc_exec_t;
+	')
+
+	init_startstop_service($1, $2, kismet_t, kismet_initrc_exec_t)
+
+	ps_process_pattern($1, kismet_t)
+	allow $1 kismet_t:process { ptrace signal_perms };
+
+	files_search_var_lib($1)
+	admin_pattern($1, kismet_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, kismet_runtime_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, kismet_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, kismet_tmp_t)
+
+	kismet_run($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kismet_admin'($*)) dnl
+	')
+
+## <summary>Decode DMI data for x86/ia64 bioses.</summary>
+
+########################################
+## <summary>
+##	Execute dmidecode in the dmidecode domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dmidecode_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dmidecode_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dmidecode_t, dmidecode_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dmidecode_exec_t, dmidecode_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dmidecode_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dmidecode in the dmidecode
+##	domain, and allow the specified
+##	role the dmidecode domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dmidecode_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dmidecode_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role dmidecode_roles;
+	')
+
+	dmidecode_domtrans($1)
+	roleattribute $2 dmidecode_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dmidecode_run'($*)) dnl
+	')
+
+## <summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
+
+########################################
+## <summary>
+##	Execute bootloader in the bootloader domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`bootloader_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bootloader_domtrans'($*)) dnl
+	
+	gen_require(`
+		type bootloader_t, bootloader_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, bootloader_exec_t, bootloader_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bootloader_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute bootloader interactively and do
+##	a domain transition to the bootloader domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bootloader_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bootloader_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role bootloader_roles;
+	')
+
+	bootloader_domtrans($1)
+	roleattribute $2 bootloader_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bootloader_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute bootloader in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bootloader_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bootloader_exec'($*)) dnl
+	
+	gen_require(`
+		type bootloader_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, bootloader_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bootloader_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the bootloader configuration file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bootloader_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bootloader_read_config'($*)) dnl
+	
+	gen_require(`
+		type bootloader_etc_t;
+	')
+
+	allow $1 bootloader_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bootloader_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the bootloader
+##	configuration file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bootloader_rw_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bootloader_rw_config'($*)) dnl
+	
+	gen_require(`
+		type bootloader_etc_t;
+	')
+
+	allow $1 bootloader_etc_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bootloader_rw_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the bootloader
+##	temporary data in /tmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bootloader_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bootloader_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type bootloader_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 bootloader_tmp_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bootloader_rw_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read and write the bootloader
+##	runtime data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bootloader_create_runtime_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bootloader_create_runtime_file'($*)) dnl
+	
+	gen_require(`
+		type boot_runtime_t;
+	')
+
+	allow $1 boot_runtime_t:file { create_file_perms rw_file_perms };
+	files_boot_filetrans($1, boot_runtime_t, file)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bootloader_create_runtime_file'($*)) dnl
+	')
+
+## <summary>Aide filesystem integrity checker.</summary>
+
+########################################
+## <summary>
+##	Execute aide in the aide domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`aide_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aide_domtrans'($*)) dnl
+	
+	gen_require(`
+		type aide_t, aide_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, aide_exec_t, aide_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aide_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute aide programs in the AIDE
+##	domain and allow the specified role
+##	the AIDE domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`aide_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aide_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role aide_roles;
+	')
+
+	aide_domtrans($1)
+	roleattribute $2 aide_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aide_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an aide environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`aide_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aide_admin'($*)) dnl
+	
+	gen_require(`
+		type aide_t, aide_db_t, aide_log_t;
+	')
+
+	allow $1 aide_t:process { ptrace signal_perms };
+	ps_process_pattern($1, aide_t)
+
+	aide_run($1, $2)
+
+	files_list_etc($1)
+	admin_pattern($1, aide_db_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, aide_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aide_admin'($*)) dnl
+	')
+
+## <summary>Package Management System.</summary>
+
+########################################
+## <summary>
+##	Execute emerge in the portage domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_domtrans'($*)) dnl
+	
+	gen_require(`
+		type portage_t, portage_exec_t;
+		type portage_tmp_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, portage_exec_t, portage_t)
+
+	can_exec($1, portage_tmp_t) # Portage does exectest
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute emerge in the portage domain,
+##	and allow the specified role the
+##	portage domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`portage_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role portage_roles;
+	')
+
+	portage_domtrans($1)
+	roleattribute $2 portage_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Template for portage sandbox.
+## </summary>
+## <desc>
+##	<p>
+##	Template for portage sandbox.  Portage
+##	does all compiling in the sandbox.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain Allowed Access
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_compile_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_compile_domain'($*)) dnl
+	
+	gen_require(`
+		class dbus send_msg;
+		type portage_devpts_t, portage_log_t, portage_sandbox_t, portage_srcrepo_t;
+		type portage_tmp_t, portage_tmpfs_t;
+	')
+
+	allow $1 self:capability { chown dac_override dac_read_search fowner fsetid mknod net_raw setgid setuid };
+	dontaudit $1 self:capability sys_chroot;
+	allow $1 self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh setrlimit rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
+	allow $1 self:fd use;
+	allow $1 self:fifo_file rw_fifo_file_perms;
+	allow $1 self:shm create_shm_perms;
+	allow $1 self:sem create_sem_perms;
+	allow $1 self:msgq create_msgq_perms;
+	allow $1 self:msg { send receive };
+	allow $1 self:unix_dgram_socket create_socket_perms;
+	allow $1 self:unix_stream_socket create_stream_socket_perms;
+	allow $1 self:unix_dgram_socket sendto;
+	allow $1 self:unix_stream_socket connectto;
+	# really shouldnt need this
+	allow $1 self:tcp_socket create_stream_socket_perms;
+	allow $1 self:udp_socket create_socket_perms;
+	# misc networking stuff (esp needed for compiling perl):
+	allow $1 self:rawip_socket { create ioctl };
+	# needed for merging dbus:
+	allow $1 self:netlink_selinux_socket { bind create read };
+	allow $1 self:dbus send_msg;
+
+	allow $1 portage_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
+	term_create_pty($1, portage_devpts_t)
+
+	# write compile logs
+	allow $1 portage_log_t:dir setattr_dir_perms;
+	allow $1 portage_log_t:file { write_file_perms setattr_file_perms };
+
+	# Support live ebuilds (-9999)
+	manage_dirs_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
+	manage_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
+	manage_lnk_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
+	allow $1 portage_srcrepo_t:file map;
+
+	# run scripts out of the build directory
+	can_exec(portage_sandbox_t, portage_tmp_t)
+
+	manage_dirs_pattern($1, portage_tmp_t, portage_tmp_t)
+	manage_files_pattern($1, portage_tmp_t, portage_tmp_t)
+	manage_lnk_files_pattern($1, portage_tmp_t, portage_tmp_t)
+	manage_fifo_files_pattern($1, portage_tmp_t, portage_tmp_t)
+	manage_sock_files_pattern($1, portage_tmp_t, portage_tmp_t)
+	files_tmp_filetrans($1, portage_tmp_t, { dir file lnk_file sock_file fifo_file })
+	# SELinux-enabled programs running in the sandbox
+	allow $1 portage_tmp_t:file { relabel_file_perms map };
+	allow $1 portage_tmp_t:dir relabel_dir_perms;
+
+	manage_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
+	manage_lnk_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
+	manage_fifo_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
+	manage_sock_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
+	allow $1 portage_tmpfs_t:file map;
+	fs_tmpfs_filetrans($1, portage_tmpfs_t, { dir file lnk_file sock_file fifo_file })
+
+	kernel_read_system_state($1)
+	kernel_read_network_state($1)
+	kernel_read_software_raid_state($1)
+	kernel_getattr_core_if($1)
+	kernel_getattr_message_if($1)
+	kernel_read_kernel_sysctls($1)
+
+	corecmd_exec_all_executables($1)
+
+	# really shouldnt need this but some packages test
+	# network access, such as during configure
+	# also distcc--need to reinvestigate confining distcc client
+	corenet_all_recvfrom_unlabeled($1)
+	corenet_all_recvfrom_netlabel($1)
+	corenet_tcp_sendrecv_generic_if($1)
+	corenet_udp_sendrecv_generic_if($1)
+	corenet_raw_sendrecv_generic_if($1)
+	corenet_tcp_sendrecv_generic_node($1)
+	corenet_udp_sendrecv_generic_node($1)
+	corenet_raw_sendrecv_generic_node($1)
+	corenet_tcp_connect_all_reserved_ports($1)
+	corenet_tcp_connect_distccd_port($1)
+	corenet_tcp_connect_git_port($1)
+
+	dev_read_sysfs($1)
+	dev_read_rand($1)
+	dev_read_urand($1)
+
+	domain_use_interactive_fds($1)
+	domain_dontaudit_read_all_domains_state($1)
+	# SELinux-aware installs doing relabels in the sandbox
+	domain_obj_id_change_exemption($1)
+
+	files_exec_etc_files($1)
+	files_exec_usr_src_files($1)
+	files_map_usr_files($1)
+
+	# Came up with bug #496328
+	fs_getattr_tmpfs($1)
+	fs_getattr_xattr_fs($1)
+	fs_list_noxattr_fs($1)
+	fs_read_noxattr_fs_files($1)
+	fs_read_noxattr_fs_symlinks($1)
+	fs_search_auto_mountpoints($1)
+
+	selinux_validate_context($1)
+	# needed for merging dbus:
+	selinux_compute_access_vector($1)
+
+	files_list_non_auth_dirs($1)
+	files_read_non_auth_files($1)
+	files_read_non_auth_symlinks($1)
+
+	libs_exec_lib_files($1)
+	# some config scripts use ldd
+	libs_exec_ld_so($1)
+	libs_exec_ldconfig($1)
+
+	logging_send_syslog_msg($1)
+
+	miscfiles_read_localization($1)
+
+	userdom_use_user_terminals($1)
+
+	# SELinux-enabled programs running in the sandbox
+	seutil_libselinux_linked($1)
+
+	# required by install
+	seutil_read_file_contexts($1)
+
+	tunable_policy(`portage_use_nfs',`
+		fs_getattr_nfs($1)
+		fs_manage_nfs_dirs($1)
+		fs_manage_nfs_files($1)
+		fs_manage_nfs_symlinks($1)
+	')
+
+	ifdef(`TODO',`
+	# some gui ebuilds want to interact with X server, like xawtv
+	optional_policy(`
+		allow $1 xdm_xserver_tmp_t:dir { add_entry_dir_perms del_entry_dir_perms };
+		allow $1 xdm_xserver_tmp_t:sock_file { create_file_perms delete_file_perms write_file_perms };
+	')
+	') dnl end TODO
+
+	ifdef(`distro_gentoo',`
+		# Fix bug 496328
+		fs_getattr_tmpfs($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_compile_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute tree management functions
+##	(fetching, layman, ...) in the
+##	portage fetch domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_domtrans_fetch',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_domtrans_fetch'($*)) dnl
+	
+	gen_require(`
+		type portage_fetch_t, portage_fetch_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, portage_fetch_exec_t, portage_fetch_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_domtrans_fetch'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute tree management functions
+##	(fetching, layman, ...) in the
+##	portage fetch domain, and allow
+##	the specified role the portage
+##	fetch domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`portage_run_fetch',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_run_fetch'($*)) dnl
+	
+	gen_require(`
+		attribute_role portage_fetch_roles;
+	')
+
+	portage_domtrans_fetch($1)
+	roleattribute $2 portage_fetch_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_run_fetch'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute gcc-config in the gcc config domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_domtrans_gcc_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_domtrans_gcc_config'($*)) dnl
+	
+	gen_require(`
+		type gcc_config_t, gcc_config_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, gcc_config_exec_t, gcc_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_domtrans_gcc_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute gcc-config in the gcc config
+##	domain, and allow the specified role
+##	the gcc_config domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`portage_run_gcc_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_run_gcc_config'($*)) dnl
+	
+	gen_require(`
+		attribute_role gcc_config_roles;
+	')
+
+	portage_domtrans_gcc_config($1)
+	roleattribute $2 gcc_config_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_run_gcc_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use
+##	portage file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type portage_t;
+	')
+
+	dontaudit $1 portage_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the
+##	portage temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_dontaudit_search_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_dontaudit_search_tmp'($*)) dnl
+	
+	gen_require(`
+		type portage_tmp_t;
+	')
+
+	dontaudit $1 portage_tmp_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_dontaudit_search_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	the portage temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_dontaudit_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_dontaudit_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type portage_tmp_t;
+	')
+
+	dontaudit $1 portage_tmp_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_dontaudit_rw_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##   Allow the domain to run within an eselect module script. 
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain to allow within an eselect module
+##     </summary>
+## </param>
+#   Specific to Gentoo,
+#   eselect modules allow users to switch between different flavors or versions
+#   of underlying components. In return, eselect makes a wrapper binary which 
+#   makes the proper selections. If this binary is different from bin_t, it might
+#   not hold the necessary privileges for the wrapper to function. However, just
+#   marking the target binaries doesn't always work, since for python scripts the
+#   wrapper doesn't execute it, but treats the target as a library.
+#
+ 	 	define(`portage_eselect_module',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_eselect_module'($*)) dnl
+	
+       gen_require(`
+               attribute portage_eselect_domain;
+       ')
+
+       typeattribute $1 portage_eselect_domain;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_eselect_module'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all portage files
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_ro_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_ro_role'($*)) dnl
+	
+	portage_read_cache($2)
+	portage_read_config($2)
+	portage_read_db($2)
+	portage_read_ebuild($2)
+	portage_read_log($2)
+	portage_read_srcrepo($2)
+	portage_dontaudit_write_cache($2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_ro_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read portage db files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_read_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_read_db'($*)) dnl
+	
+	gen_require(`
+		type portage_db_t;
+	')
+
+	files_search_var($1)
+	list_dirs_pattern($1, portage_db_t, portage_db_t)
+	read_files_pattern($1, portage_db_t, portage_db_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_read_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read portage cache files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_read_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_read_cache'($*)) dnl
+	
+	gen_require(`
+		type portage_cache_t;
+	')
+
+	files_search_var($1)
+	list_dirs_pattern($1, portage_cache_t, portage_cache_t)
+	read_files_pattern($1, portage_cache_t, portage_cache_t)
+	read_lnk_files_pattern($1, portage_cache_t, portage_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_read_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read portage configuration files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_read_config'($*)) dnl
+	
+	gen_require(`
+		type portage_conf_t;
+	')
+
+	files_search_etc($1)
+	list_dirs_pattern($1, portage_conf_t, portage_conf_t)
+	read_files_pattern($1, portage_conf_t, portage_conf_t)
+	allow $1 portage_conf_t:file map;
+	read_lnk_files_pattern($1, portage_conf_t, portage_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read portage ebuild files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_read_ebuild',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_read_ebuild'($*)) dnl
+	
+	gen_require(`
+		type portage_ebuild_t;
+	')
+
+	files_search_usr($1)
+	list_dirs_pattern($1, portage_ebuild_t, portage_ebuild_t)
+	read_files_pattern($1, portage_ebuild_t, portage_ebuild_t)
+	allow $1 portage_ebuild_t:file map;
+	read_lnk_files_pattern($1, portage_ebuild_t, portage_ebuild_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_read_ebuild'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read portage log files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_read_log'($*)) dnl
+	
+	gen_require(`
+		type portage_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, portage_log_t, portage_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read portage src repository files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_read_srcrepo',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_read_srcrepo'($*)) dnl
+	
+	gen_require(`
+		type portage_ebuild_t, portage_srcrepo_t;
+	')
+
+	files_search_usr($1)
+	list_dirs_pattern($1, portage_ebuild_t, portage_srcrepo_t)
+	read_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
+	allow $1 portage_srcrepo_t:file map;
+	read_lnk_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_read_srcrepo'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit writing portage cache files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`portage_dontaudit_write_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portage_dontaudit_write_cache'($*)) dnl
+	
+	gen_require(`
+		type portage_cache_t;
+	')
+
+	dontaudit $1 portage_cache_t:dir { setattr write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portage_dontaudit_write_cache'($*)) dnl
+	')
+
+
+## <summary>Dump topology and locality information from hardware tables.</summary>
+
+########################################
+## <summary>
+##	Execute hwloc dhwd in the hwloc dhwd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hwloc_domtrans_dhwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hwloc_domtrans_dhwd'($*)) dnl
+	
+	gen_require(`
+		type hwloc_dhwd_t, hwloc_dhwd_exec_t;
+	')
+
+	domtrans_pattern($1, hwloc_dhwd_exec_t, hwloc_dhwd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hwloc_domtrans_dhwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute hwloc dhwd in the hwloc dhwd domain, and
+##	allow the specified role the hwloc dhwd domain,
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`hwloc_run_dhwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hwloc_run_dhwd'($*)) dnl
+	
+	gen_require(`
+		attribute_role hwloc_dhwd_roles;
+	')
+
+	hwloc_domtrans_dhwd($1)
+	roleattribute $2 hwloc_dhwd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hwloc_run_dhwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute hwloc dhwd in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hwloc_exec_dhwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hwloc_exec_dhwd'($*)) dnl
+	
+	gen_require(`
+		type hwloc_dhwd_exec_t;
+	')
+
+	can_exec($1, hwloc_dhwd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hwloc_exec_dhwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read hwloc runtime files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hwloc_read_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hwloc_read_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type hwloc_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, hwloc_runtime_t, hwloc_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hwloc_read_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an hwloc environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`hwloc_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hwloc_admin'($*)) dnl
+	
+	gen_require(`
+		type hwloc_dhwd_t, hwloc_runtime_t;
+	')
+
+	allow $1 hwloc_dhwd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, hwloc_dhwd_t)
+
+	admin_pattern($1, hwloc_runtime_t)
+	files_pid_filetrans($1, hwloc_runtime_t, dir, "hwloc")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hwloc_admin'($*)) dnl
+	')
+
+## <summary>System backup scripts.</summary>
+
+########################################
+## <summary>
+##	Execute backup in the backup domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`backup_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `backup_domtrans'($*)) dnl
+	
+	gen_require(`
+		type backup_t, backup_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, backup_exec_t, backup_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `backup_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute backup in the backup
+##	domain, and allow the specified
+##	role the backup domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`backup_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `backup_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role backup_roles;
+	')
+
+	backup_domtrans($1)
+	roleattribute $2 backup_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `backup_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, and write backup
+##	store files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`backup_manage_store_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `backup_manage_store_files'($*)) dnl
+	
+	gen_require(`
+		type backup_store_t;
+	')
+
+	files_search_var($1)
+	manage_files_pattern($1, backup_store_t, backup_store_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `backup_manage_store_files'($*)) dnl
+	')
+
+## <summary>System log analyzer and reporter.</summary>
+
+########################################
+## <summary>
+##	Read logwatch temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logwatch_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logwatch_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type logwatch_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 logwatch_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logwatch_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search logwatch cache directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logwatch_search_cache_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logwatch_search_cache_dir'($*)) dnl
+	
+	gen_require(`
+		type logwatch_cache_t;
+	')
+
+	files_search_var($1)
+	allow $1 logwatch_cache_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logwatch_search_cache_dir'($*)) dnl
+	')
+
+## <summary>File integrity checker.</summary>
+
+########################################
+## <summary>
+##	Execute tripwire in the tripwire domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tripwire_domtrans_tripwire',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tripwire_domtrans_tripwire'($*)) dnl
+	
+	gen_require(`
+		type tripwire_t, tripwire_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, tripwire_exec_t, tripwire_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tripwire_domtrans_tripwire'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute tripwire in the tripwire
+##	domain, and allow the specified
+##	role the tripwire domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tripwire_run_tripwire',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tripwire_run_tripwire'($*)) dnl
+	
+	gen_require(`
+		attribute_role tripwire_roles;
+	')
+
+	tripwire_domtrans_tripwire($1)
+	roleattribute $2 tripwire_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tripwire_run_tripwire'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute twadmin in the twadmin domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tripwire_domtrans_twadmin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tripwire_domtrans_twadmin'($*)) dnl
+	
+	gen_require(`
+		type twadmin_t, twadmin_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, twadmin_exec_t, twadmin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tripwire_domtrans_twadmin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute twadmin in the twadmin
+##	domain, and allow the specified
+##	role the twadmin domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tripwire_run_twadmin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tripwire_run_twadmin'($*)) dnl
+	
+	gen_require(`
+		attribute_role twadmin_roles;
+	')
+
+	tripwire_domtrans_twadmin($1)
+	roleattribute $2 twadmin_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tripwire_run_twadmin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute twprint in the twprint domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tripwire_domtrans_twprint',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tripwire_domtrans_twprint'($*)) dnl
+	
+	gen_require(`
+		type twprint_t, twprint_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, twprint_exec_t, twprint_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tripwire_domtrans_twprint'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute twprint in the twprint
+##	domain, and allow the specified
+##	role the twprint domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tripwire_run_twprint',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tripwire_run_twprint'($*)) dnl
+	
+	gen_require(`
+		attribute_role twprint_roles;
+	')
+
+	tripwire_domtrans_twprint($1)
+	roleattribute $2 twprint_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tripwire_run_twprint'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute siggen in the siggen domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tripwire_domtrans_siggen',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tripwire_domtrans_siggen'($*)) dnl
+	
+	gen_require(`
+		type siggen_t, siggen_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, siggen_exec_t, siggen_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tripwire_domtrans_siggen'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute siggen in the siggen domain,
+##	and allow the specified role
+##	the siggen domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tripwire_run_siggen',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tripwire_run_siggen'($*)) dnl
+	
+	gen_require(`
+		attribute_role siggen_roles;
+	')
+
+	tripwire_domtrans_siggen($1)
+	roleattribute $2 siggen_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tripwire_run_siggen'($*)) dnl
+	')
+
+## <summary>Berkeley process accounting.</summary>
+
+########################################
+## <summary>
+##	Transition to the accounting
+##	management domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`acct_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acct_domtrans'($*)) dnl
+	
+	gen_require(`
+		type acct_t, acct_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, acct_exec_t, acct_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acct_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute accounting management tools
+##	in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`acct_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acct_exec'($*)) dnl
+	
+	gen_require(`
+		type acct_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, acct_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acct_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute accounting management data
+##	in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`acct_exec_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acct_exec_data'($*)) dnl
+	
+	gen_require(`
+		type acct_data_t;
+	')
+
+	files_search_var($1)
+	can_exec($1, acct_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acct_exec_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	process accounting data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`acct_manage_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acct_manage_data'($*)) dnl
+	
+	gen_require(`
+		type acct_data_t;
+	')
+
+	files_search_var($1)
+	manage_files_pattern($1, acct_data_t, acct_data_t)
+	manage_lnk_files_pattern($1, acct_data_t, acct_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acct_manage_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an acct environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`acct_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acct_admin'($*)) dnl
+	
+	gen_require(`
+		type acct_t, acct_initrc_exec_t, acct_data_t;
+	')
+
+	allow $1 acct_t:process { ptrace signal_perms };
+	ps_process_pattern($1, acct_t)
+
+	init_startstop_service($1, $2, acct_t, acct_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, acct_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acct_admin'($*)) dnl
+	')
+
+## <summary>Cross platform network backup.</summary>
+
+########################################
+## <summary>
+##	Execute bacula admin bacula
+##	admin domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`bacula_domtrans_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bacula_domtrans_admin'($*)) dnl
+	
+	gen_require(`
+		type bacula_admin_t, bacula_admin_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, bacula_admin_exec_t, bacula_admin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bacula_domtrans_admin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute user interfaces in the
+##	bacula admin domain, and allow the
+##	specified role the bacula admin domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bacula_run_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bacula_run_admin'($*)) dnl
+	
+	gen_require(`
+		attribute_role bacula_admin_roles;
+	')
+
+	bacula_domtrans_admin($1)
+	roleattribute $2 bacula_admin_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bacula_run_admin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an bacula environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bacula_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bacula_admin'($*)) dnl
+	
+	gen_require(`
+		type bacula_t, bacula_etc_t, bacula_log_t;
+		type bacula_spool_t, bacula_var_lib_t;
+		type bacula_runtime_t, bacula_initrc_exec_t;
+	')
+
+	allow $1 bacula_t:process { ptrace signal_perms };
+	ps_process_pattern($1, bacula_t)
+
+	init_startstop_service($1, $2, bacula_t, bacula_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, bacula_etc_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, bacula_log_t)
+
+	files_search_var($1)
+	admin_pattern($1, bacula_spool_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, bacula_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, bacula_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bacula_admin'($*)) dnl
+	')
+
+## <summary>Initial system configuration utility.</summary>
+
+########################################
+## <summary>
+##	Execute firstboot in the firstboot domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`firstboot_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firstboot_domtrans'($*)) dnl
+	
+	gen_require(`
+		type firstboot_t, firstboot_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, firstboot_exec_t, firstboot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firstboot_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute firstboot in the firstboot
+##	domain, and allow the specified role
+##	the firstboot domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`firstboot_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firstboot_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role firstboot_roles;
+	')
+
+	firstboot_domtrans($1)
+	roleattribute $2 firstboot_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firstboot_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use firstboot file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`firstboot_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firstboot_use_fds'($*)) dnl
+	
+	gen_require(`
+		type firstboot_t;
+	')
+
+	allow $1 firstboot_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firstboot_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit
+##	firstboot file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`firstboot_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firstboot_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type firstboot_t;
+	')
+
+	dontaudit $1 firstboot_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firstboot_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write firstboot unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`firstboot_write_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firstboot_write_pipes'($*)) dnl
+	
+	gen_require(`
+		type firstboot_t;
+	')
+
+	allow $1 firstboot_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firstboot_write_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and Write firstboot unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`firstboot_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firstboot_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type firstboot_t;
+	')
+
+	allow $1 firstboot_t:fifo_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firstboot_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Do not audit attemps to read and
+##	write firstboot unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`firstboot_dontaudit_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firstboot_dontaudit_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type firstboot_t;
+	')
+
+	dontaudit $1 firstboot_t:fifo_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firstboot_dontaudit_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Do not audit attemps to read and
+##	write firstboot unix domain
+##	stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`firstboot_dontaudit_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firstboot_dontaudit_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type firstboot_t;
+	')
+
+	dontaudit $1 firstboot_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firstboot_dontaudit_rw_stream_sockets'($*)) dnl
+	')
+
+## <summary>Cross-platform network configuration library.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run ncftool.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`ncftool_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ncftool_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ncftool_t, ncftool_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ncftool_exec_t, ncftool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ncftool_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ncftool in the ncftool
+##	domain, and allow the specified
+##	role the ncftool domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ncftool_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ncftool_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role ncftool_roles;
+	')
+
+	ncftool_domtrans($1)
+	roleattribute $2 ncftool_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ncftool_run'($*)) dnl
+	')
+
+## <summary>System administration tool for networks.</summary>
+
+#######################################
+## <summary>
+##	The template to define a cfengine domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`cfengine_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cfengine_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute cfengine_domain;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type cfengine_$1_t, cfengine_domain;
+	type cfengine_$1_exec_t;
+	init_daemon_domain(cfengine_$1_t, cfengine_$1_exec_t)
+
+	########################################
+	#
+	# Policy
+	#
+
+	auth_use_nsswitch(cfengine_$1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cfengine_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cfengine lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cfengine_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cfengine_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type cfengine_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, cfengine_var_lib_t, cfengine_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cfengine_read_lib_files'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Do not audit attempts to write
+##	cfengine log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`cfengine_dontaudit_write_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cfengine_dontaudit_write_log_files'($*)) dnl
+	
+	gen_require(`
+		type cfengine_log_t;
+	')
+
+	dontaudit $1 cfengine_log_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cfengine_dontaudit_write_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cfengine environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cfengine_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cfengine_admin'($*)) dnl
+	
+	gen_require(`
+		attribute cfengine_domain;
+		type cfengine_initrc_exec_t, cfengine_log_t, cfengine_var_lib_t;
+	')
+
+	allow $1 cfengine_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, cfengine_domain)
+
+	init_startstop_service($1, $2, cfengine_domain, cfengine_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, { cfengine_log_t cfengine_var_lib_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cfengine_admin'($*)) dnl
+	')
+
+## <summary>SUID/SGID program monitoring.</summary>
+
+########################################
+## <summary>
+##	Read sxid log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sxid_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sxid_read_log'($*)) dnl
+	
+	gen_require(`
+		type sxid_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 sxid_log_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sxid_read_log'($*)) dnl
+	')
+
+## <summary>List kernel modules of USB devices.</summary>
+
+########################################
+## <summary>
+##	Execute usbmodules in the usbmodules domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`usbmodules_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usbmodules_domtrans'($*)) dnl
+	
+	gen_require(`
+		type usbmodules_t, usbmodules_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, usbmodules_exec_t, usbmodules_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usbmodules_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute usbmodules in the usbmodules
+##	domain, and allow the specified
+##	role the usbmodules domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`usbmodules_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usbmodules_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role usbmodules_roles;
+	')
+
+	usbmodules_domtrans($1)
+	roleattribute $2 usbmodules_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usbmodules_run'($*)) dnl
+	')
+
+## <summary>Rotates, compresses, removes and mails system log files.</summary>
+
+########################################
+## <summary>
+##	Execute logrotate in the logrotate domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`logrotate_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logrotate_domtrans'($*)) dnl
+	
+	gen_require(`
+		type logrotate_t, logrotate_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, logrotate_exec_t, logrotate_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logrotate_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute logrotate in the logrotate
+##	domain, and allow the specified
+##	role the logrotate domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logrotate_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logrotate_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role logrotate_roles;
+	')
+
+	logrotate_domtrans($1)
+	roleattribute $2 logrotate_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logrotate_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute logrotate in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logrotate_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logrotate_exec'($*)) dnl
+	
+	gen_require(`
+		type logrotate_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, logrotate_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logrotate_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use logrotate file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logrotate_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logrotate_use_fds'($*)) dnl
+	
+	gen_require(`
+		type logrotate_t;
+	')
+
+	allow $1 logrotate_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logrotate_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit
+##	logrotate file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`logrotate_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logrotate_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type logrotate_t;
+	')
+
+	dontaudit $1 logrotate_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logrotate_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read logrotate temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logrotate_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logrotate_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type logrotate_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 logrotate_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logrotate_read_tmp_files'($*)) dnl
+	')
+
+## <summary>Run shells with substitute user and group.</summary>
+
+#######################################
+## <summary>
+##	Restricted su domain template.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domain which is allowed
+##	to change the linux user id, to run shells as a different
+##	user.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`su_restricted_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `su_restricted_domain_template'($*)) dnl
+	
+	gen_require(`
+		type su_exec_t;
+	')
+
+	type $1_su_t;
+	domain_entry_file($1_su_t, su_exec_t)
+	domain_type($1_su_t)
+	domain_interactive_fd($1_su_t)
+	role $3 types $1_su_t;
+
+	allow $2 $1_su_t:process signal;
+
+	allow $1_su_t self:capability { audit_control audit_write chown dac_override fowner net_bind_service setgid setuid sys_nice sys_resource };
+	dontaudit $1_su_t self:capability sys_tty_config;
+	allow $1_su_t self:key { search write };
+	allow $1_su_t self:process { setexec setsched setrlimit };
+	allow $1_su_t self:fifo_file rw_fifo_file_perms;
+	allow $1_su_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
+	allow $1_su_t self:unix_stream_socket create_stream_socket_perms;
+
+	# Transition from the user domain to this domain.
+	domtrans_pattern($2, su_exec_t, $1_su_t)
+
+	# By default, revert to the calling domain when a shell is executed.
+	corecmd_shell_domtrans($1_su_t,$2)
+	allow $2 $1_su_t:fd use;
+	allow $2 $1_su_t:fifo_file rw_file_perms;
+	allow $2 $1_su_t:process sigchld;
+
+	kernel_read_system_state($1_su_t)
+	kernel_read_kernel_sysctls($1_su_t)
+	kernel_search_key($1_su_t)
+	kernel_link_key($1_su_t)
+
+	# for SSP
+	dev_read_urand($1_su_t)
+
+	files_read_etc_files($1_su_t)
+	files_read_etc_runtime_files($1_su_t)
+	files_search_var_lib($1_su_t)
+	files_dontaudit_getattr_tmp_dirs($1_su_t)
+
+	# for the rootok check
+	selinux_compute_access_vector($1_su_t)
+
+	auth_domtrans_chk_passwd($1_su_t)
+	auth_dontaudit_read_shadow($1_su_t)
+	auth_use_nsswitch($1_su_t)
+	auth_rw_faillog($1_su_t)
+
+	domain_use_interactive_fds($1_su_t)
+
+	init_dontaudit_use_fds($1_su_t)
+	init_dontaudit_use_script_ptys($1_su_t)
+	# Write to utmp.
+	init_rw_utmp($1_su_t)
+	init_search_script_keys($1_su_t)
+
+	logging_send_syslog_msg($1_su_t)
+
+	miscfiles_read_localization($1_su_t)
+
+	ifdef(`distro_redhat',`
+		# RHEL5 and possibly newer releases incl. Fedora
+		auth_domtrans_upd_passwd($1_su_t)
+
+		optional_policy(`
+			locallogin_search_keys($1_su_t)
+		')
+	')
+
+	optional_policy(`
+		cron_read_pipes($1_su_t)
+	')
+
+	optional_policy(`
+		kerberos_use($1_su_t)
+	')
+
+	optional_policy(`
+		# used when the password has expired
+		usermanage_read_crack_db($1_su_t)
+	')
+
+	ifdef(`distro_gentoo',`
+		# Fix bug 554080 - Allow su to query SELinux subsystem (netlink_selinux_socket)
+		allow $1_su_t self:netlink_selinux_socket { create bind read };
+		selinux_get_fs_mount($1_su_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `su_restricted_domain_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The role template for the su module.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`su_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `su_role_template'($*)) dnl
+	
+	gen_require(`
+		type su_exec_t;
+	')
+
+	type $1_su_t;
+	userdom_user_application_domain($1_su_t, su_exec_t)
+	domain_interactive_fd($1_su_t)
+	role $2 types $1_su_t;
+
+	allow $3 $1_su_t:process signal;
+
+	allow $1_su_t self:capability { audit_control audit_write chown dac_override fowner net_bind_service setgid setuid sys_nice sys_resource };
+	dontaudit $1_su_t self:capability { net_admin sys_tty_config };
+	allow $1_su_t self:process { setexec setsched setrlimit };
+	allow $1_su_t self:fifo_file rw_fifo_file_perms;
+	allow $1_su_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
+	allow $1_su_t self:key { search write };
+
+	allow $1_su_t $3:key search;
+
+	# Transition from the user domain to this domain.
+	domtrans_pattern($3, su_exec_t, $1_su_t)
+
+	ps_process_pattern($3, $1_su_t)
+
+	# By default, revert to the calling domain when a shell is executed.
+	corecmd_shell_domtrans($1_su_t, $3)
+	allow $3 $1_su_t:fd use;
+	allow $3 $1_su_t:fifo_file rw_file_perms;
+	allow $3 $1_su_t:process sigchld;
+
+	kernel_read_system_state($1_su_t)
+	kernel_read_kernel_sysctls($1_su_t)
+	kernel_search_key($1_su_t)
+	kernel_link_key($1_su_t)
+
+	# for SSP
+	dev_read_urand($1_su_t)
+
+	fs_search_auto_mountpoints($1_su_t)
+
+	# needed for pam_rootok
+	selinux_compute_access_vector($1_su_t)
+
+	auth_domtrans_chk_passwd($1_su_t)
+	auth_dontaudit_read_shadow($1_su_t)
+	auth_use_nsswitch($1_su_t)
+	auth_rw_faillog($1_su_t)
+
+	corecmd_search_bin($1_su_t)
+
+	domain_use_interactive_fds($1_su_t)
+
+	files_read_etc_files($1_su_t)
+	files_read_etc_runtime_files($1_su_t)
+	files_search_var_lib($1_su_t)
+	files_dontaudit_getattr_tmp_dirs($1_su_t)
+
+	init_dontaudit_use_fds($1_su_t)
+	init_dontaudit_read_state($1_su_t)
+	# Write to utmp.
+	init_rw_utmp($1_su_t)
+
+	mls_file_write_all_levels($1_su_t)
+
+	logging_send_syslog_msg($1_su_t)
+
+	miscfiles_read_localization($1_su_t)
+
+	# pam_unix is linked against libselinux
+	seutil_libselinux_linked($1_su_t)
+
+	userdom_use_user_terminals($1_su_t)
+	userdom_search_user_home_dirs($1_su_t)
+
+	ifdef(`distro_redhat',`
+		# RHEL5 and possibly newer releases incl. Fedora
+		auth_domtrans_upd_passwd($1_su_t)
+
+		optional_policy(`
+			locallogin_search_keys($1_su_t)
+		')
+	')
+
+	optional_policy(`
+		auth_use_pam_systemd($1_su_t)
+	')
+
+	tunable_policy(`allow_polyinstantiation',`
+		fs_mount_xattr_fs($1_su_t)
+		fs_unmount_xattr_fs($1_su_t)
+	')
+
+	tunable_policy(`use_nfs_home_dirs',`
+		fs_search_nfs($1_su_t)
+	')
+
+	tunable_policy(`use_samba_home_dirs',`
+		fs_search_cifs($1_su_t)
+	')
+
+	optional_policy(`
+		cron_read_pipes($1_su_t)
+	')
+
+	optional_policy(`
+		kerberos_use($1_su_t)
+	')
+
+	optional_policy(`
+		# used when the password has expired
+		usermanage_read_crack_db($1_su_t)
+	')
+
+	# Modify .Xauthority file (via xauth program).
+	optional_policy(`
+		xserver_user_home_dir_filetrans_user_xauth($1_su_t)
+		xserver_domtrans_xauth($1_su_t)
+	')
+
+	ifdef(`distro_gentoo',`
+		selinux_get_fs_mount($1_su_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `su_role_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute su in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`su_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `su_exec'($*)) dnl
+	
+	gen_require(`
+		type su_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, su_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `su_exec'($*)) dnl
+	')
+
+## <summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run
+##	Amanda recover.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`amanda_domtrans_recover',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amanda_domtrans_recover'($*)) dnl
+	
+	gen_require(`
+		type amanda_recover_t, amanda_recover_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, amanda_recover_exec_t, amanda_recover_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amanda_domtrans_recover'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run
+##	Amanda recover, and allow the specified
+##	role the Amanda recover domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`amanda_run_recover',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amanda_run_recover'($*)) dnl
+	
+	gen_require(`
+		attribute_role amanda_recover_roles;
+	')
+
+	amanda_domtrans_recover($1)
+	roleattribute $2 amanda_recover_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amanda_run_recover'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search Amanda library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amanda_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amanda_search_lib'($*)) dnl
+	
+	gen_require(`
+		type amanda_usr_lib_t;
+	')
+
+	files_search_usr($1)
+	allow $1 amanda_usr_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amanda_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read /etc/dumpdates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`amanda_dontaudit_read_dumpdates',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amanda_dontaudit_read_dumpdates'($*)) dnl
+	
+	gen_require(`
+		type amanda_dumpdates_t;
+	')
+
+	dontaudit $1 amanda_dumpdates_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amanda_dontaudit_read_dumpdates'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write /etc/dumpdates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amanda_rw_dumpdates_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amanda_rw_dumpdates_files'($*)) dnl
+	
+	gen_require(`
+		type amanda_dumpdates_t;
+	')
+
+	files_search_etc($1)
+	allow $1 amanda_dumpdates_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amanda_rw_dumpdates_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage Amanda library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amanda_manage_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amanda_manage_lib'($*)) dnl
+	
+	gen_require(`
+		type amanda_usr_lib_t;
+	')
+
+	files_search_usr($1)
+	allow $1 amanda_usr_lib_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amanda_manage_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and append amanda log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amanda_append_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amanda_append_log_files'($*)) dnl
+	
+	gen_require(`
+		type amanda_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 amanda_log_t:file { read_file_perms append_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amanda_append_log_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Search Amanda var library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amanda_search_var_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amanda_search_var_lib'($*)) dnl
+	
+	gen_require(`
+		type amanda_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 amanda_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amanda_search_var_lib'($*)) dnl
+	')
+
+## <summary>Prelink ELF shared library mappings.</summary>
+
+########################################
+## <summary>
+##	Execute prelink in the prelink domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelink_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_domtrans'($*)) dnl
+	
+	gen_require(`
+		type prelink_t, prelink_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, prelink_exec_t, prelink_t)
+
+	ifdef(`hide_broken_symptoms',`
+		dontaudit prelink_t $1:socket_class_set { read write };
+		dontaudit prelink_t $1:fifo_file setattr_fifo_file_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute prelink in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelink_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_exec'($*)) dnl
+	
+	gen_require(`
+		type prelink_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, prelink_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute prelink in the prelink
+##	domain, and allow the specified role
+##	the prelink domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`prelink_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role prelink_roles;
+	')
+
+	prelink_domtrans($1)
+	roleattribute $2 prelink_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified file type prelinkable.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	File type to be prelinked.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelink_object_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_object_file'($*)) dnl
+	
+	gen_require(`
+		attribute prelink_object;
+	')
+
+	typeattribute $1 prelink_object;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_object_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read prelink cache files.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelink_read_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_read_cache'($*)) dnl
+	
+	gen_require(`
+		type prelink_cache_t;
+	')
+
+	files_search_etc($1)
+	allow $1 prelink_cache_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_read_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete prelink cache files.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelink_delete_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_delete_cache'($*)) dnl
+	
+	gen_require(`
+		type prelink_cache_t;
+	')
+
+	files_rw_etc_dirs($1)
+	allow $1 prelink_cache_t:file delete_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_delete_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	prelink log files.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelink_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_manage_log'($*)) dnl
+	
+	gen_require(`
+		type prelink_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, prelink_log_t, prelink_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	prelink var_lib files.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelink_manage_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_manage_lib'($*)) dnl
+	
+	gen_require(`
+		type prelink_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_manage_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from prelink lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelink_relabelfrom_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_relabelfrom_lib'($*)) dnl
+	
+	gen_require(`
+		type prelink_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	relabelfrom_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_relabelfrom_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel prelink lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelink_relabel_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelink_relabel_lib'($*)) dnl
+	
+	gen_require(`
+		type prelink_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	relabel_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelink_relabel_lib'($*)) dnl
+	')
+
+## <summary>ddcprobe retrieves monitor and graphics card information.</summary>
+
+########################################
+## <summary>
+##	Execute ddcprobe in the ddcprobe domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ddcprobe_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ddcprobe_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ddcprobe_t, ddcprobe_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ddcprobe_exec_t, ddcprobe_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ddcprobe_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ddcprobe in the ddcprobe
+##	domain, and allow the specified
+##	role the ddcprobe domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ddcprobe_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ddcprobe_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role ddcprobe_roles;
+	')
+
+	ddcprobe_domtrans($1)
+	roleattribute $2 ddcprobe_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ddcprobe_run'($*)) dnl
+	')
+
+## <summary>System-config-kdump GUI.</summary>
+## <summary>Tool to manage Bluetooth devices.</summary>
+
+########################################
+## <summary>
+##	Execute blueman in the blueman domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`blueman_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `blueman_domtrans'($*)) dnl
+	
+	gen_require(`
+		type blueman_t, blueman_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, blueman_exec_t, blueman_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `blueman_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	blueman over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`blueman_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `blueman_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type blueman_t;
+		class dbus send_msg;
+	')
+
+	allow $1 blueman_t:dbus send_msg;
+	allow blueman_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `blueman_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search blueman lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`blueman_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `blueman_search_lib'($*)) dnl
+	
+	gen_require(`
+		type blueman_var_lib_t;
+	')
+
+	allow $1 blueman_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `blueman_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read blueman lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`blueman_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `blueman_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type blueman_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, blueman_var_lib_t, blueman_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `blueman_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	blueman lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`blueman_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `blueman_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type blueman_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, blueman_var_lib_t, blueman_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `blueman_manage_lib_files'($*)) dnl
+	')
+
+## <summary>File system quota management.</summary>
+
+########################################
+## <summary>
+##	Execute quota management tools in the quota domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`quota_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `quota_domtrans'($*)) dnl
+	
+	gen_require(`
+		type quota_t, quota_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, quota_exec_t, quota_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `quota_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute quota management tools in
+##	the quota domain, and allow the
+##	specified role the quota domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`quota_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `quota_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role quota_roles;
+	')
+
+	quota_domtrans($1)
+	roleattribute $2 quota_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `quota_run'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute quota nld in the quota nld domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##  Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`quota_domtrans_nld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `quota_domtrans_nld'($*)) dnl
+	
+	gen_require(`
+		type quota_nld_t, quota_nld_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, quota_nld_exec_t, quota_nld_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `quota_domtrans_nld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	quota db files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`quota_manage_db_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `quota_manage_db_files'($*)) dnl
+	
+	gen_require(`
+		type quota_db_t;
+	')
+
+	allow $1 quota_db_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `quota_manage_db_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in specified
+##	directories with a type transition to
+##	the quota db file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	Directory to transition on.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`quota_spec_filetrans_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `quota_spec_filetrans_db'($*)) dnl
+	
+	gen_require(`
+		type quota_db_t;
+	')
+
+	filetrans_pattern($1, $2, quota_db_t, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `quota_spec_filetrans_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get attributes
+##	of filesystem quota data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`quota_dontaudit_getattr_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `quota_dontaudit_getattr_db'($*)) dnl
+	
+	gen_require(`
+		type quota_db_t;
+	')
+
+	dontaudit $1 quota_db_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `quota_dontaudit_getattr_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	quota flag files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`quota_manage_flags',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `quota_manage_flags'($*)) dnl
+	
+	gen_require(`
+		type quota_flag_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, quota_flag_t, quota_flag_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `quota_manage_flags'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an quota environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`quota_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `quota_admin'($*)) dnl
+	
+	gen_require(`
+		type quota_nld_t, quota_t, quota_db_t;
+		type quota_nld_initrc_exec_t, quota_flag_t, quota_nld_runtime_t;
+	')
+
+	allow $1 { quota_nld_t quota_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { quota_nld_t quota_t })
+
+	init_startstop_service($1, $2, quota_nld_t, quota_nld_initrc_exec_t)
+
+	files_list_all($1)
+	admin_pattern($1, { quota_db_t quota_flag_t quota_nld_runtime_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `quota_admin'($*)) dnl
+	')
+
+## <summary>Virtual Private Networking client.</summary>
+
+########################################
+## <summary>
+##	Execute vpn clients in the vpnc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`vpn_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vpn_domtrans'($*)) dnl
+	
+	gen_require(`
+		type vpnc_t, vpnc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, vpnc_exec_t, vpnc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vpn_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute vpn clients in the vpnc
+##	domain, and allow the specified
+##	role the vpnc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`vpn_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vpn_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role vpnc_roles;
+	')
+
+	vpn_domtrans($1)
+	roleattribute $2 vpnc_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vpn_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to vpnc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vpn_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vpn_kill'($*)) dnl
+	
+	gen_require(`
+		type vpnc_t;
+	')
+
+	allow $1 vpnc_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vpn_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to vpnc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vpn_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vpn_signal'($*)) dnl
+	
+	gen_require(`
+		type vpnc_t;
+	')
+
+	allow $1 vpnc_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vpn_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to vpnc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vpn_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vpn_signull'($*)) dnl
+	
+	gen_require(`
+		type vpnc_t;
+	')
+
+	allow $1 vpnc_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vpn_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	vpnc over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vpn_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vpn_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type vpnc_t;
+		class dbus send_msg;
+	')
+
+	allow $1 vpnc_t:dbus send_msg;
+	allow vpnc_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vpn_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabelfrom from vpnc socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vpn_relabelfrom_tun_socket',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vpn_relabelfrom_tun_socket'($*)) dnl
+	
+	gen_require(`
+		type vpnc_t;
+	')
+
+	allow $1 vpnc_t:tun_socket relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vpn_relabelfrom_tun_socket'($*)) dnl
+	')
+
+## <summary>Set up, mount/unmount, and delete an swap file.</summary>
+
+########################################
+## <summary>
+##	Dontaudit acces to the swap file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dphysswapfile_dontaudit_read_swap',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dphysswapfile_dontaudit_read_swap'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	gen_require(`
+		type dphysswapfile_swap_t;
+	')
+
+	dontaudit $1 dphysswapfile_swap_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dphysswapfile_dontaudit_read_swap'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dphys-swapfile environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dphysswapfile_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dphysswapfile_admin'($*)) dnl
+	
+	gen_require(`
+		type dphysswapfile_t, dphysswapfile_conf_t;
+		type dphysswapfile_initrc_exec_t, dphysswapfile_unit_t;
+	')
+
+	admin_process_pattern($1, dphysswapfile_t)
+
+	init_startstop_service($1, $2, dphysswapfile_t, dphysswapfile_initrc_exec_t, dphysswapfile_unit_t)
+
+	files_search_etc($1)
+	admin_pattern($1, dphysswapfile_conf_t)
+
+	# do not grant access to swap file for now
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dphysswapfile_admin'($*)) dnl
+	')
+
+## <summary>rkhunter - rootkit checker.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run rkhunter.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rkhunter_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rkhunter_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rkhunter_t, rkhunter_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rkhunter_exec_t, rkhunter_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rkhunter_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute rkhunter in the rkhunter domain,
+##	and allow the specified role
+##	the rkhunter domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rkhunter_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rkhunter_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role rkhunter_roles;
+	')
+
+	rkhunter_domtrans($1)
+	roleattribute $2 rkhunter_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rkhunter_run'($*)) dnl
+	')
+
+## <summary>chkrootkit - rootkit checker.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run chkrootkit.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`chkrootkit_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chkrootkit_domtrans'($*)) dnl
+	
+	gen_require(`
+		type chkrootkit_t, chkrootkit_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, chkrootkit_exec_t, chkrootkit_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chkrootkit_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute chkrootkit in the chkrootkit domain,
+##	and allow the specified role
+##	the chkrootkit domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chkrootkit_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chkrootkit_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role chkrootkit_roles;
+	')
+
+	chkrootkit_domtrans($1)
+	roleattribute $2 chkrootkit_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chkrootkit_run'($*)) dnl
+	')
+
+## <summary>Redhat package manager.</summary>
+
+########################################
+## <summary>
+##	Execute rpm in the rpm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rpm_t, rpm_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rpm_exec_t, rpm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute debuginfo install
+##	in the rpm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_debuginfo_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_debuginfo_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rpm_t, debuginfo_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, debuginfo_exec_t, rpm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_debuginfo_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute rpm scripts in the rpm script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_domtrans_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_domtrans_script'($*)) dnl
+	
+	gen_require(`
+		type rpm_script_t;
+	')
+
+	corecmd_shell_domtrans($1, rpm_script_t)
+
+	allow rpm_script_t $1:fd use;
+	allow rpm_script_t $1:fifo_file rw_fifo_file_perms;
+	allow rpm_script_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_domtrans_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute rpm in the rpm domain,
+##	and allow the specified roles the
+##	rpm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rpm_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role rpm_roles;
+	')
+
+	rpm_domtrans($1)
+	roleattribute $2 rpm_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the rpm in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_exec'($*)) dnl
+	
+	gen_require(`
+		type rpm_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, rpm_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to rpm.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_signull'($*)) dnl
+	
+	gen_require(`
+		type rpm_t;
+	')
+
+	allow $1 rpm_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use file descriptors from rpm.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_use_fds'($*)) dnl
+	
+	gen_require(`
+		type rpm_t;
+	')
+
+	allow $1 rpm_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rpm unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_read_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_read_pipes'($*)) dnl
+	
+	gen_require(`
+		type rpm_t;
+	')
+
+	allow $1 rpm_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_read_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write rpm unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type rpm_t;
+	')
+
+	allow $1 rpm_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	rpm over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type rpm_t;
+		class dbus send_msg;
+	')
+
+	allow $1 rpm_t:dbus send_msg;
+	allow rpm_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and
+##	receive messages from rpm over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_dontaudit_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_dontaudit_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type rpm_t;
+		class dbus send_msg;
+	')
+
+	dontaudit $1 rpm_t:dbus send_msg;
+	dontaudit rpm_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_dontaudit_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	rpm script over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_script_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_script_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type rpm_script_t;
+		class dbus send_msg;
+	')
+
+	allow $1 rpm_script_t:dbus send_msg;
+	allow rpm_script_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_script_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search rpm log directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_search_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_search_log'($*)) dnl
+	
+	gen_require(`
+		type rpm_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 rpm_log_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_search_log'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Append rpm log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_append_log'($*)) dnl
+	
+	gen_require(`
+		type rpm_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, rpm_log_t, rpm_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rpm log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_manage_log'($*)) dnl
+	
+	gen_require(`
+		type rpm_log_t;
+	')
+
+	logging_rw_generic_log_dirs($1)
+	allow $1 rpm_log_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use rpm script file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_use_script_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_use_script_fds'($*)) dnl
+	
+	gen_require(`
+		type rpm_script_t;
+	')
+
+	allow $1 rpm_script_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_use_script_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rpm script temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_manage_script_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_manage_script_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type rpm_script_tmp_t;
+	')
+
+	files_search_tmp($1)
+	manage_files_pattern($1, rpm_script_tmp_t, rpm_script_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_manage_script_tmp_files'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Append rpm temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_append_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_append_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type rpm_tmp_t;
+	')
+
+	files_search_tmp($1)
+	append_files_pattern($1, rpm_tmp_t, rpm_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_append_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rpm temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_manage_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_manage_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type rpm_tmp_t;
+	')
+
+	files_search_tmp($1)
+	manage_files_pattern($1, rpm_tmp_t, rpm_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_manage_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rpm script temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_read_script_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_read_script_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type rpm_script_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, rpm_script_tmp_t, rpm_script_tmp_t)
+	read_lnk_files_pattern($1, rpm_script_tmp_t, rpm_script_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_read_script_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rpm cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_read_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_read_cache'($*)) dnl
+	
+	gen_require(`
+		type rpm_var_cache_t;
+	')
+
+	files_search_var($1)
+	allow $1 rpm_var_cache_t:dir list_dir_perms;
+	read_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
+	read_lnk_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_read_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rpm cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_manage_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_manage_cache'($*)) dnl
+	
+	gen_require(`
+		type rpm_var_cache_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
+	manage_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
+	manage_lnk_files_pattern($1, rpm_var_cache_t, rpm_var_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_manage_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rpm lib content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_read_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_read_db'($*)) dnl
+	
+	gen_require(`
+		type rpm_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 rpm_var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
+	read_lnk_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
+	allow $1 rpm_var_lib_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_read_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete rpm lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_delete_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_delete_db'($*)) dnl
+	
+	gen_require(`
+		type rpm_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	delete_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_delete_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rpm lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_manage_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_manage_db'($*)) dnl
+	
+	gen_require(`
+		type rpm_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
+	manage_lnk_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
+	allow $1 rpm_var_lib_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_manage_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read,
+##	write, and delete rpm lib content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_dontaudit_manage_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_dontaudit_manage_db'($*)) dnl
+	
+	gen_require(`
+		type rpm_var_lib_t;
+	')
+
+	dontaudit $1 rpm_var_lib_t:dir rw_dir_perms;
+	dontaudit $1 rpm_var_lib_t:file manage_file_perms;
+	dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
+	dontaudit $1 rpm_var_lib_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_dontaudit_manage_db'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read rpm pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type rpm_runtime_t;
+	')
+
+	read_files_pattern($1, rpm_runtime_t, rpm_runtime_t)
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_read_pid_files'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Create, read, write, and delete
+##	rpm pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type rpm_runtime_t;
+	')
+
+	manage_files_pattern($1, rpm_runtime_t, rpm_runtime_t)
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in pid directories
+##	with the rpm pid file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpm_pid_filetrans_rpm_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_pid_filetrans_rpm_pid'($*)) dnl
+	
+	gen_require(`
+		type rpm_runtime_t;
+	')
+
+	files_pid_filetrans($1, rpm_runtime_t, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_pid_filetrans_rpm_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rpm environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rpm_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpm_admin'($*)) dnl
+	
+	gen_require(`
+		type rpm_t, rpm_script_t, rpm_initrc_exec_t;
+		type rpm_var_cache_t, rpm_var_lib_t, rpm_lock_t;
+		type rpm_log_t, rpm_tmpfs_t, rpm_tmp_t, rpm_runtime_t;
+		type rpm_script_tmp_t, rpm_script_tmpfs_t, rpm_file_t;
+	')
+
+	allow $1 { rpm_t rpm_script_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { rpm_t rpm_script_t })
+
+	init_startstop_service($1, $2, rpm_t, rpm_initrc_exec_t)
+
+	admin_pattern($1, rpm_file_t)
+
+	files_list_var($1)
+	admin_pattern($1, rpm_var_cache_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, { rpm_tmp_t rpm_script_tmp_t })
+
+	files_list_var_lib($1)
+	admin_pattern($1, rpm_var_lib_t)
+
+	files_search_locks($1)
+	admin_pattern($1, rpm_lock_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, rpm_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, rpm_runtime_t)
+
+	fs_search_tmpfs($1)
+	admin_pattern($1, { rpm_tmpfs_t rpm_script_tmpfs_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpm_admin'($*)) dnl
+	')
+
+## <summary>Hardware detection and configuration tools.</summary>
+
+########################################
+## <summary>
+##	Execute kudzu in the kudzu domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`kudzu_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kudzu_domtrans'($*)) dnl
+	
+	gen_require(`
+		type kudzu_t, kudzu_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, kudzu_exec_t, kudzu_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kudzu_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute kudzu in the kudzu domain, and
+##	allow the specified role the kudzu domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kudzu_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kudzu_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role kudzu_roles;
+	')
+
+	kudzu_domtrans($1)
+	roleattribute $2 kudzu_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kudzu_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of kudzu executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kudzu_getattr_exec_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kudzu_getattr_exec_files'($*)) dnl
+	
+	gen_require(`
+		type kudzu_exec_t;
+	')
+
+	allow $1 kudzu_exec_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kudzu_getattr_exec_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an kudzu environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kudzu_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kudzu_admin'($*)) dnl
+	
+	gen_require(`
+		type kudzu_t, kudzu_initrc_exec_t, kudzu_runtime_t;
+		type kudzu_tmp_t;
+	')
+
+	allow $1 kudzu_t:process { ptrace signal_perms };
+	ps_process_pattern($1, kudzu_t)
+
+	init_startstop_service($1, $2, kudzu_t, kudzu_initrc_exec_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, kudzu_tmp_t)
+
+	files_search_pids($1)
+	admin_pattern($1, kudzu_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kudzu_admin'($*)) dnl
+	')
+
+## <summary>configuration management suite.</summary>
+
+########################################
+## <summary>
+##	Execute bcfg2 in the bcfg2 domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`bcfg2_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bcfg2_domtrans'($*)) dnl
+	
+	gen_require(`
+		type bcfg2_t, bcfg2_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, bcfg2_exec_t, bcfg2_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bcfg2_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute bcfg2 server in the bcfg2 domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`bcfg2_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bcfg2_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type bcfg2_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, bcfg2_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bcfg2_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search bcfg2 lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bcfg2_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bcfg2_search_lib'($*)) dnl
+	
+	gen_require(`
+		type bcfg2_var_lib_t;
+	')
+
+	allow $1 bcfg2_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bcfg2_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read bcfg2 lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bcfg2_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bcfg2_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type bcfg2_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, bcfg2_var_lib_t, bcfg2_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bcfg2_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	bcfg2 lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bcfg2_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bcfg2_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type bcfg2_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, bcfg2_var_lib_t, bcfg2_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bcfg2_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	bcfg2 lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bcfg2_manage_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bcfg2_manage_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type bcfg2_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, bcfg2_var_lib_t, bcfg2_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bcfg2_manage_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an bcfg2 environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bcfg2_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bcfg2_admin'($*)) dnl
+	
+	gen_require(`
+		type bcfg2_t, bcfg2_initrc_exec_t, bcfg2_var_lib_t;
+		type bcfg2_runtime_t;
+	')
+
+	allow $1 bcfg2_t:process { ptrace signal_perms };
+	ps_process_pattern($1, bcfg2_t)
+
+	init_startstop_service($1, $2, bcfg2_t, bcfg2_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, bcfg2_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, bcfg2_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bcfg2_admin'($*)) dnl
+	')
+
+## <summary>Network traffic graphing.</summary>
+
+########################################
+## <summary>
+##	Read mrtg configuration
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mrtg_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mrtg_read_config'($*)) dnl
+	
+	gen_require(`
+		type mrtg_etc_t;
+	')
+
+	allow $1 mrtg_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mrtg_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create and append mrtg log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mrtg_append_create_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mrtg_append_create_logs'($*)) dnl
+	
+	gen_require(`
+		type mrtg_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, mrtg_log_t, mrtg_log_t)
+	create_files_pattern($1, mrtg_log_t, mrtg_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mrtg_append_create_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an mrtg environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mrtg_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mrtg_admin'($*)) dnl
+	
+	gen_require(`
+		type mrtg_t, mrtg_runtime_t, mrtg_initrc_exec_t;
+		type mrtg_var_lib_t, mrtg_lock_t, mrtg_log_t;
+		type mrtg_etc_t;
+	')
+
+	allow $1 mrtg_t:process { ptrace signal_perms };
+	ps_process_pattern($1, mrtg_t)
+
+	init_startstop_service($1, $2, mrtg_t, mrtg_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, mrtg_etc_t)
+
+	files_search_locks($1)
+	admin_pattern($1, mrtg_lock_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, mrtg_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, mrtg_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, mrtg_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mrtg_admin'($*)) dnl
+	')
+
+## <summary>Shoreline Firewall high-level tool for configuring netfilter.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run shorewall.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`shorewall_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shorewall_domtrans'($*)) dnl
+	
+	gen_require(`
+		type shorewall_t, shorewall_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, shorewall_exec_t, shorewall_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shorewall_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute a domain transition to run shorewall
+##	using executables from /var/lib.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`shorewall_lib_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shorewall_lib_domtrans'($*)) dnl
+	
+	gen_require(`
+		type shorewall_t, shorewall_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	domtrans_pattern($1, shorewall_var_lib_t, shorewall_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shorewall_lib_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read shorewall configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shorewall_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shorewall_read_config'($*)) dnl
+	
+	gen_require(`
+		type shorewall_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, shorewall_etc_t, shorewall_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shorewall_read_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read shorewall pid files.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shorewall_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shorewall_read_pid_files'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shorewall_read_pid_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write shorewall pid files.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shorewall_rw_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shorewall_rw_pid_files'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shorewall_rw_pid_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read shorewall lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shorewall_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shorewall_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type shorewall_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shorewall_read_lib_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write shorewall lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shorewall_rw_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shorewall_rw_lib_files'($*)) dnl
+	
+	gen_require(`
+		type shorewall_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	rw_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shorewall_rw_lib_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read shorewall temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shorewall_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shorewall_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type shorewall_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, shorewall_tmp_t, shorewall_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shorewall_read_tmp_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	All of the rules required to
+##	administrate an shorewall environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`shorewall_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shorewall_admin'($*)) dnl
+	
+	gen_require(`
+		type shorewall_t, shorewall_lock_t, shorewall_log_t;
+		type shorewall_exec_t, shorewall_initrc_exec_t, shorewall_var_lib_t;
+		type shorewall_tmp_t, shorewall_etc_t;
+	')
+
+	allow $1 shorewall_t:process { ptrace signal_perms };
+	ps_process_pattern($1, shorewall_t)
+
+	init_startstop_service($1, $2, shorewall_t, shorewall_initrc_exec_t)
+
+	can_exec($1, shorewall_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, shorewall_etc_t)
+
+	files_list_locks($1)
+	admin_pattern($1, shorewall_lock_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, shorewall_log_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, shorewall_var_lib_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, shorewall_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shorewall_admin'($*)) dnl
+	')
+
+## <summary>run real-mode video BIOS code to alter hardware state.</summary>
+
+########################################
+## <summary>
+##	Execute vbetool in the vbetool domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`vbetool_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vbetool_domtrans'($*)) dnl
+	
+	gen_require(`
+		type vbetool_t, vbetool_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, vbetool_exec_t, vbetool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vbetool_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute vbetool in the vbetool
+##	domain, and allow the specified
+##	role the vbetool domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vbetool_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vbetool_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role vbetool_roles;
+	')
+
+	vbetool_domtrans($1)
+	roleattribute $2 vbetool_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vbetool_run'($*)) dnl
+	')
+
+## <summary>Debian package manager.</summary>
+
+########################################
+## <summary>
+##	Execute dpkg programs in the dpkg domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dpkg_t, dpkg_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dpkg_exec_t, dpkg_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transition to dpkg_t when NNP has been set
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_nnp_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_nnp_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dpkg_t;
+	')
+
+	dpkg_domtrans($1)
+	allow $1 dpkg_t:process2 nnp_transition;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_nnp_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dpkg programs in the dpkg domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dpkg_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role dpkg_roles;
+	')
+
+	dpkg_domtrans($1)
+	roleattribute $2 dpkg_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the dkpg in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_exec'($*)) dnl
+	
+	gen_require(`
+		type dpkg_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, dpkg_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dpkg_script programs in
+##	the dpkg_script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_domtrans_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_domtrans_script'($*)) dnl
+	
+	gen_require(`
+		type dpkg_script_t;
+	')
+
+	corecmd_shell_domtrans($1, dpkg_script_t)
+	allow dpkg_script_t $1:fd use;
+	allow dpkg_script_t $1:fifo_file rw_file_perms;
+	allow dpkg_script_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_domtrans_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	access dpkg_script fifos
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_script_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_script_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type dpkg_script_t;
+	')
+
+	allow $1 dpkg_script_t:fd use;
+	allow $1 dpkg_script_t:fifo_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_script_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use file descriptors from dpkg.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_use_fds'($*)) dnl
+	
+	gen_require(`
+		type dpkg_t;
+	')
+
+	allow $1 dpkg_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read from unnamed dpkg pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_read_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_read_pipes'($*)) dnl
+	
+	gen_require(`
+		type dpkg_t;
+	')
+
+	allow $1 dpkg_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_read_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write unnamed dpkg pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type dpkg_t;
+	')
+
+	allow $1 dpkg_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use file descriptors
+##	from dpkg scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_use_script_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_use_script_fds'($*)) dnl
+	
+	gen_require(`
+		type dpkg_script_t;
+	')
+
+	allow $1 dpkg_script_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_use_script_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use file descriptors
+##	from dpkg scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_script_rw_inherited_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_script_rw_inherited_pipes'($*)) dnl
+	
+	gen_require(`
+		type dpkg_script_t;
+	')
+
+	allow $1 dpkg_script_t:fd use;
+	allow $1 dpkg_script_t:fifo_file rw_inherited_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_script_rw_inherited_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read dpkg package database content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_read_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_read_db'($*)) dnl
+	
+	gen_require(`
+		type dpkg_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 dpkg_var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
+	read_lnk_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_read_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	dpkg package database content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_manage_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_manage_db'($*)) dnl
+	
+	gen_require(`
+		type dpkg_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
+	manage_lnk_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_manage_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create,
+##	read, write, and delete dpkg
+##	package database content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_dontaudit_manage_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_dontaudit_manage_db'($*)) dnl
+	
+	gen_require(`
+		type dpkg_var_lib_t;
+	')
+
+	dontaudit $1 dpkg_var_lib_t:dir rw_dir_perms;
+	dontaudit $1 dpkg_var_lib_t:file manage_file_perms;
+	dontaudit $1 dpkg_var_lib_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_dontaudit_manage_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	dpkg lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_lock_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_lock_db'($*)) dnl
+	
+	gen_require(`
+		type dpkg_lock_t, dpkg_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 dpkg_var_lib_t:dir list_dir_perms;
+	allow $1 dpkg_lock_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_lock_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	manage dpkg_script_tmp_t files and dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_manage_script_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_manage_script_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type dpkg_script_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 dpkg_script_tmp_t:dir manage_dir_perms;
+	allow $1 dpkg_script_tmp_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_manage_script_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	map dpkg_script_tmp_t files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_map_script_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_map_script_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type dpkg_script_tmp_t;
+	')
+
+	allow $1 dpkg_script_tmp_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_map_script_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	read dpkg_script_tmp_t links
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dpkg_read_script_tmp_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dpkg_read_script_tmp_symlinks'($*)) dnl
+	
+	gen_require(`
+		type dpkg_script_tmp_t;
+	')
+
+	allow $1 dpkg_script_tmp_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dpkg_read_script_tmp_symlinks'($*)) dnl
+	')
+
+## <summary>Advanced package tool.</summary>
+
+########################################
+## <summary>
+##	Execute apt programs in the apt domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_domtrans'($*)) dnl
+	
+	gen_require(`
+		type apt_t, apt_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, apt_exec_t, apt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the apt in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_exec'($*)) dnl
+	
+	gen_require(`
+		type apt_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, apt_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute apt programs in the apt domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apt_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role apt_roles;
+	')
+
+	apt_domtrans($1)
+	roleattribute $2 apt_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use apt file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_use_fds'($*)) dnl
+	
+	gen_require(`
+		type apt_t;
+	')
+
+	allow $1 apt_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use
+##	apt file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type apt_t;
+	')
+
+	dontaudit $1 apt_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read apt unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_read_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_read_pipes'($*)) dnl
+	
+	gen_require(`
+		type apt_t;
+	')
+
+	allow $1 apt_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_read_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write apt unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type apt_t;
+	')
+
+	allow $1 apt_t:fifo_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write apt ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_use_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_use_ptys'($*)) dnl
+	
+	gen_require(`
+		type apt_devpts_t;
+	')
+
+	allow $1 apt_devpts_t:chr_file rw_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_use_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read apt package cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_read_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_read_cache'($*)) dnl
+	
+	gen_require(`
+		type apt_var_cache_t;
+	')
+
+	files_search_var($1)
+	allow $1 apt_var_cache_t:dir list_dir_perms;
+	allow $1 apt_var_cache_t:file mmap_read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_read_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete apt package cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_manage_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_manage_cache'($*)) dnl
+	
+	gen_require(`
+		type apt_var_cache_t;
+	')
+
+	files_search_var($1)
+	allow $1 apt_var_cache_t:dir manage_dir_perms;
+	allow $1 apt_var_cache_t:file { manage_file_perms map };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_manage_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read apt package database content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_read_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_read_db'($*)) dnl
+	
+	gen_require(`
+		type apt_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 apt_var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
+	read_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_read_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	apt package database content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_manage_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_manage_db'($*)) dnl
+	
+	gen_require(`
+		type apt_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
+	manage_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_manage_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create,
+##	read, write, and delete apt
+##	package database content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`apt_dontaudit_manage_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apt_dontaudit_manage_db'($*)) dnl
+	
+	gen_require(`
+		type apt_var_lib_t;
+	')
+
+	dontaudit $1 apt_var_lib_t:dir rw_dir_perms;
+	dontaudit $1 apt_var_lib_t:file manage_file_perms;
+	dontaudit $1 apt_var_lib_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apt_dontaudit_manage_db'($*)) dnl
+	')
+
+## <summary>Time zone updater.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run tzdata.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tzdata_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tzdata_domtrans'($*)) dnl
+	
+	gen_require(`
+		type tzdata_t, tzdata_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, tzdata_exec_t, tzdata_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tzdata_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute tzdata in the tzdata domain,
+##	and allow the specified role
+##	the tzdata domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tzdata_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tzdata_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role tzdata_roles;
+	')
+
+	tzdata_domtrans($1)
+	roleattribute $2 tzdata_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tzdata_run'($*)) dnl
+	')
+
+## <summary>Utilities for configuring the Linux ethernet bridge.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run brctl.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`brctl_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `brctl_domtrans'($*)) dnl
+	
+	gen_require(`
+		type brctl_t, brctl_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, brctl_exec_t, brctl_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `brctl_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute brctl in the brctl domain, and
+##	allow the specified role the brctl domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`brctl_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `brctl_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role brctl_roles;
+	')
+
+	brctl_domtrans($1)
+	roleattribute $2 brctl_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `brctl_run'($*)) dnl
+	')
+
+## <summary>Kernel crash dumping mechanism.</summary>
+
+######################################
+## <summary>
+##	Execute kdump in the kdump domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`kdump_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kdump_domtrans'($*)) dnl
+	
+	gen_require(`
+		type kdump_t, kdump_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, kdump_exec_t, kdump_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kdump_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute kdump init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`kdump_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kdump_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type kdump_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, kdump_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kdump_initrc_domtrans'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read kdump configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kdump_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kdump_read_config'($*)) dnl
+	
+	gen_require(`
+		type kdump_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 kdump_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kdump_read_config'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Create, read, write, and delete
+##	kdmup configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kdump_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kdump_manage_config'($*)) dnl
+	
+	gen_require(`
+		type kdump_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 kdump_etc_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kdump_manage_config'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	All of the rules required to
+##	administrate an kdump environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kdump_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kdump_admin'($*)) dnl
+	
+	gen_require(`
+		type kdump_t, kdump_etc_t, kdumpctl_tmp_t;
+		type kdump_initrc_exec_t, kdumpctl_t;
+	')
+
+	allow $1 { kdump_t kdumpctl_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { kdump_t kdumpctl_t })
+
+	init_startstop_service($1, $2, kdump_t, kdump_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, kdump_etc_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, kdumpctl_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kdump_admin'($*)) dnl
+	')
+
+## <summary>The Fedora hardware profiler client.</summary>
+## <summary>sigrok signal analysis software suite.</summary>
+
+########################################
+## <summary>
+##	Execute sigrok in its domain.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`sigrok_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sigrok_run'($*)) dnl
+	
+	gen_require(`
+		type sigrok_t, sigrok_exec_t;
+		attribute_role sigrok_roles;
+	')
+
+	roleattribute $1 sigrok_roles;
+	domtrans_pattern($2, sigrok_exec_t, sigrok_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sigrok_run'($*)) dnl
+	')
+
+## <summary>Policy for Mozilla and related web browsers.</summary>
+
+########################################
+## <summary>
+##	Role access for mozilla.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_role'($*)) dnl
+	
+	gen_require(`
+		type mozilla_t, mozilla_exec_t, mozilla_home_t;
+		type mozilla_tmp_t, mozilla_tmpfs_t, mozilla_plugin_tmp_t;
+		type mozilla_plugin_tmpfs_t, mozilla_plugin_home_t;
+		attribute_role mozilla_roles;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $1 mozilla_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($2, mozilla_exec_t, mozilla_t)
+
+	allow $2 mozilla_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
+	ps_process_pattern($2, mozilla_t)
+
+	allow mozilla_t $2:process signull;
+	allow mozilla_t $2:unix_stream_socket connectto;
+
+	allow $2 mozilla_t:fd use;
+	allow $2 mozilla_t:shm rw_shm_perms;
+
+	stream_connect_pattern($2, mozilla_tmpfs_t, mozilla_tmpfs_t, mozilla_t)
+
+	allow $2 { mozilla_home_t mozilla_plugin_home_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { mozilla_home_t mozilla_plugin_home_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
+	userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
+	userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
+	userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
+
+	filetrans_pattern($2, mozilla_home_t, mozilla_plugin_home_t, dir, "plugins")
+
+	allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { mozilla_tmp_t mozilla_plugin_tmp_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+
+	allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $2 { mozilla_tmpfs_t mozilla_plugin_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	optional_policy(`
+		mozilla_dbus_chat($2)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for mozilla plugin.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_role_plugin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_role_plugin'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t;
+		type mozilla_plugin_rw_t, mozilla_plugin_config_t, mozilla_home_t;
+	')
+
+	mozilla_run_plugin($2, $1)
+	mozilla_run_plugin_config($2, $1)
+
+	allow $2 { mozilla_plugin_t mozilla_plugin_config_t }:process { ptrace signal_perms };
+	ps_process_pattern($2, { mozilla_plugin_t mozilla_plugin_config_t })
+
+	allow $2 mozilla_plugin_t:unix_stream_socket rw_socket_perms;
+	allow $2 mozilla_plugin_t:fd use;
+
+	stream_connect_pattern($2, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t, mozilla_plugin_t)
+
+	allow mozilla_plugin_t $2:process signull;
+	allow mozilla_plugin_t $2:unix_stream_socket { connectto rw_socket_perms };
+	allow mozilla_plugin_t $2:unix_dgram_socket { sendto rw_socket_perms };
+	allow mozilla_plugin_t $2:shm { rw_shm_perms destroy };
+	allow mozilla_plugin_t $2:sem create_sem_perms;
+
+	allow $2 mozilla_home_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 mozilla_home_t:file { manage_file_perms relabel_file_perms };
+	allow $2 mozilla_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".galeon")
+	userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".mozilla")
+	userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".netscape")
+	userdom_user_home_dir_filetrans($2, mozilla_home_t, dir, ".phoenix")
+
+	allow $2 mozilla_plugin_tmp_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 mozilla_plugin_tmp_t:file { manage_file_perms relabel_file_perms };
+	allow $2 mozilla_plugin_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+
+	allow $2 mozilla_plugin_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 mozilla_plugin_tmpfs_t:file { manage_file_perms relabel_file_perms };
+	allow $2 mozilla_plugin_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $2 mozilla_plugin_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	allow $2 mozilla_plugin_rw_t:dir list_dir_perms;
+	allow $2 mozilla_plugin_rw_t:file read_file_perms;
+	allow $2 mozilla_plugin_rw_t:lnk_file read_lnk_file_perms;
+
+	can_exec($2, mozilla_plugin_rw_t)
+
+	optional_policy(`
+		mozilla_dbus_chat_plugin($2)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_role_plugin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read mozilla home directory content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_read_user_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_read_user_home'($*)) dnl
+	
+	gen_require(`
+		type mozilla_home_t;
+	')
+
+	list_dirs_pattern($1, mozilla_home_t, mozilla_home_t)
+	read_files_pattern($1, mozilla_home_t, mozilla_home_t)
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_read_user_home'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Read mozilla home directory files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_read_user_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_read_user_home_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 mozilla_home_t:dir list_dir_perms;
+	allow $1 mozilla_home_t:file read_file_perms;
+	allow $1 mozilla_home_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_read_user_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write mozilla home directory files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_write_user_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_write_user_home_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	write_files_pattern($1, mozilla_home_t, mozilla_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_write_user_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write mozilla home directory files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_dontaudit_rw_user_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_dontaudit_rw_user_home_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_home_t;
+	')
+
+	dontaudit $1 mozilla_home_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_dontaudit_rw_user_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempt to Create,
+##	read, write, and delete mozilla
+##	home directory content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_dontaudit_manage_user_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_dontaudit_manage_user_home_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_home_t;
+	')
+
+	dontaudit $1 mozilla_home_t:dir manage_dir_perms;
+	dontaudit $1 mozilla_home_t:file manage_file_perms;
+	dontaudit $1 mozilla_home_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_dontaudit_manage_user_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mozilla plugin home directory files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_exec_user_plugin_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_exec_user_plugin_home_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_home_t, mozilla_plugin_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	exec_files_pattern($1, { mozilla_home_t mozilla_plugin_home_t }, mozilla_plugin_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_exec_user_plugin_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mozilla plugin home directory file
+##	text relocation.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_execmod_user_plugin_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_execmod_user_plugin_home_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_home_t;
+	')
+
+	allow $1 mozilla_plugin_home_t:file execmod;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_execmod_user_plugin_home_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read temporary mozilla files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_tmp_t;
+	')
+
+	read_files_pattern($1, mozilla_tmp_t, mozilla_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run mozilla in the mozilla domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mozilla_t, mozilla_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mozilla_exec_t, mozilla_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run mozilla plugin.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`mozilla_domtrans_plugin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_domtrans_plugin'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_t, mozilla_plugin_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mozilla_plugin_exec_t, mozilla_plugin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_domtrans_plugin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mozilla plugin in the
+##	mozilla plugin domain, and allow
+##	the specified role the mozilla
+##	plugin domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_run_plugin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_run_plugin'($*)) dnl
+	
+	gen_require(`
+		attribute_role mozilla_plugin_roles;
+	')
+
+	mozilla_domtrans_plugin($1)
+	roleattribute $2 mozilla_plugin_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_run_plugin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run mozilla plugin config.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`mozilla_domtrans_plugin_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_domtrans_plugin_config'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_config_t, mozilla_plugin_config_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mozilla_plugin_config_exec_t, mozilla_plugin_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_domtrans_plugin_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mozilla plugin config in
+##	the mozilla plugin config domain,
+##	and allow the specified role the
+##	mozilla plugin config domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_run_plugin_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_run_plugin_config'($*)) dnl
+	
+	gen_require(`
+		attribute_role mozilla_plugin_config_roles;
+	')
+
+	mozilla_domtrans_plugin_config($1)
+	roleattribute $2 mozilla_plugin_config_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_run_plugin_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	mozilla over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type mozilla_t;
+		class dbus send_msg;
+	')
+
+	allow $1 mozilla_t:dbus send_msg;
+	allow mozilla_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	mozilla plugin over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_dbus_chat_plugin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_dbus_chat_plugin'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_t;
+		class dbus send_msg;
+	')
+
+	allow $1 mozilla_plugin_t:dbus send_msg;
+	allow mozilla_plugin_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_dbus_chat_plugin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write mozilla TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type mozilla_t;
+	')
+
+	allow $1 mozilla_t:tcp_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mozilla plugin rw files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_manage_plugin_rw_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_manage_plugin_rw_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_rw_t;
+	')
+
+	libs_search_lib($1)
+	manage_files_pattern($1, mozilla_plugin_rw_t, mozilla_plugin_rw_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_manage_plugin_rw_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read mozilla_plugin tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_plugin_read_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_plugin_read_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	allow $1 mozilla_plugin_tmpfs_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_plugin_read_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete mozilla_plugin tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_plugin_delete_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_plugin_delete_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	allow $1 mozilla_plugin_tmpfs_t:file delete_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_plugin_delete_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read/write to mozilla's tmp fifo files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_rw_tmp_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_rw_tmp_pipes'($*)) dnl
+	
+	gen_require(`
+		type mozilla_tmp_t;
+	')
+
+	rw_fifo_files_pattern($1, mozilla_tmp_t, mozilla_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_rw_tmp_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	generic mozilla plugin home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_manage_generic_plugin_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_manage_generic_plugin_home_content'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 mozilla_plugin_home_t:dir manage_dir_perms;
+	allow $1 mozilla_plugin_home_t:file manage_file_perms;
+	allow $1 mozilla_plugin_home_t:fifo_file manage_fifo_file_perms;
+	allow $1 mozilla_plugin_home_t:lnk_file manage_lnk_file_perms;
+	allow $1 mozilla_plugin_home_t:sock_file manage_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_manage_generic_plugin_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the generic mozilla
+##	plugin home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_home_filetrans_plugin_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_home_filetrans_plugin_home'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, mozilla_plugin_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_home_filetrans_plugin_home'($*)) dnl
+	')
+
+
+# This is gentoo specific but cannot use ifdef distro_gentoo
+
+########################################
+## <summary>
+##	Do not audit use of mozilla file descriptors
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to dont audit access from
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type mozilla_t;
+	')
+
+	dontaudit $1 mozilla_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send messages to mozilla plugin unix datagram sockets
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`mozilla_send_dgram_plugin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mozilla_send_dgram_plugin'($*)) dnl
+	
+	gen_require(`
+		type mozilla_plugin_t;
+	')
+
+	allow $1 mozilla_plugin_t:unix_dgram_socket sendto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mozilla_send_dgram_plugin'($*)) dnl
+	')
+
+## <summary>Openoffice suite.</summary>
+
+############################################################
+## <summary>
+##	Role access for openoffice.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`ooffice_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ooffice_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role ooffice_roles;
+		type ooffice_t, ooffice_exec_t;
+        ')
+
+	roleattribute $1 ooffice_roles;
+
+	allow ooffice_t $2:unix_stream_socket connectto;
+
+	domtrans_pattern($2, ooffice_exec_t, ooffice_t)
+
+	allow $2 ooffice_t:process { ptrace signal_perms };
+	ps_process_pattern($2, ooffice_t)
+
+	optional_policy(`
+		ooffice_dbus_chat($2)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ooffice_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run openoffice in its own domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ooffice_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ooffice_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ooffice_t, ooffice_exec_t;
+	')
+
+	domtrans_pattern($1, ooffice_exec_t, ooffice_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ooffice_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to execute
+##	files in temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`ooffice_dontaudit_exec_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ooffice_dontaudit_exec_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type ooffice_tmp_t;
+	')
+
+	dontaudit $1 ooffice_tmp_t:file exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ooffice_dontaudit_exec_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write temporary
+##	openoffice files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ooffice_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ooffice_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type ooffice_tmp_t;
+	')
+
+	rw_files_pattern($1, ooffice_tmp_t, ooffice_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ooffice_rw_tmp_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send and receive dbus messages
+##	from and to the openoffice
+##	domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ooffice_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ooffice_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type ooffice_t;
+		class dbus send_msg;
+	')
+
+	allow $1 ooffice_t:dbus send_msg;
+	allow ooffice_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ooffice_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to openoffice using a
+##	unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ooffice_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ooffice_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type ooffice_t, ooffice_tmp_t;
+	')
+
+	files_search_tmp($1)
+	stream_connect_pattern($1, ooffice_tmp_t, ooffice_tmp_t, ooffice_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ooffice_stream_connect'($*)) dnl
+	')
+
+## <summary>Telepathy communications framework.</summary>
+
+#######################################
+## <summary>
+##	The template to define a telepathy domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`telepathy_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `telepathy_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute telepathy_domain, telepathy_executable, telepathy_tmp_content;
+	')
+
+	type telepathy_$1_t, telepathy_domain;
+	type telepathy_$1_exec_t, telepathy_executable;
+	userdom_user_application_domain(telepathy_$1_t, telepathy_$1_exec_t)
+
+	type telepathy_$1_tmp_t, telepathy_tmp_content;
+	userdom_user_tmp_file(telepathy_$1_tmp_t)
+
+	optional_policy(`
+		wm_application_domain(telepathy_$1_t, telepathy_$1_exec_t)
+	')
+
+	auth_use_nsswitch(telepathy_$1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `telepathy_domain_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The role template for the telepathy module.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domains which are used
+##	for window manager applications.
+##	</p>
+## </desc>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`telepathy_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `telepathy_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute telepathy_domain, telepathy_tmp_content;
+		type telepathy_gabble_t, telepathy_sofiasip_t, telepathy_idle_t;
+		type telepathy_mission_control_t, telepathy_salut_t, telepathy_sunshine_t;
+		type telepathy_stream_engine_t, telepathy_msn_t, telepathy_gabble_exec_t;
+		type telepathy_sofiasip_exec_t, telepathy_idle_exec_t;
+		type telepathy_logger_t, telepathy_logger_exec_t;
+		type telepathy_mission_control_exec_t, telepathy_salut_exec_t;
+		type telepathy_sunshine_exec_t, telepathy_stream_engine_exec_t;
+		type telepathy_msn_exec_t;
+
+		type telepathy_mission_control_xdg_cache_t, telepathy_xdg_cache_t, telepathy_logger_xdg_cache_t;
+		type telepathy_gabble_xdg_cache_t, telepathy_mission_control_t, telepathy_xdg_data_t;
+		type telepathy_mission_control_xdg_data_t, telepathy_sunshine_home_t, telepathy_logger_xdg_data_t;
+		type telepathy_mission_control_home_t;
+	')
+
+	role $2 types telepathy_domain;
+
+	allow $3 telepathy_domain:process { ptrace signal_perms };
+	ps_process_pattern($3, telepathy_domain)
+
+	telepathy_gabble_stream_connect($3)
+	telepathy_msn_stream_connect($3)
+	telepathy_salut_stream_connect($3)
+
+	dbus_spec_session_domain($1, telepathy_gabble_t, telepathy_gabble_exec_t)
+	dbus_spec_session_domain($1, telepathy_sofiasip_t, telepathy_sofiasip_exec_t)
+	dbus_spec_session_domain($1, telepathy_idle_t, telepathy_idle_exec_t)
+	dbus_spec_session_domain($1, telepathy_logger_t, telepathy_logger_exec_t)
+	dbus_spec_session_domain($1, telepathy_mission_control_t, telepathy_mission_control_exec_t)
+	dbus_spec_session_domain($1, telepathy_salut_t, telepathy_salut_exec_t)
+	dbus_spec_session_domain($1, telepathy_sunshine_t, telepathy_sunshine_exec_t)
+	dbus_spec_session_domain($1, telepathy_stream_engine_t, telepathy_stream_engine_exec_t)
+	dbus_spec_session_domain($1, telepathy_msn_t, telepathy_msn_exec_t)
+
+	allow $3 { telepathy_mission_control_xdg_cache_t telepathy_xdg_cache_t telepathy_logger_xdg_cache_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $3 { telepathy_gabble_xdg_cache_t telepathy_mission_control_home_t telepathy_xdg_data_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $3 { telepathy_mission_control_xdg_data_t telepathy_sunshine_home_t telepathy_logger_xdg_data_t }:dir { manage_dir_perms relabel_dir_perms };
+
+	allow $3 { telepathy_mission_control_xdg_cache_t telepathy_xdg_cache_t telepathy_logger_xdg_cache_t }:file { manage_file_perms relabel_file_perms };
+	allow $3 { telepathy_gabble_xdg_cache_t telepathy_mission_control_home_t telepathy_xdg_data_t }:file { manage_file_perms relabel_file_perms };
+	allow $3 { telepathy_mission_control_xdg_data_t telepathy_sunshine_home_t telepathy_logger_xdg_data_t }:file { manage_file_perms relabel_file_perms };
+
+	filetrans_pattern($3, telepathy_xdg_cache_t, telepathy_gabble_xdg_cache_t, dir, "gabble")
+	# gnome_cache_filetrans($3, telepathy_gabble_cache_home_t, dir, "wocky")
+
+	filetrans_pattern($3, telepathy_xdg_cache_t, telepathy_logger_xdg_cache_t, dir, "logger")
+	# gnome_data_filetrans($3, telepathy_logger_data_home_t, dir, "TpLogger")
+
+	userdom_user_home_dir_filetrans($3, telepathy_mission_control_home_t, dir, ".mission-control")
+	filetrans_pattern($3, telepathy_xdg_data_t, telepathy_mission_control_xdg_data_t, dir, "mission-control")
+	# gnome_cache_filetrans($3, telepathy_mission_control_cache_home_t, file, ".mc_connections")
+
+	userdom_user_home_dir_filetrans($3, telepathy_sunshine_home_t, dir, ".telepathy-sunshine")
+
+	# gnome_cache_filetrans($3, telepathy_cache_home_t, dir, "telepathy")
+	# gnome_data_filetrans($3, telepathy_data_home_t, dir, "telepathy")
+
+	allow $3 telepathy_tmp_content:dir { manage_dir_perms relabel_dir_perms };
+	allow $3 telepathy_tmp_content:file { manage_file_perms relabel_file_perms };
+	allow $3 telepathy_tmp_content:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	telepathy_mission_control_dbus_chat($3)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `telepathy_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to gabble with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`telepathy_gabble_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `telepathy_gabble_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type telepathy_gabble_t, telepathy_gabble_tmp_t;
+	')
+
+	files_search_tmp($1)
+	stream_connect_pattern($1, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t, telepathy_gabble_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `telepathy_gabble_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send dbus messages to and from
+##	gabble.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`telepathy_gabble_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `telepathy_gabble_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type telepathy_gabble_t;
+		class dbus send_msg;
+	')
+
+	allow $1 telepathy_gabble_t:dbus send_msg;
+	allow telepathy_gabble_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `telepathy_gabble_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send dbus messages to and from
+##	mission control.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`telepathy_mission_control_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `telepathy_mission_control_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type telepathy_mission_control_t;
+		class dbus send_msg;
+	')
+
+	allow $1 telepathy_mission_control_t:dbus send_msg;
+	allow telepathy_mission_control_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `telepathy_mission_control_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read mission control process state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`telepathy_mission_control_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `telepathy_mission_control_read_state'($*)) dnl
+	
+	gen_require(`
+		type telepathy_mission_control_t;
+	')
+
+	kernel_search_proc($1)
+	allow $1 telepathy_mission_control_t:dir list_dir_perms;
+	allow $1 telepathy_mission_control_t:file read_file_perms;
+	allow $1 telepathy_mission_control_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `telepathy_mission_control_read_state'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Connect to msn with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`telepathy_msn_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `telepathy_msn_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type telepathy_msn_t, telepathy_msn_tmp_t;
+	')
+
+	files_search_tmp($1)
+	stream_connect_pattern($1, telepathy_msn_tmp_t, telepathy_msn_tmp_t, telepathy_msn_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `telepathy_msn_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to salut with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`telepathy_salut_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `telepathy_salut_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type telepathy_salut_t, telepathy_salut_tmp_t;
+	')
+
+	files_search_tmp($1)
+	stream_connect_pattern($1, telepathy_salut_tmp_t, telepathy_salut_tmp_t, telepathy_salut_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `telepathy_salut_stream_connect'($*)) dnl
+	')
+
+## <summary>Tools for managing and hosting git repositories.</summary>
+
+#######################################
+## <summary>
+##	Execute a domain transition to run gitosis.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`gitosis_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gitosis_domtrans'($*)) dnl
+	
+	gen_require(`
+		type gitosis_t, gitosis_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, gitosis_exec_t, gitosis_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gitosis_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute gitosis-serve in the
+##	gitosis domain, and allow the
+##	specified role the gitosis domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gitosis_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gitosis_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role gitosis_roles;
+	')
+
+	gitosis_domtrans($1)
+	roleattribute $2 gitosis_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gitosis_run'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read gitosis lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gitosis_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gitosis_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type gitosis_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+	read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+	list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gitosis_read_lib_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Create, read, write, and delete
+##	gitosis lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gitosis_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gitosis_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type gitosis_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gitosis_manage_lib_files'($*)) dnl
+	')
+
+## <summary>Update database for mlocate.</summary>
+
+########################################
+## <summary>
+##	Read locate lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`locate_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `locate_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type locate_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, locate_var_lib_t, locate_var_lib_t)
+	allow $1 locate_var_lib_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `locate_read_lib_files'($*)) dnl
+	')
+
+## <summary>High quality television application.</summary>
+
+########################################
+## <summary>
+##	Role access for tvtime
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`tvtime_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tvtime_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role tvtime_roles;
+		type tvtime_t, tvtime_exec_t, tvtime_tmp_t;
+		type tvtime_home_t, tvtime_tmpfs_t;
+	')
+
+	roleattribute $1 tvtime_roles;
+
+	domtrans_pattern($2, tvtime_exec_t, tvtime_t)
+
+	ps_process_pattern($2, tvtime_t)
+	allow $2 tvtime_t:process { ptrace signal_perms };
+
+	allow $2 { tvtime_home_t tvtime_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { tvtime_home_t tvtime_tmpfs_t tvtime_tmp_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { tvtime_home_t tvtime_tmpfs_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 tvtime_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $2 tvtime_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+	userdom_user_home_dir_filetrans($2, tvtime_home_t, dir, ".tvtime")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tvtime_role'($*)) dnl
+	')
+
+## <summary>On-line manual database.</summary>
+
+########################################
+## <summary>
+##	Execute the mandb program in
+##	the mandb domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mandb_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mandb_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mandb_t, mandb_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mandb_exec_t, mandb_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mandb_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mandb in the mandb
+##	domain, and allow the specified
+##	role the mandb domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mandb_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mandb_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role mandb_roles;
+	')
+
+	mandb_domtrans($1)
+	roleattribute $2 mandb_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mandb_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an mandb environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mandb_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mandb_admin'($*)) dnl
+	
+	gen_require(`
+		type mandb_t;
+	')
+
+	admin_process_pattern($1, mandb_t)
+
+	mandb_run($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mandb_admin'($*)) dnl
+	')
+
+## <summary>Squid log analysis.</summary>
+
+########################################
+## <summary>
+##	Execute the calamaris in
+##	the calamaris domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`calamaris_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `calamaris_domtrans'($*)) dnl
+	
+	gen_require(`
+		type calamaris_t, calamaris_exec_t;
+	')
+
+	files_search_etc($1)
+	domtrans_pattern($1, calamaris_exec_t, calamaris_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `calamaris_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute calamaris in the
+##	calamaris domain, and allow the
+##	specified role the calamaris domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`calamaris_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `calamaris_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role calamaris_roles;
+	')
+
+	lightsquid_domtrans($1)
+	roleattribute $2 calamaris_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `calamaris_run'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read calamaris www files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`calamaris_read_www_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `calamaris_read_www_files'($*)) dnl
+	
+	gen_require(`
+		type calamaris_www_t;
+	')
+
+	allow $1 calamaris_www_t:dir list_dir_perms;
+	read_files_pattern($1, calamaris_www_t, calamaris_www_t)
+	read_lnk_files_pattern($1, calamaris_www_t, calamaris_www_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `calamaris_read_www_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an calamaris environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`calamaris_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `calamaris_admin'($*)) dnl
+	
+	gen_require(`
+		type calamaris_t, calamaris_log_t, calamaris_www_t;
+	')
+
+	allow $1 calamaris_t:process { ptrace signal_perms };
+	ps_process_pattern($1, calamaris_t)
+
+	calamaris_run($1, $2)
+
+	logging_list_logs($1)
+	admin_pattern($1, calamaris_log_t)
+
+	apache_list_sys_content($1)
+	admin_pattern($1, calamaris_www_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `calamaris_admin'($*)) dnl
+	')
+
+## <summary>Java virtual machine</summary>
+
+########################################
+## <summary>
+##	Role access for java.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role java_roles;
+		type java_t, java_exec_t, java_tmp_t;
+		type java_tmpfs_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $1 java_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($2, java_exec_t, java_t)
+
+	allow $2 java_t:process { noatsecure siginh rlimitinh ptrace signal_perms };
+	ps_process_pattern($2, java_t)
+
+	allow $2 java_tmp_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { java_tmp_t java_tmpfs_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 java_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $2 java_tmpfs_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 java_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	allow java_t $2:process signull;
+	allow java_t $2:unix_stream_socket connectto;
+	allow java_t $2:unix_stream_socket { read write };
+	allow java_t $2:tcp_socket { read write };
+
+	ifdef(`distro_gentoo',`
+		gen_require(`
+			type java_home_t;
+		')
+	
+		manage_files_pattern($2, java_home_t, java_home_t)
+		manage_dirs_pattern($2, java_home_t, java_home_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_role'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The role template for the java module.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domains which are used
+##	for java applications.
+##	</p>
+## </desc>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute java_domain;
+		type java_exec_t, java_tmp_t, java_tmpfs_t;
+		type java_home_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_java_t, java_domain;
+	userdom_user_application_domain($1_java_t, java_exec_t)
+
+	role $2 types $1_java_t;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($3, java_exec_t, $1_java_t)
+
+	allow $3 $1_java_t:process { ptrace noatsecure siginh rlimitinh signal_perms };
+	ps_process_pattern($3, $1_java_t)
+
+	allow $3 { java_home_t java_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $3 { java_tmp_t java_tmpfs_t java_home_t }:file { manage_file_perms relabel_file_perms };
+	allow $3 java_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $3 java_tmpfs_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $3 java_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+	userdom_user_home_dir_filetrans($3, java_home_t, dir, ".java")
+
+	allow $1_java_t $3:process signull;
+	allow $1_java_t $3:unix_stream_socket connectto;
+	allow $1_java_t $3:unix_stream_socket { read write };
+	allow $1_java_t $3:tcp_socket { read write };
+
+	corecmd_bin_domtrans($1_java_t, $3)
+
+	auth_use_nsswitch($1_java_t)
+
+	optional_policy(`
+		xserver_role($2, $1_java_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the java program in the java domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_domtrans'($*)) dnl
+	
+	gen_require(`
+		type java_t, java_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, java_exec_t, java_t)
+
+	ifdef(`distro_gentoo',`
+		# /usr/bin/java is a symlink
+		files_read_usr_symlinks($1)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute java in the java domain, and
+##	allow the specified role the java domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role java_roles;
+	')
+
+	java_domtrans($1)
+	roleattribute $2 java_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the java program in the
+##	unconfined java domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_domtrans_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_domtrans_unconfined'($*)) dnl
+	
+	gen_require(`
+		type unconfined_java_t, java_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, java_exec_t, unconfined_java_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_domtrans_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the java program in the
+##	unconfined java domain and allow the
+##	specified role the java domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_run_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_run_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute_role unconfined_java_roles;
+	')
+
+	java_domtrans_unconfined($1)
+	roleattribute $2 unconfined_java_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_run_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the java program in
+##	the callers domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_exec'($*)) dnl
+	
+	gen_require(`
+		type java_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, java_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	generic java home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_manage_generic_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_manage_generic_home_content'($*)) dnl
+	
+	gen_require(`
+		type java_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 java_home_t:dir manage_dir_perms;
+	allow $1 java_home_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_manage_generic_home_content'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##      Create, read, write, and delete
+##      temporary java content.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`java_manage_java_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_manage_java_tmp'($*)) dnl
+	
+	gen_require(`
+		type java_tmp_t;
+	')
+
+	allow $1 java_tmp_t:dir manage_dir_perms;
+	allow $1 java_tmp_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_manage_java_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	directories with the generic java
+##	home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_home_filetrans_java_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_home_filetrans_java_home'($*)) dnl
+	
+	gen_require(`
+		type java_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, java_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_home_filetrans_java_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run java in javaplugin domain and
+##	do not clean the environment (atsecure)
+## </summary>
+## <desc>
+##	<p>
+##	This is needed when java is called by an application with library
+##	settings (such as is the case when invoked as a browser plugin)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_noatsecure_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_noatsecure_domtrans'($*)) dnl
+	
+	gen_require(`
+		type java_t;
+	')
+
+	allow $1 java_t:process noatsecure;
+
+	java_domtrans($1)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_noatsecure_domtrans'($*)) dnl
+	')
+
+
+# everything after here is gentoo-specific. ifdef's are not allowed for this unfortunately
+
+#######################################
+## <summary>
+##	The template for using java in a domain.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domains which are used
+##	for java applications.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	The type of the domain to be given java privs.
+##	</summary>
+## </param>
+#
+ 	 	define(`java_domain_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `java_domain_type'($*)) dnl
+	
+	gen_require(`
+		attribute java_domain;
+	')
+
+	########################################
+	#
+	# Policy
+	#
+
+	typeattribute $1 java_domain;
+
+	# cannot be called on the attribute, so do it now
+	auth_use_nsswitch($1)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `java_domain_type'($*)) dnl
+	')
+
+## <summary>Command-line CPU frequency settings.</summary>
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	cpufreq-selector over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cpufreqselector_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cpufreqselector_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type cpufreqselector_t;
+		class dbus send_msg;
+	')
+
+	allow $1 cpufreqselector_t:dbus send_msg;
+	allow cpufreqselector_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cpufreqselector_dbus_chat'($*)) dnl
+	')
+
+## <summary>Run Windows programs in Linux.</summary>
+
+########################################
+## <summary>
+##	Role access for wine.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`wine_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wine_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role wine_roles;
+		type wine_exec_t, wine_t, wine_tmp_t;
+		type wine_home_t;
+	')
+
+	roleattribute $1 wine_roles;
+
+	domtrans_pattern($2, wine_exec_t, wine_t)
+
+	allow wine_t $2:unix_stream_socket connectto;
+	allow wine_t $2:process signull;
+
+	ps_process_pattern($2, wine_t)
+	allow $2 wine_t:process { ptrace signal_perms };
+
+	allow $2 wine_t:fd use;
+	allow $2 wine_t:shm { associate getattr };
+	allow $2 wine_t:shm rw_shm_perms;
+	allow $2 wine_t:unix_stream_socket connectto;
+
+	allow $2 { wine_tmp_t wine_home_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { wine_tmp_t wine_home_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 wine_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	userdom_user_home_dir_filetrans($2, wine_home_t, dir, ".wine")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wine_role'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The role template for the wine module.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domains which are used
+##	for wine applications.
+##	</p>
+## </desc>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`wine_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wine_role_template'($*)) dnl
+	
+	gen_require(`
+		type wine_exec_t;
+	')
+
+	type $1_wine_t;
+	userdom_user_application_domain($1_wine_t, wine_exec_t)
+	role $2 types $1_wine_t;
+
+	allow $1_wine_t self:process { execmem execstack };
+
+	allow $3 $1_wine_t:process { ptrace noatsecure signal_perms };
+	ps_process_pattern($3, $1_wine_t)
+
+	domtrans_pattern($3, wine_exec_t, $1_wine_t)
+
+	corecmd_bin_domtrans($1_wine_t, $3)
+
+	userdom_manage_user_tmpfs_files($1_wine_t)
+
+	domain_mmap_low($1_wine_t)
+
+	tunable_policy(`wine_mmap_zero_ignore',`
+		dontaudit $1_wine_t self:memprotect mmap_zero;
+	')
+
+	optional_policy(`
+		xserver_role($1_r, $1_wine_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wine_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the wine program in the wine domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`wine_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wine_domtrans'($*)) dnl
+	
+	gen_require(`
+		type wine_t, wine_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, wine_exec_t, wine_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wine_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute wine in the wine domain,
+##	and allow the specified role
+##	the wine domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`wine_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wine_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role wine_roles;
+	')
+
+	wine_domtrans($1)
+	roleattribute $2 wine_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wine_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write wine Shared
+##	memory segments.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`wine_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wine_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type wine_t;
+	')
+
+	allow $1 wine_t:shm rw_shm_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wine_rw_shm'($*)) dnl
+	')
+
+## <summary>system-config-samba dbus service.</summary>
+## <summary>Log analyzer for squid proxy.</summary>
+
+########################################
+## <summary>
+##	Execute the lightsquid program in
+##	the lightsquid domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`lightsquid_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lightsquid_domtrans'($*)) dnl
+	
+	gen_require(`
+		type lightsquid_t, lightsquid_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, lightsquid_exec_t, lightsquid_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lightsquid_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute lightsquid in the
+##	lightsquid domain, and allow the
+##	specified role the lightsquid domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lightsquid_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lightsquid_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role lightsquid_roles;
+	')
+
+	lightsquid_domtrans($1)
+	roleattribute $2 lightsquid_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lightsquid_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an lightsquid environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lightsquid_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lightsquid_admin'($*)) dnl
+	
+	gen_require(`
+		type lightsquid_t, lightsquid_rw_content_t;
+	')
+
+	allow $1 lightsquid_t:process { ptrace signal_perms };
+	ps_process_pattern($1, lightsquid_t)
+
+	lightsquid_run($1, $2)
+
+	files_search_var_lib($1)
+	admin_pattern($1, lightsquid_rw_content_t)
+
+	apache_list_sys_content($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lightsquid_admin'($*)) dnl
+	')
+
+## <summary>IRC client policy.</summary>
+
+########################################
+## <summary>
+##	Role access for IRC.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`irc_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `irc_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role irc_roles;
+		type irc_t, irc_exec_t, irc_home_t;
+		type irc_tmp_t, irc_log_home_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $1 irc_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($2, irc_exec_t, irc_t)
+
+	ps_process_pattern($2, irc_t)
+	allow $2 irc_t:process { ptrace signal_perms };
+
+	allow $2 { irc_home_t irc_log_home_t irc_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { irc_home_t irc_log_home_t irc_tmp_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { irc_home_t irc_log_home_t irc_tmp_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	userdom_user_home_dir_filetrans($2, irc_home_t, dir, ".irssi")
+	userdom_user_home_dir_filetrans($2, irc_home_t, file, ".ircmotd")
+	userdom_user_home_dir_filetrans($2, irc_log_home_t, dir, "irclogs")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `irc_role'($*)) dnl
+	')
+
+## <summary>VMWare Workstation virtual machines.</summary>
+
+########################################
+## <summary>
+##	Role access for vmware.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`vmware_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vmware_role'($*)) dnl
+	
+	gen_require(`
+		type vmware_t, vmware_exec_t, vmware_file_t;
+		type vmware_conf_t, vmware_tmp_t, vmware_tmpfs_t;
+	')
+
+	role $1 types vmware_t;
+
+	domtrans_pattern($2, vmware_exec_t, vmware_t)
+
+	ps_process_pattern($2, vmware_t)
+	allow $2 vmware_t:process { ptrace signal_perms };
+
+	allow $2 { vmware_tmp_t vmware_file_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { vmware_conf_t vmware_file_t vmware_tmp_t vmware_tmpfs_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { vmware_tmp_t vmware_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+	allow $2 vmware_tmpfs_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 vmware_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	userdom_user_home_dir_filetrans($2, vmware_file_t, dir, ".vmware")
+	userdom_user_home_dir_filetrans($2, vmware_file_t, dir, "vmware")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vmware_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute vmware host executables
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vmware_exec_host',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vmware_exec_host'($*)) dnl
+	
+	gen_require(`
+		type vmware_host_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, vmware_host_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vmware_exec_host'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read vmware system configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vmware_read_system_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vmware_read_system_config'($*)) dnl
+	
+	gen_require(`
+		type vmware_sys_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 vmware_sys_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vmware_read_system_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append vmware system configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vmware_append_system_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vmware_append_system_config'($*)) dnl
+	
+	gen_require(`
+		type vmware_sys_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 vmware_sys_conf_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vmware_append_system_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append vmware log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vmware_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vmware_append_log'($*)) dnl
+	
+	gen_require(`
+		type vmware_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, vmware_log_t, vmware_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vmware_append_log'($*)) dnl
+	')
+
+## <summary>Modular screen saver and locker for X11.</summary>
+
+########################################
+## <summary>
+##	Role access for xscreensaver.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`xscreensaver_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xscreensaver_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role xscreensaver_roles;
+		attribute_role xscreensaver_helper_roles;
+		type xscreensaver_t, xscreensaver_exec_t;
+		type xscreensaver_helper_t;
+		type xscreensaver_config_t, xscreensaver_tmpfs_t;
+	')
+
+	roleattribute $1 xscreensaver_roles;
+	roleattribute $1 xscreensaver_helper_roles;
+
+	domtrans_pattern($2, xscreensaver_exec_t, xscreensaver_t)
+
+	allow $2 xscreensaver_t:process { ptrace signal_perms };
+	ps_process_pattern($2, xscreensaver_t)
+
+	allow $2 xscreensaver_config_t:file { manage_file_perms relabel_file_perms };
+
+	allow $2 xscreensaver_tmpfs_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 xscreensaver_tmpfs_t:file { manage_file_perms relabel_file_perms };
+
+	allow xscreensaver_helper_t $2:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xscreensaver_role'($*)) dnl
+	')
+
+## <summary>system-config-firewall dbus system service.</summary>
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	firewallgui over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`firewallgui_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firewallgui_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type firewallgui_t;
+		class dbus send_msg;
+	')
+
+	allow $1 firewallgui_t:dbus send_msg;
+	allow firewallgui_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firewallgui_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write firewallgui unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`firewallgui_dontaudit_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firewallgui_dontaudit_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type firewallgui_t;
+	')
+
+	dontaudit $1 firewallgui_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firewallgui_dontaudit_rw_pipes'($*)) dnl
+	')
+
+## <summary>Restricted (scp/sftp) only shell.</summary>
+
+########################################
+## <summary>
+##	Role access for rssh.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`rssh_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rssh_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role rssh_roles;
+		type rssh_t, rssh_exec_t, rssh_ro_t;
+		type rssh_rw_t;
+	')
+
+	roleattribute $1 rssh_roles;
+
+	domtrans_pattern($2, rssh_exec_t, rssh_t)
+
+	allow $2 rssh_t:process { ptrace signal_perms };
+	ps_process_pattern($2, rssh_t)
+
+	allow $2 { rssh_ro_t rssh_rw_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { rssh_ro_t rssh_rw_t }:file { manage_file_perms relabel_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rssh_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute rssh in the rssh domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rssh_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rssh_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rssh_t, rssh_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	spec_domtrans_pattern($1, rssh_exec_t, rssh_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rssh_spec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the rssh program
+##	in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rssh_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rssh_exec'($*)) dnl
+	
+	gen_require(`
+		type rssh_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, rssh_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rssh_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run rssh chroot helper.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rssh_domtrans_chroot_helper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rssh_domtrans_chroot_helper'($*)) dnl
+	
+	gen_require(`
+		type rssh_chroot_helper_t, rssh_chroot_helper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rssh_chroot_helper_exec_t, rssh_chroot_helper_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rssh_domtrans_chroot_helper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read users rssh read-only content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rssh_read_ro_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rssh_read_ro_content'($*)) dnl
+	
+	gen_require(`
+		type rssh_ro_t;
+	')
+
+	allow $1 rssh_ro_t:dir list_dir_perms;
+	allow $1 rssh_ro_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rssh_read_ro_content'($*)) dnl
+	')
+
+## <summary>Podsleuth is a tool to get information about an Apple (TM) iPod (TM).</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run podsleuth.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`podsleuth_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `podsleuth_domtrans'($*)) dnl
+	
+	gen_require(`
+		type podsleuth_t, podsleuth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, podsleuth_exec_t, podsleuth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `podsleuth_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute podsleuth in the podsleuth
+##	domain, and allow the specified role
+##	the podsleuth domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`podsleuth_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `podsleuth_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role podsleuth_roles;
+	')
+
+	podsleuth_domtrans($1)
+	roleattribute $2 podsleuth_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `podsleuth_run'($*)) dnl
+	')
+
+## <summary>GNU network object model environment.</summary>
+
+#######################################
+## <summary>
+##	The role template for gnome.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute gnomedomain, gkeyringd_domain;
+		attribute_role gconfd_roles;
+		type gkeyringd_exec_t, gnome_keyring_home_t, gnome_keyring_tmp_t;
+		type gconfd_t, gconfd_exec_t, gconf_tmp_t;
+		type gconf_home_t, gnome_home_t;
+	')
+
+	########################################
+	#
+	# Gconf declarations
+	#
+
+	roleattribute $2 gconfd_roles;
+
+	########################################
+	#
+	# Gkeyringd declarations
+	#
+
+	type $1_gkeyringd_t, gnomedomain, gkeyringd_domain;
+	userdom_user_application_domain($1_gkeyringd_t, gkeyringd_exec_t)
+	domain_user_exemption_target($1_gkeyringd_t)
+
+	role $2 types $1_gkeyringd_t;
+
+	########################################
+	#
+	# Gconf policy
+	#
+
+	domtrans_pattern($3, gconfd_exec_t, gconfd_t)
+
+	allow $3 { gconf_home_t gconf_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $3 { gconf_home_t gconf_tmp_t }:file { manage_file_perms relabel_file_perms };
+	userdom_user_home_dir_filetrans($3, gconf_home_t, dir, ".gconf")
+	userdom_user_home_dir_filetrans($3, gconf_home_t, dir, ".gconfd")
+
+	allow $3 gconfd_t:process { ptrace signal_perms };
+	ps_process_pattern($3, gconfd_t)
+
+	########################################
+	#
+	# Gkeyringd policy
+	#
+
+	domtrans_pattern($3, gkeyringd_exec_t, $1_gkeyringd_t)
+
+	allow $3 { gnome_home_t gnome_keyring_home_t gnome_keyring_tmp_t }:dir { relabel_dir_perms manage_dir_perms };
+	allow $3 { gnome_home_t gnome_keyring_home_t }:file { relabel_file_perms manage_file_perms };
+
+	userdom_user_home_dir_filetrans($3, gnome_home_t, dir, ".gnome")
+	userdom_user_home_dir_filetrans($3, gnome_home_t, dir, ".gnome2")
+	userdom_user_home_dir_filetrans($3, gnome_home_t, dir, ".gnome2_private")
+
+	gnome_home_filetrans($3, gnome_keyring_home_t, dir, "keyrings")
+
+	allow $3 gnome_keyring_tmp_t:sock_file { relabel_sock_file_perms manage_sock_file_perms };
+
+	ps_process_pattern($3, $1_gkeyringd_t)
+	allow $3 $1_gkeyringd_t:process { ptrace signal_perms };
+
+	corecmd_bin_domtrans($1_gkeyringd_t, $3)
+	corecmd_shell_domtrans($1_gkeyringd_t, $3)
+
+	gnome_stream_connect_gkeyringd($1, $3)
+
+	optional_policy(`
+		dbus_spec_session_domain($1, $1_gkeyringd_t, gkeyringd_exec_t)
+		dbus_system_bus_client($1_gkeyringd_t)
+
+		optional_policy(`
+			evolution_dbus_chat($1_gkeyringd_t)
+		')
+
+		optional_policy(`
+			gnome_dbus_chat_gconfd($3)
+			gnome_dbus_chat_gkeyringd($1, $3)
+		')
+
+		optional_policy(`
+			wm_dbus_chat($1, $1_gkeyringd_t)
+		')
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute gconf in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_exec_gconf',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_exec_gconf'($*)) dnl
+	
+	gen_require(`
+		type gconfd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, gconfd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_exec_gconf'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read gconf configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_read_gconf_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_read_gconf_config'($*)) dnl
+	
+	gen_require(`
+		type gconf_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 gconf_etc_t:dir list_dir_perms;
+	allow $1 gconf_etc_t:file read_file_perms;
+	allow $1 gconf_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_read_gconf_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read
+##	inherited gconf configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_dontaudit_read_inherited_gconf_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_dontaudit_read_inherited_gconf_config_files'($*)) dnl
+	
+	gen_require(`
+		type gconf_etc_t;
+	')
+
+	dontaudit $1 gconf_etc_t:file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_dontaudit_read_inherited_gconf_config_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	gconf configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_manage_gconf_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_manage_gconf_config'($*)) dnl
+	
+	gen_require(`
+		type gconf_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 gconf_etc_t:dir manage_dir_perms;
+	allow $1 gconf_etc_t:file manage_file_perms;
+	allow $1 gconf_etc_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_manage_gconf_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to gconf using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_stream_connect_gconf',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_stream_connect_gconf'($*)) dnl
+	
+	gen_require(`
+		type gconfd_t, gconf_tmp_t;
+	')
+
+	files_search_tmp($1)
+	stream_connect_pattern($1, gconf_tmp_t, gconf_tmp_t, gconfd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_stream_connect_gconf'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run gconfd in gconfd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_domtrans_gconfd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_domtrans_gconfd'($*)) dnl
+	
+	gen_require(`
+		type gconfd_t, gconfd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, gconfd_exec_t, gconfd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_domtrans_gconfd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create generic gnome home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_create_generic_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_create_generic_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type gnome_home_t;
+	')
+
+	allow $1 gnome_home_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_create_generic_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of generic gnome
+##	user home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_setattr_generic_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_setattr_generic_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type gnome_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	setattr_dirs_pattern($1, gnome_home_t, gnome_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_setattr_generic_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic gnome home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_read_generic_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_read_generic_home_content'($*)) dnl
+	
+	gen_require(`
+		type gnome_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 gnome_home_t:dir list_dir_perms;
+	allow $1 gnome_home_t:file { read_file_perms map };
+	allow $1 gnome_home_t:fifo_file read_fifo_file_perms;
+	allow $1 gnome_home_t:lnk_file read_lnk_file_perms;
+	allow $1 gnome_home_t:sock_file read_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_read_generic_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	generic gnome home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_manage_generic_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_manage_generic_home_content'($*)) dnl
+	
+	gen_require(`
+		type gnome_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 gnome_home_t:dir manage_dir_perms;
+	allow $1 gnome_home_t:file manage_file_perms;
+	allow $1 gnome_home_t:fifo_file manage_fifo_file_perms;
+	allow $1 gnome_home_t:lnk_file manage_lnk_file_perms;
+	allow $1 gnome_home_t:sock_file manage_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_manage_generic_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search generic gnome home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_search_generic_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_search_generic_home'($*)) dnl
+	
+	gen_require(`
+		type gnome_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 gnome_home_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_search_generic_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in gnome user home
+##	directories with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_home_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_home_filetrans'($*)) dnl
+	
+	gen_require(`
+		type gnome_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	filetrans_pattern($1, gnome_home_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_home_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create generic gconf home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_create_generic_gconf_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_create_generic_gconf_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type gconf_home_t;
+	')
+
+	allow $1 gconf_home_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_create_generic_gconf_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic gconf home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_read_generic_gconf_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_read_generic_gconf_home_content'($*)) dnl
+	
+	gen_require(`
+		type gconf_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 gconf_home_t:dir list_dir_perms;
+	allow $1 gconf_home_t:file read_file_perms;
+	allow $1 gconf_home_t:fifo_file read_fifo_file_perms;
+	allow $1 gconf_home_t:lnk_file read_lnk_file_perms;
+	allow $1 gconf_home_t:sock_file read_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_read_generic_gconf_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	generic gconf home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_manage_generic_gconf_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_manage_generic_gconf_home_content'($*)) dnl
+	
+	gen_require(`
+		type gconf_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 gconf_home_t:dir manage_dir_perms;
+	allow $1 gconf_home_t:file manage_file_perms;
+	allow $1 gconf_home_t:fifo_file manage_fifo_file_perms;
+	allow $1 gconf_home_t:lnk_file manage_lnk_file_perms;
+	allow $1 gconf_home_t:sock_file manage_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_manage_generic_gconf_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search generic gconf home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_search_generic_gconf_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_search_generic_gconf_home'($*)) dnl
+	
+	gen_require(`
+		type gconf_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 gconf_home_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_search_generic_gconf_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the generic gconf
+##	home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_home_filetrans_gconf_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_home_filetrans_gconf_home'($*)) dnl
+	
+	gen_require(`
+		type gconf_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, gconf_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_home_filetrans_gconf_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the generic gnome
+##	home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_home_filetrans_gnome_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_home_filetrans_gnome_home'($*)) dnl
+	
+	gen_require(`
+		type gnome_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, gnome_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_home_filetrans_gnome_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in gnome gconf home
+##	directories with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_gconf_home_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_gconf_home_filetrans'($*)) dnl
+	
+	gen_require(`
+		type gconf_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	filetrans_pattern($1, gconf_home_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_gconf_home_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the gstreamer
+##	orcexec type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_user_home_dir_filetrans_gstreamer_orcexec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_user_home_dir_filetrans_gstreamer_orcexec'($*)) dnl
+	
+	gen_require(`
+		type gstreamer_orcexec_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, gstreamer_orcexec_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_user_home_dir_filetrans_gstreamer_orcexec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user
+##	runtime directories with the
+##	gstreamer orcexec type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_user_runtime_filetrans_gstreamer_orcexec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_user_runtime_filetrans_gstreamer_orcexec'($*)) dnl
+	
+	gen_require(`
+		type gstreamer_orcexec_t;
+	')
+
+	userdom_user_runtime_filetrans($1, gstreamer_orcexec_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_user_runtime_filetrans_gstreamer_orcexec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic gnome keyring home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_read_keyring_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_read_keyring_home_files'($*)) dnl
+	
+	gen_require(`
+		type gnome_home_t, gnome_keyring_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	read_files_pattern($1, { gnome_home_t gnome_keyring_home_t }, gnome_keyring_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_read_keyring_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	gnome configuration daemon over
+##	dbus.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_dbus_chat_gconfd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_dbus_chat_gconfd'($*)) dnl
+	
+	gen_require(`
+		type gconfd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 gconfd_t:dbus send_msg;
+	allow gconfd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_dbus_chat_gconfd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	gnome keyring daemon over dbus.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_dbus_chat_gkeyringd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_dbus_chat_gkeyringd'($*)) dnl
+	
+	gen_require(`
+		type $1_gkeyringd_t;
+		class dbus send_msg;
+	')
+
+	allow $2 $1_gkeyringd_t:dbus send_msg;
+	allow $1_gkeyringd_t $2:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_dbus_chat_gkeyringd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from all
+##	gnome keyring daemon over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_dbus_chat_all_gkeyringd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_dbus_chat_all_gkeyringd'($*)) dnl
+	
+	gen_require(`
+		attribute gkeyringd_domain;
+		class dbus send_msg;
+	')
+
+	allow $1 gkeyringd_domain:dbus send_msg;
+	allow gkeyringd_domain $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_dbus_chat_all_gkeyringd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run all gkeyringd in gkeyringd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_spec_domtrans_all_gkeyringd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_spec_domtrans_all_gkeyringd'($*)) dnl
+	
+	gen_require(`
+		attribute gkeyringd_domain;
+		type gkeyringd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	spec_domtrans_pattern($1, gkeyringd_exec_t, gkeyringd_domain)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_spec_domtrans_all_gkeyringd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to gnome keyring daemon
+##	with a unix stream socket.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_stream_connect_gkeyringd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_stream_connect_gkeyringd'($*)) dnl
+	
+	gen_require(`
+		type $1_gkeyringd_t, gnome_keyring_tmp_t;
+	')
+
+	files_search_tmp($2)
+	userdom_search_user_runtime($2)
+	stream_connect_pattern($2, gnome_keyring_tmp_t, gnome_keyring_tmp_t, $1_gkeyringd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_stream_connect_gkeyringd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to all gnome keyring daemon
+##	with a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_stream_connect_all_gkeyringd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_stream_connect_all_gkeyringd'($*)) dnl
+	
+	gen_require(`
+		attribute gkeyringd_domain;
+		type gnome_keyring_tmp_t;
+	')
+
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+	stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_stream_connect_all_gkeyringd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage gstreamer ORC optimized
+##	code.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_manage_gstreamer_orcexec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_manage_gstreamer_orcexec'($*)) dnl
+	
+	gen_require(`
+		type gstreamer_orcexec_t;
+	')
+
+	allow $1 gstreamer_orcexec_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_manage_gstreamer_orcexec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mmap gstreamer ORC optimized
+##	code.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnome_mmap_gstreamer_orcexec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnome_mmap_gstreamer_orcexec'($*)) dnl
+	
+	gen_require(`
+		type gstreamer_orcexec_t;
+	')
+
+	allow $1 gstreamer_orcexec_t:file mmap_exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnome_mmap_gstreamer_orcexec'($*)) dnl
+	')
+
+## <summary>Application that lets you synchronize your files across multiple devices.</summary>
+
+########################################
+## <summary>
+##  Role access for Syncthing
+## </summary>
+## <param name="role">
+##  <summary>
+##  Role allowed access
+##  </summary>
+## </param>
+## <param name="domain">
+##  <summary>
+##  User domain for the role
+##  </summary>
+## </param>
+#
+ 	 	define(`syncthing_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `syncthing_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role syncthing_roles;
+		type syncthing_t, syncthing_exec_t, syncthing_xdg_config_t;
+	')
+
+	roleattribute $1 syncthing_roles;
+
+	domtrans_pattern($2, syncthing_exec_t, syncthing_t)
+
+	allow $2 syncthing_xdg_config_t:file { manage_file_perms relabel_file_perms };
+	allow $2 syncthing_xdg_config_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 syncthing_xdg_config_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `syncthing_role'($*)) dnl
+	')
+
+## <summary>CryFS and similar other tools which mount encrypted directories using FUSE.</summary>
+
+########################################
+## <summary>
+##	Role access for CryFS.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`cryfs_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cryfs_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role cryfs_roles;
+		type cryfs_t, cryfs_exec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $1 cryfs_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($2, cryfs_exec_t, cryfs_t)
+
+	allow $2 cryfs_t:process signal_perms;
+	ps_process_pattern($2, cryfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cryfs_role'($*)) dnl
+	')
+
+## <summary>A wrapper that helps users run system programs.</summary>
+
+#######################################
+## <summary>
+##	The role template for the userhelper module.
+## </summary>
+## <param name="userrole_prefix">
+##	<summary>
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The user role.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The user domain associated with the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`userhelper_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userhelper_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute userhelper_type, consolehelper_type;
+		attribute_role userhelper_roles, consolehelper_roles;
+		type userhelper_exec_t, consolehelper_exec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_consolehelper_t, consolehelper_type;
+	userdom_user_application_domain($1_consolehelper_t, consolehelper_exec_t)
+
+	role consolehelper_roles types $1_consolehelper_t;
+	roleattribute $2 consolehelper_roles;
+
+	type $1_userhelper_t, userhelper_type;
+	userdom_user_application_domain($1_userhelper_t, userhelper_exec_t)
+
+	domain_role_change_exemption($1_userhelper_t)
+	domain_obj_id_change_exemption($1_userhelper_t)
+	domain_interactive_fd($1_userhelper_t)
+	domain_subj_id_change_exemption($1_userhelper_t)
+
+	role userhelper_roles types $1_userhelper_t;
+	roleattribute $2 userhelper_roles;
+
+	########################################
+	#
+	# Consolehelper local policy
+	#
+
+	allow $1_consolehelper_t $3:unix_stream_socket connectto;
+
+	domtrans_pattern($3, consolehelper_exec_t, $1_consolehelper_t)
+
+	allow $3 $1_consolehelper_t:process { ptrace signal_perms };
+	ps_process_pattern($3, $1_consolehelper_t)
+
+	auth_use_pam($1_consolehelper_t)
+
+	optional_policy(`
+		dbus_connect_all_session_bus($1_consolehelper_t)
+
+		optional_policy(`
+			userhelper_dbus_chat_all_consolehelper($3)
+		')
+	')
+
+	########################################
+	#
+	# Userhelper local policy
+	#
+
+	domtrans_pattern($3, userhelper_exec_t, $1_userhelper_t)
+
+	dontaudit $3 $1_userhelper_t:process signal;
+
+	corecmd_bin_domtrans($1_userhelper_t, $3)
+
+	auth_domtrans_chk_passwd($1_userhelper_t)
+	auth_use_nsswitch($1_userhelper_t)
+
+	userdom_bin_spec_domtrans_unpriv_users($1_userhelper_t)
+	userdom_entry_spec_domtrans_unpriv_users($1_userhelper_t)
+
+	optional_policy(`
+		tunable_policy(`! secure_mode',`
+			sysadm_bin_spec_domtrans($1_userhelper_t)
+			sysadm_entry_spec_domtrans($1_userhelper_t)
+		')
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userhelper_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search userhelper configuration directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userhelper_search_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userhelper_search_config'($*)) dnl
+	
+	gen_require(`
+		type userhelper_conf_t;
+	')
+
+	allow $1 userhelper_conf_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userhelper_search_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search
+##	userhelper configuration directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userhelper_dontaudit_search_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userhelper_dontaudit_search_config'($*)) dnl
+	
+	gen_require(`
+		type userhelper_conf_t;
+	')
+
+	dontaudit $1 userhelper_conf_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userhelper_dontaudit_search_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	consolehelper over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userhelper_dbus_chat_all_consolehelper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userhelper_dbus_chat_all_consolehelper'($*)) dnl
+	
+	gen_require(`
+		attribute consolehelper_type;
+		class dbus send_msg;
+	')
+
+	allow $1 consolehelper_type:dbus send_msg;
+	allow consolehelper_type $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userhelper_dbus_chat_all_consolehelper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use userhelper all userhelper file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userhelper_use_fd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userhelper_use_fd'($*)) dnl
+	
+	gen_require(`
+		attribute userhelper_type;
+	')
+
+	allow $1 userhelper_type:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userhelper_use_fd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send child terminated signals to all userhelper.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userhelper_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userhelper_sigchld'($*)) dnl
+	
+	gen_require(`
+		attribute userhelper_type;
+	')
+
+	allow $1 userhelper_type:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userhelper_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the userhelper program in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userhelper_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userhelper_exec'($*)) dnl
+	
+	gen_require(`
+		type userhelper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, userhelper_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userhelper_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the consolehelper program
+##	in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userhelper_exec_consolehelper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userhelper_exec_consolehelper'($*)) dnl
+	
+	gen_require(`
+		type consolehelper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, consolehelper_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userhelper_exec_consolehelper'($*)) dnl
+	')
+
+## <summary>Record audio or data Compact Discs from a master.</summary>
+
+########################################
+## <summary>
+##	Role access for cdrecord.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`cdrecord_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cdrecord_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role cdrecord_roles;
+		type cdrecord_t, cdrecord_exec_t;
+	')
+
+	roleattribute $1 cdrecord_roles;
+
+	domtrans_pattern($2, cdrecord_exec_t, cdrecord_t)
+
+	allow cdrecord_t $2:unix_stream_socket rw_socket_perms;
+
+	allow $2 cdrecord_t:process { ptrace signal_perms };
+	ps_process_pattern($2, cdrecord_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cdrecord_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cdrecord in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cdrecord_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cdrecord_exec'($*)) dnl
+	
+	gen_require(`
+		type cdrecord_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, cdrecord_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cdrecord_exec'($*)) dnl
+	')
+
+## <summary>Load keyboard mappings.</summary>
+
+########################################
+## <summary>
+##	Execute the loadkeys program in
+##	the loadkeys domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`loadkeys_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `loadkeys_domtrans'($*)) dnl
+	
+	gen_require(`
+		type loadkeys_t, loadkeys_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, loadkeys_exec_t, loadkeys_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `loadkeys_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the loadkeys program in
+##	the loadkeys domain, and allow the
+##	specified role the loadkeys domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`loadkeys_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `loadkeys_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role loadkeys_roles;
+	')
+
+	loadkeys_domtrans($1)
+	roleattribute $2 loadkeys_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `loadkeys_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the loadkeys in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`loadkeys_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `loadkeys_exec'($*)) dnl
+	
+	gen_require(`
+		type loadkeys_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, loadkeys_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `loadkeys_exec'($*)) dnl
+	')
+
+## <summary>GNU terminal multiplexer.</summary>
+
+#######################################
+## <summary>
+##	The role template for the screen module.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`screen_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `screen_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute screen_domain;
+		attribute_role screen_roles;
+		type screen_exec_t, screen_tmp_t;
+		type screen_home_t, screen_runtime_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_screen_t, screen_domain;
+	userdom_user_application_domain($1_screen_t, screen_exec_t)
+	domain_interactive_fd($1_screen_t)
+	role screen_roles types $1_screen_t;
+
+	roleattribute $2 screen_roles;
+
+	########################################
+	#
+	# Local policy
+	#
+
+	dontaudit $1_screen_t self:capability sys_tty_config;
+
+	domtrans_pattern($3, screen_exec_t, $1_screen_t)
+
+	ps_process_pattern($3, $1_screen_t)
+	allow $3 $1_screen_t:process { ptrace signal_perms };
+
+	dontaudit $3 $1_screen_t:unix_stream_socket { read write };
+	allow $1_screen_t $3:process signal;
+
+	allow $3 screen_tmp_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $3 screen_tmp_t:file { manage_file_perms relabel_file_perms };
+	allow $3 screen_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+
+	allow $3 screen_home_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $3 screen_home_t:file { manage_file_perms relabel_file_perms };
+	allow $3 screen_home_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $3 screen_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	userdom_user_home_dir_filetrans($3, screen_home_t, dir, ".screen")
+	userdom_user_home_dir_filetrans($3, screen_home_t, file, ".screenrc")
+	userdom_user_home_dir_filetrans($3, screen_home_t, file, ".tmux.conf")
+
+	manage_dirs_pattern($3, screen_runtime_t, screen_runtime_t)
+	manage_files_pattern($3, screen_runtime_t, screen_runtime_t)
+	manage_lnk_files_pattern($3, screen_runtime_t, screen_runtime_t)
+	manage_fifo_files_pattern($3, screen_runtime_t, screen_runtime_t)
+
+	corecmd_bin_domtrans($1_screen_t, $3)
+	corecmd_shell_domtrans($1_screen_t, $3)
+
+	auth_domtrans_chk_passwd($1_screen_t)
+	auth_use_nsswitch($1_screen_t)
+
+	userdom_user_home_domtrans($1_screen_t, $3)
+
+	tunable_policy(`use_samba_home_dirs',`
+		fs_cifs_domtrans($1_screen_t, $3)
+	')
+
+	tunable_policy(`use_nfs_home_dirs',`
+		fs_nfs_domtrans($1_screen_t, $3)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `screen_role_template'($*)) dnl
+	')
+
+## <summary>Peer to peer file sharing tool.</summary>
+
+########################################
+## <summary>
+##	Role access for gift.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`gift_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gift_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role gift_roles, giftd_roles;
+		type gift_t, gift_exec_t, gift_home_t;
+		type giftd_t, giftd_exec_t, gift_tmpfs_t;
+	')
+
+	roleattribute $1 gift_roles;
+	roleattribute $1 giftd_roles;
+
+	domtrans_pattern($2, gift_exec_t, gift_t)
+	domtrans_pattern($2, giftd_exec_t, giftd_t)
+
+	allow $2 gift_home_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { gift_home_t gift_tmpfs_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { gift_home_t gift_tmpfs_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 gift_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $2 gift_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+	userdom_user_home_dir_filetrans($2, gift_home_t, dir, ".giFT")
+
+	ps_process_pattern($2, { gift_t giftd_t })
+	allow $2 { gift_t giftd_t }:process { ptrace signal_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gift_role'($*)) dnl
+	')
+
+## <summary>Evolution email client.</summary>
+
+########################################
+## <summary>
+##	Role access for evolution.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`evolution_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `evolution_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role evolution_roles;
+		type evolution_t, evolution_exec_t, evolution_home_t;
+		type evolution_alarm_t, evolution_alarm_exec_t, evolution_alarm_orbit_tmp_t;
+		type evolution_exchange_t, evolution_exchange_exec_t, evolution_exchange_tmp_t;
+		type evolution_exchange_orbit_tmp_t, evolution_orbit_tmp_t, evolution_server_orbit_tmp_t;
+		type evolution_server_t, evolution_server_exec_t, evolution_webcal_t;
+		type evolution_webcal_exec_t, evolution_alarm_tmpfs_t, evolution_exchange_tmpfs_t;
+		type evolution_tmpfs_t, evolution_webcal_tmpfs_t;
+	')
+
+	roleattribute $1 evolution_roles;
+
+	domtrans_pattern($2, evolution_exec_t, evolution_t)
+	domtrans_pattern($2, evolution_alarm_exec_t, evolution_alarm_t)
+	domtrans_pattern($2, evolution_exchange_exec_t, evolution_exchange_t)
+	domtrans_pattern($2, evolution_server_exec_t, evolution_server_t)
+	domtrans_pattern($2, evolution_webcal_exec_t, evolution_webcal_t)
+
+	allow $2 { evolution_t evolution_alarm_t evolution_exchange_t evolution_server_t evolution_webcal_t }:process { noatsecure ptrace signal_perms };
+	ps_process_pattern($2, { evolution_t evolution_alarm_t evolution_exchange_t })
+	ps_process_pattern($2, { evolution_server_t evolution_webcal_t })
+
+	allow evolution_t $2:dir search_dir_perms;
+	allow evolution_t $2:file read_file_perms;
+	allow evolution_t $2:lnk_file read_lnk_file_perms;
+
+	allow $2 evolution_home_t:dir { relabel_dir_perms manage_dir_perms };
+	allow $2 evolution_home_t:file { relabel_file_perms manage_file_perms };
+	allow $2 evolution_home_t:lnk_file { relabel_lnk_file_perms manage_lnk_file_perms };
+
+	userdom_user_home_dir_filetrans($2, evolution_home_t, dir, ".camel_certs")
+	userdom_user_home_dir_filetrans($2, evolution_home_t, dir, ".evolution")
+
+	allow $2 evolution_exchange_tmp_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { evolution_alarm_orbit_tmp_t evolution_exchange_orbit_tmp_t evolution_orbit_tmp_t evolution_server_orbit_tmp_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+	allow $2 { evolution_alarm_tmpfs_t evolution_exchange_tmpfs_t evolution_tmpfs_t evolution_webcal_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+
+	allow { evolution_t evolution_exchange_t } $2:unix_stream_socket connectto;
+
+	stream_connect_pattern($2, evolution_orbit_tmp_t, evolution_orbit_tmp_t, evolution_t)
+	stream_connect_pattern($2, evolution_exchange_orbit_tmp_t, evolution_exchange_orbit_tmp_t, evolution_exchange_t)
+
+	optional_policy(`
+		evolution_dbus_chat($2)
+		evolution_alarm_dbus_chat($2)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `evolution_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the evolution home
+##	directories with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`evolution_home_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `evolution_home_filetrans'($*)) dnl
+	
+	gen_require(`
+		type evolution_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	filetrans_pattern($1, evolution_home_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `evolution_home_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read evolution home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`evolution_read_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `evolution_read_home_files'($*)) dnl
+	
+	gen_require(`
+		type evolution_home_t;
+	')
+
+	read_files_pattern($1, evolution_home_t, evolution_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `evolution_read_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to evolution using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`evolution_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `evolution_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type evolution_t, evolution_orbit_tmp_t;
+	')
+
+
+	files_search_tmp($1)
+	stream_connect_pattern($1, evolution_orbit_tmp_t, evolution_orbit_tmp_t, evolution_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `evolution_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read evolution orbit temporary
+##	files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`evolution_read_orbit_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `evolution_read_orbit_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type evolution_orbit_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, evolution_orbit_tmp_t, evolution_orbit_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `evolution_read_orbit_tmp_files'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	evolution over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`evolution_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `evolution_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type evolution_t;
+		class dbus send_msg;
+	')
+
+	allow $1 evolution_t:dbus send_msg;
+	allow evolution_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `evolution_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	evolution_alarm over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`evolution_alarm_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `evolution_alarm_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type evolution_alarm_t;
+		class dbus send_msg;
+	')
+
+	allow $1 evolution_alarm_t:dbus send_msg;
+	allow evolution_alarm_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `evolution_alarm_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a domain transition to the
+##	evolution target domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`evolution_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `evolution_domtrans'($*)) dnl
+	
+	gen_require(`
+		type evolution_t, evolution_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, evolution_exec_t, evolution_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `evolution_domtrans'($*)) dnl
+	')
+
+## <summary>Various games.</summary>
+
+########################################
+## <summary>
+##	Role access for games.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`games_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `games_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role games_roles;
+		type games_t, games_exec_t, games_tmp_t;
+		type games_tmpfs_t;
+	')
+
+	roleattribute $1 games_roles;
+
+	domtrans_pattern($2, games_exec_t, games_t)
+
+	allow $2 games_tmp_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { games_tmp_t games_tmpfs_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 games_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $2 games_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	allow $2 games_t:process { ptrace signal_perms };
+	ps_process_pattern($2, games_t)
+
+	stream_connect_pattern($2, games_tmpfs_t, games_tmpfs_t, games_t)
+
+	allow games_t $2:unix_stream_socket connectto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `games_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write games data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`games_rw_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `games_rw_data'($*)) dnl
+	
+	gen_require(`
+		type games_data_t;
+	')
+
+	files_search_var_lib($1)
+	rw_files_pattern($1, games_data_t, games_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `games_rw_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run a game in the game domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`games_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `games_domtrans'($*)) dnl
+	
+	gen_require(`
+		type games_t, games_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, games_exec_t, games_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `games_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	games over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`games_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `games_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type games_t;
+		class dbus send_msg;
+	')
+
+	allow $1 games_t:dbus send_msg;
+	allow games_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `games_dbus_chat'($*)) dnl
+	')
+
+## <summary>GNAT Ada95 compiler.</summary>
+
+########################################
+## <summary>
+##	Execute the ada program in the ada domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ada_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ada_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ada_t, ada_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ada_exec_t, ada_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ada_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ada in the ada domain, and
+##	allow the specified role the ada domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ada_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ada_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role ada_roles;
+	')
+
+	ada_domtrans($1)
+	roleattribute $2 ada_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ada_run'($*)) dnl
+	')
+
+## <summary>Web server log analysis.</summary>
+
+########################################
+## <summary>
+##	Execute webalizer in the webalizer domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`webalizer_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `webalizer_domtrans'($*)) dnl
+	
+	gen_require(`
+		type webalizer_t, webalizer_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, webalizer_exec_t, webalizer_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `webalizer_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute webalizer in the webalizer
+##	domain, and allow the specified
+##	role the webalizer domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`webalizer_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `webalizer_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role webalizer_roles;
+	')
+
+	webalizer_domtrans($1)
+	roleattribute $2 webalizer_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `webalizer_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage webalizer usage files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to manage webalizer usage files
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`manage_webalizer_var_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `manage_webalizer_var_lib'($*)) dnl
+	
+	gen_require(`
+		type webalizer_var_lib_t;
+	')
+
+	allow $1 webalizer_var_lib_t:dir manage_dir_perms;
+	allow $1 webalizer_var_lib_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `manage_webalizer_var_lib'($*)) dnl
+	')
+
+## <summary>Tool for building alternate livecd for different os and policy versions.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run livecd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`livecd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `livecd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type livecd_t, livecd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, livecd_exec_t, livecd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `livecd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute livecd in the livecd
+##	domain, and allow the specified
+##	role the livecd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`livecd_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `livecd_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role livecd_roles;
+	')
+
+	livecd_domtrans($1)
+	roleattribute $2 livecd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `livecd_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read livecd temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`livecd_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `livecd_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type livecd_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, livecd_tmp_t, livecd_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `livecd_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write livecd temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`livecd_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `livecd_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type livecd_tmp_t;
+	')
+
+	files_search_tmp($1)
+	rw_files_pattern($1, livecd_tmp_t, livecd_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `livecd_rw_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write livecd semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`livecd_rw_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `livecd_rw_semaphores'($*)) dnl
+	
+	gen_require(`
+		type livecd_t;
+	')
+
+	allow $1 livecd_t:sem rw_sem_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `livecd_rw_semaphores'($*)) dnl
+	')
+
+## <summary>Log file analyzer for advanced statistics.</summary>
+
+########################################
+## <summary>
+##	Execute the awstats program in
+##	the awstats domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`awstats_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `awstats_domtrans'($*)) dnl
+	
+	gen_require(`
+		type awstats_t, awstats_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, awstats_exec_t, awstats_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `awstats_domtrans'($*)) dnl
+	')
+
+## <summary>Filesystem namespacing/polyinstantiation application.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run seunshare.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`seunshare_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seunshare_domtrans'($*)) dnl
+	
+	gen_require(`
+		type seunshare_t, seunshare_exec_t;
+	')
+
+	domtrans_pattern($1, seunshare_exec_t, seunshare_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seunshare_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute seunshare in the seunshare domain, and
+##	allow the specified role the seunshare domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seunshare_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seunshare_run'($*)) dnl
+	
+	gen_require(`
+		type seunshare_t;
+	')
+
+	seunshare_domtrans($1)
+	role $2 types seunshare_t;
+
+	allow $1 seunshare_t:process signal_perms;
+
+	ifdef(`hide_broken_symptoms', `
+		dontaudit seunshare_t $1:tcp_socket rw_socket_perms;
+		dontaudit seunshare_t $1:udp_socket rw_socket_perms;
+		dontaudit seunshare_t $1:unix_stream_socket rw_socket_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seunshare_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for seunshare
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`seunshare_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seunshare_role'($*)) dnl
+	
+	gen_require(`
+		type seunshare_t;
+	')
+
+	role $2 types seunshare_t;
+
+	seunshare_domtrans($1)
+
+	ps_process_pattern($2, seunshare_t)
+	allow $2 seunshare_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seunshare_role'($*)) dnl
+	')
+
+## <summary>Run .NET server and client applications on Linux.</summary>
+
+#######################################
+## <summary>
+##	The role template for the mono module.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domains which are used
+##	for mono applications.
+##	</p>
+## </desc>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`mono_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mono_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute mono_domain;
+		type mono_exec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_mono_t, mono_domain;
+	domain_type($1_mono_t)
+	domain_entry_file($1_mono_t, mono_exec_t)
+	role $2 types $1_mono_t;
+
+	domain_interactive_fd($1_mono_t)
+	application_type($1_mono_t)
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($3, mono_exec_t, $1_mono_t)
+
+	allow $3 $1_mono_t:process { ptrace noatsecure signal_perms };
+	ps_process_pattern($2, $1_mono_t)
+
+	corecmd_bin_domtrans($1_mono_t, $3)
+
+	userdom_manage_user_tmpfs_files($1_mono_t)
+
+	optional_policy(`
+		fs_dontaudit_rw_tmpfs_files($1_mono_t)
+
+		xserver_role($1_r, $1_mono_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mono_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mono in the mono domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mono_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mono_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mono_t, mono_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mono_exec_t, mono_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mono_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mono in the mono domain, and
+##	allow the specified role the mono domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mono_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mono_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role mono_roles;
+	')
+
+	mono_domtrans($1)
+	roleattribute $2 mono_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mono_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mono in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mono_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mono_exec'($*)) dnl
+	
+	gen_require(`
+		type mono_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, mono_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mono_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write mono shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mono_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mono_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type mono_t;
+	')
+
+	allow $1 mono_t:shm rw_shm_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mono_rw_shm'($*)) dnl
+	')
+
+## <summary>X Window Managers.</summary>
+
+#######################################
+## <summary>
+##	The role template for the wm module.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domains which are used
+##	for window manager applications.
+##	</p>
+## </desc>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`wm_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wm_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute wm_domain;
+		type wm_exec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_wm_t, wm_domain;
+	userdom_user_application_domain($1_wm_t, wm_exec_t)
+	role $2 types $1_wm_t;
+
+	########################################
+	#
+	# Policy
+	#
+
+	allow $3 $1_wm_t:fd use;
+
+	allow $1_wm_t $3:unix_stream_socket connectto;
+	allow $3 $1_wm_t:unix_stream_socket connectto;
+
+	allow $3 $1_wm_t:process { ptrace signal_perms };
+	ps_process_pattern($3, $1_wm_t)
+
+	allow $1_wm_t $3:process { signull sigkill };
+
+	domtrans_pattern($3, wm_exec_t, $1_wm_t)
+
+	corecmd_bin_domtrans($1_wm_t, $3)
+	corecmd_shell_domtrans($1_wm_t, $3)
+
+	mls_file_read_all_levels($1_wm_t)
+	mls_file_write_all_levels($1_wm_t)
+	mls_xwin_read_all_levels($1_wm_t)
+	mls_xwin_write_all_levels($1_wm_t)
+	mls_fd_use_all_levels($1_wm_t)
+
+	auth_use_nsswitch($1_wm_t)
+
+	xserver_role($2, $1_wm_t)
+	xserver_manage_core_devices($1_wm_t)
+
+	wm_write_pipes($1, $3)
+
+	optional_policy(`
+		dbus_connect_spec_session_bus($1, $1_wm_t)
+		dbus_spec_session_bus_client($1, $1_wm_t)
+		dbus_system_bus_client($1_wm_t)
+
+		optional_policy(`
+			wm_dbus_chat($1, $3)
+		')
+	')
+
+	optional_policy(`
+		gnome_stream_connect_all_gkeyringd($1_wm_t)
+	')
+
+	optional_policy(`
+		policykit_run_auth($1_wm_t, $2)
+		policykit_signal_auth($1_wm_t)
+	')
+
+	optional_policy(`
+		pulseaudio_run($1_wm_t, $2)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wm_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute wm in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`wm_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wm_exec'($*)) dnl
+	
+	gen_require(`
+		type wm_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, wm_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wm_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	specified wm over dbus.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`wm_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wm_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type $1_wm_t;
+		class dbus send_msg;
+	')
+
+	allow $2 $1_wm_t:dbus send_msg;
+	allow $1_wm_t $2:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wm_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to execute
+##	files in temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`wm_dontaudit_exec_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wm_dontaudit_exec_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type wm_tmp_t;
+	')
+
+	dontaudit $1 wm_tmp_t:file exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wm_dontaudit_exec_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to execute
+##	files in temporary filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`wm_dontaudit_exec_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wm_dontaudit_exec_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type wm_tmpfs_t;
+	')
+
+	dontaudit $1 wm_tmpfs_t:file exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wm_dontaudit_exec_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain for applications
+##	that are launched by the window
+##	manager.
+## </summary>
+## <desc>
+##	<p>
+##	Create a domain for applications that are launched by the
+##	window manager (implying a domain transition).  Typically
+##	these are graphical applications that are run interactively.
+##	</p>
+##	<p>
+##	The types will be made usable as a domain and file, making
+##	calls to domain_type() and files_type() redundant.
+##	</p>
+## </desc>
+## <param name="target_domain">
+##	<summary>
+##	Type to be used in the domain transition as the application
+##	domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+## <param name="source_domain">
+##	<summary>
+##	Type to be used as the source window manager domain.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`wm_application_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wm_application_domain'($*)) dnl
+	
+	gen_require(`
+		attribute wm_domain;
+	')
+
+	userdom_user_application_domain($1, $2)
+	domtrans_pattern(wm_domain, $2, $1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wm_application_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write wm unnamed pipes.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`wm_write_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wm_write_pipes'($*)) dnl
+	
+	gen_require(`
+		type $1_wm_t;
+	')
+
+	allow $2 $1_wm_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wm_write_pipes'($*)) dnl
+	')
+
+## <summary>Chromium browser</summary>
+
+#######################################
+## <summary>
+## 	Role access for chromium
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+## 	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`chromium_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chromium_role'($*)) dnl
+	
+	gen_require(`
+		type chromium_t;
+		type chromium_renderer_t;
+		type chromium_sandbox_t;
+		type chromium_naclhelper_t;
+		class dbus send_msg;
+	')
+
+	role $1 types chromium_t;
+	role $1 types chromium_renderer_t;
+	role $1 types chromium_sandbox_t;
+	role $1 types chromium_naclhelper_t;
+
+	# Transition from the user domain to the derived domain
+	chromium_domtrans($2)
+
+	# Allow ps to show chromium processes and allow the user to signal it
+	ps_process_pattern($2, chromium_t)
+	ps_process_pattern($2, chromium_renderer_t)
+
+	allow $2 chromium_t:process signal_perms;
+	allow $2 chromium_renderer_t:process signal_perms;
+	allow $2 chromium_naclhelper_t:process signal_perms;
+
+	allow chromium_sandbox_t $2:fd use;
+	allow chromium_naclhelper_t $2:fd use;
+
+	allow $2 chromium_t:dbus send_msg;
+	allow chromium_t $2:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chromium_role'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read-write access to Chromiums' temporary fifo files
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`chromium_rw_tmp_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chromium_rw_tmp_pipes'($*)) dnl
+	
+	gen_require(`
+		type chromium_tmp_t;
+	')
+
+	rw_fifo_files_pattern($1, chromium_tmp_t, chromium_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chromium_rw_tmp_pipes'($*)) dnl
+	')
+
+
+##############################################
+## <summary>
+##	Automatically use the specified type for resources created in chromium's
+##	temporary locations
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain that creates the resource(s)
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Type of the resource created
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	The name of the resource being created
+##	</summary>
+## </param>
+#
+ 	 	define(`chromium_tmp_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chromium_tmp_filetrans'($*)) dnl
+	
+	gen_require(`
+		type chromium_tmp_t;
+	')
+
+	search_dirs_pattern($1, chromium_tmp_t, chromium_tmp_t)
+	filetrans_pattern($1, chromium_tmp_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chromium_tmp_filetrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+## 	Execute a domain transition to the chromium domain (chromium_t)
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`chromium_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chromium_domtrans'($*)) dnl
+	
+	gen_require(`
+		type chromium_t;
+		type chromium_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, chromium_exec_t, chromium_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chromium_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+## 	Execute chromium in the chromium domain and allow the specified role to access the chromium domain
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`chromium_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chromium_run'($*)) dnl
+	
+	gen_require(`
+		type chromium_t;
+	')
+
+	chromium_domtrans($1)
+	role $2 types chromium_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chromium_run'($*)) dnl
+	')
+
+## <summary>User network interface configuration helper.</summary>
+
+########################################
+## <summary>
+##	Execute usernetctl in the usernetctl domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`usernetctl_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usernetctl_domtrans'($*)) dnl
+	
+	gen_require(`
+		type usernetctl_t, usernetctl_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, usernetctl_exec_t, usernetctl_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usernetctl_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute usernetctl in the usernetctl
+##	domain, and allow the specified role
+##	the usernetctl domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`usernetctl_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usernetctl_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role usernetctl_roles;
+	')
+
+	usernetctl_domtrans($1)
+	roleattribute $2 usernetctl_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usernetctl_run'($*)) dnl
+	')
+
+## <summary>Thunderbird email client.</summary>
+
+########################################
+## <summary>
+##	Role access for thunderbird.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`thunderbird_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `thunderbird_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role thunderbird_roles;
+		type thunderbird_t, thunderbird_exec_t, thunderbird_home_t;
+		type thunderbird_tmpfs_t;
+	')
+
+	roleattribute $1 thunderbird_roles;
+
+	domtrans_pattern($2, thunderbird_exec_t, thunderbird_t)
+
+	stream_connect_pattern($2, thunderbird_tmpfs_t, thunderbird_tmpfs_t, thunderbird_t)
+
+	allow thunderbird_t $2:unix_stream_socket connectto;
+
+	allow $2 thunderbird_t:process { ptrace signal_perms };
+	ps_process_pattern($2, thunderbird_t)
+
+	allow $2 thunderbird_home_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 thunderbird_home_t:file { manage_file_perms relabel_file_perms };
+	allow $2 thunderbird_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	userdom_user_home_dir_filetrans($2, thunderbird_home_t, dir, ".thunderbird")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `thunderbird_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute thunderbird in the thunderbird domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`thunderbird_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `thunderbird_domtrans'($*)) dnl
+	
+	gen_require(`
+		type thunderbird_t, thunderbird_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, thunderbird_exec_t, thunderbird_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `thunderbird_domtrans'($*)) dnl
+	')
+
+## <summary>Pulseaudio network sound server.</summary>
+
+########################################
+## <summary>
+##	Role access for pulseaudio.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_role'($*)) dnl
+	
+	gen_require(`
+		attribute pulseaudio_tmpfsfile;
+		type pulseaudio_t, pulseaudio_home_t, pulseaudio_tmpfs_t;
+		type pulseaudio_tmp_t;
+	')
+
+	pulseaudio_run($2, $1)
+
+	allow $2 pulseaudio_t:process { ptrace signal_perms };
+	allow $2 pulseaudio_t:fd use;
+	ps_process_pattern($2, pulseaudio_t)
+
+	allow $2 pulseaudio_home_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 pulseaudio_home_t:file { manage_file_perms relabel_file_perms };
+	allow $2 pulseaudio_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { pulseaudio_tmpfs_t pulseaudio_tmpfsfile }:file { manage_file_perms relabel_file_perms map };
+
+	allow $2 pulseaudio_tmp_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 pulseaudio_tmp_t:file { manage_file_perms relabel_file_perms };
+	allow $2 pulseaudio_tmp_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	allow pulseaudio_t $2:unix_stream_socket connectto;
+	allow pulseaudio_t $2:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run pulseaudio.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`pulseaudio_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_domtrans'($*)) dnl
+	
+	gen_require(`
+		attribute pulseaudio_client;
+		type pulseaudio_t, pulseaudio_exec_t;
+	')
+
+	typeattribute $1 pulseaudio_client;
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, pulseaudio_exec_t, pulseaudio_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pulseaudio in the pulseaudio
+##	domain, and allow the specified role
+##	the pulseaudio domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role pulseaudio_roles;
+	')
+
+	pulseaudio_domtrans($1)
+	roleattribute $2 pulseaudio_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pulseaudio in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`pulseaudio_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_exec'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, pulseaudio_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to execute pulseaudio.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain to not audit.
+## </summary>
+## </param>
+#
+ 	 	define(`pulseaudio_dontaudit_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_dontaudit_exec'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_exec_t;
+	')
+
+	dontaudit $1 pulseaudio_exec_t:file exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_dontaudit_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to pulseaudio.
+##	processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_signull'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_t;
+	')
+
+	allow $1 pulseaudio_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use file descriptors for
+##	pulseaudio.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_use_fds'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_t;
+	')
+
+	allow $1 pulseaudio_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use the
+##	file descriptors for pulseaudio.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`pulseaudio_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_t;
+	')
+
+	dontaudit $1 pulseaudio_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_dontaudit_use_fds'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to pulseaudio with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_t, pulseaudio_runtime_t, pulseaudio_tmp_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, { pulseaudio_tmp_t pulseaudio_runtime_t }, { pulseaudio_tmp_t pulseaudio_runtime_t }, pulseaudio_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	pulseaudio over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_t;
+		class dbus send_msg;
+	')
+
+	allow $1 pulseaudio_t:dbus send_msg;
+	allow pulseaudio_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of pulseaudio home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_setattr_home_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_setattr_home_dir'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_home_t;
+	')
+
+	allow $1 pulseaudio_home_t:dir setattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_setattr_home_dir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read pulseaudio home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_read_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_read_home'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 pulseaudio_home_t:dir list_dir_perms;
+	allow $1 pulseaudio_home_t:file read_file_perms;
+	allow $1 pulseaudio_home_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_read_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write Pulse Audio files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_rw_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_rw_home_files'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	rw_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
+	read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_rw_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	pulseaudio home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_manage_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_manage_home'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 pulseaudio_home_t:dir manage_dir_perms;
+	allow $1 pulseaudio_home_t:file manage_file_perms;
+	allow $1 pulseaudio_home_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_manage_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the pulseaudio
+##	home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_home_filetrans_pulseaudio_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_home_filetrans_pulseaudio_home'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, pulseaudio_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_home_filetrans_pulseaudio_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified tmpfs file type
+##	pulseaudio tmpfs content.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	File type to make pulseaudio tmpfs content.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_tmpfs_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_tmpfs_content'($*)) dnl
+	
+	gen_require(`
+		attribute pulseaudio_tmpfsfile;
+	')
+
+	typeattribute $1 pulseaudio_tmpfsfile;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_tmpfs_content'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read pulseaudio tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_read_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_read_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	read_files_pattern($1, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_read_tmpfs_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write pulseaudio tmpfs
+##	files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_rw_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_rw_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	rw_files_pattern($1, pulseaudio_tmpfs_t, pulseaudio_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_rw_tmpfs_files'($*)) dnl
+	')
+
+
+# Below are Gentoo specifics but ifdef distro_gentoo cannot be used in interfaces
+
+########################################
+## <summary>
+##	Mark the specified domain as a PulseAudio client domain
+##	and the related tmpfs file type as a (shared) PulseAudio tmpfs
+##	file type used for the shared memory access
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to become a PulseAudio client domain
+##	</summary>
+## </param>
+## <param name="tmpfstype">
+##	<summary>
+##	Tmpfs type used for shared memory of the given domain
+##	</summary>
+## </param>
+#
+ 	 	define(`pulseaudio_client_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pulseaudio_client_domain'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	pulseaudio_domtrans($1)
+	pulseaudio_tmpfs_content($2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pulseaudio_client_domain'($*)) dnl
+	')
+
+## <summary>Mplayer media player and encoder.</summary>
+
+########################################
+## <summary>
+##	Role access for mplayer
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`mplayer_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mplayer_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role mencoder_roles, mplayer_roles;
+		type mencoder_t, mencoder_exec_t, mplayer_home_t;
+		type mplayer_t, mplayer_exec_t, mplayer_tmpfs_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $1 mencoder_roles;
+	roleattribute $1 mplayer_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($2, mencoder_exec_t, mencoder_t)
+	domtrans_pattern($2, mplayer_exec_t, mplayer_t)
+
+	allow $2 { mplayer_t mencoder_t }:process { ptrace signal_perms };
+	ps_process_pattern($2, { mplayer_t mencoder_t })
+
+	allow $2 mplayer_home_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 mplayer_home_t:file { manage_file_perms relabel_file_perms };
+	allow $2 mplayer_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	userdom_user_home_dir_filetrans($2, mplayer_home_t, dir, ".mplayer")
+
+	allow $2 mplayer_tmpfs_t:file { manage_file_perms relabel_file_perms };
+	allow $2 mplayer_tmpfs_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 mplayer_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $2 mplayer_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mplayer_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run mplayer in mplayer domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mplayer_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mplayer_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mplayer_t, mplayer_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mplayer_exec_t, mplayer_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mplayer_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mplayer in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`mplayer_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mplayer_exec'($*)) dnl
+	
+	gen_require(`
+		type mplayer_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, mplayer_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mplayer_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read mplayer user home content files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mplayer_read_user_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mplayer_read_user_home_files'($*)) dnl
+	
+	gen_require(`
+		type mplayer_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	read_files_pattern($1, mplayer_home_t, mplayer_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mplayer_read_user_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	generic mplayer home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mplayer_manage_generic_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mplayer_manage_generic_home_content'($*)) dnl
+	
+	gen_require(`
+		type mplayer_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 mplayer_home_t:dir manage_dir_perms;
+	allow $1 mplayer_home_t:file manage_file_perms;
+	allow $1 mplayer_home_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mplayer_manage_generic_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	directories with the generic mplayer
+##	home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mplayer_home_filetrans_mplayer_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mplayer_home_filetrans_mplayer_home'($*)) dnl
+	
+	gen_require(`
+		type mplayer_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, mplayer_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mplayer_home_filetrans_mplayer_home'($*)) dnl
+	')
+
+## <summary>Lock one or more sessions on the Linux console.</summary>
+
+#######################################
+## <summary>
+## 	Execute vlock in the vlock domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`vlock_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vlock_domtrans'($*)) dnl
+	
+	gen_require(`
+		type vlock_t, vlock_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, vlock_exec_t, vlock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vlock_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute vlock in the vlock domain,
+##	and allow the specified role
+##	the vlock domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed to access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`vlock_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vlock_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role vlock_roles;
+	')
+
+	vlock_domtrans($1)
+	roleattribute $2 vlock_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vlock_run'($*)) dnl
+	')
+
+## <summary>User mode linux tools and services.</summary>
+
+########################################
+## <summary>
+##	Role access for uml.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`uml_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uml_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role uml_roles;
+		type uml_t, uml_exec_t;
+		type uml_ro_t, uml_rw_t, uml_tmp_t;
+		type uml_tmpfs_t;
+	')
+
+	roleattribute $1 uml_roles;
+
+	domtrans_pattern($2, uml_exec_t, uml_t)
+
+	dgram_send_pattern($2, uml_tmpfs_t, uml_tmpfs_t, uml_t)
+
+	allow uml_t $2:unix_dgram_socket sendto;
+
+	ps_process_pattern($2, uml_t)
+	allow $2 uml_t:process { ptrace signal_perms };
+
+	allow $2 { uml_ro_t uml_rw_t uml_tmp_t uml_exec_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { uml_ro_t uml_rw_t uml_tmp_t uml_tmpfs_t uml_exec_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { uml_ro_t uml_rw_t uml_tmpfs_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 { uml_ro_t uml_rw_t uml_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $2 { uml_ro_t uml_rw_t uml_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+	userdom_user_home_dir_filetrans($2, uml_rw_t, dir, ".uml")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uml_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of uml pid sock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uml_setattr_util_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uml_setattr_util_sockets'($*)) dnl
+	
+	gen_require(`
+		type uml_switch_runtime_t;
+	')
+
+	allow $1 uml_switch_runtime_t:sock_file setattr_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uml_setattr_util_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	uml pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uml_manage_util_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uml_manage_util_files'($*)) dnl
+	
+	gen_require(`
+		type uml_switch_runtime_t;
+	')
+
+	manage_files_pattern($1, uml_switch_runtime_t, uml_switch_runtime_t)
+	manage_lnk_files_pattern($1, uml_switch_runtime_t, uml_switch_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uml_manage_util_files'($*)) dnl
+	')
+
+## <summary>Yum/Apt Mirroring.</summary>
+
+########################################
+## <summary>
+##	Execute yam in the yam domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`yam_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `yam_domtrans'($*)) dnl
+	
+	gen_require(`
+		type yam_t, yam_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, yam_exec_t, yam_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `yam_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute yam in the yam domain, and
+##	allow the specified role the yam domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`yam_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `yam_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role yam_roles;
+	')
+
+	yam_domtrans($1)
+	roleattribute $2 yam_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `yam_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read yam content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`yam_read_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `yam_read_content'($*)) dnl
+	
+	gen_require(`
+		type yam_content_t;
+	')
+
+	allow $1 yam_content_t:dir list_dir_perms;
+	read_files_pattern($1, yam_content_t, yam_content_t)
+	read_lnk_files_pattern($1, yam_content_t, yam_content_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `yam_read_content'($*)) dnl
+	')
+
+## <summary>libmtp: An Initiatior implementation of the Media Transfer Protocol (MTP).</summary>
+
+###########################################################
+## <summary>
+##	Role access for libmtp.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`libmtp_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libmtp_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role libmtp_roles;
+		type libmtp_t, libmtp_exec_t;
+	')
+
+	roleattribute $1 libmtp_roles;
+
+	domtrans_pattern($2, libmtp_exec_t, libmtp_t)
+
+	allow $2 libmtp_t:process { ptrace signal_perms };
+	ps_process_pattern($2, libmtp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libmtp_role'($*)) dnl
+	')
+
+## <summary>A Unix manpage-to-HTML converter.</summary>
+## <summary>Library for locking devices.</summary>
+
+########################################
+## <summary>
+##	Role access for lockdev.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`lockdev_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lockdev_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role lockdev_roles;
+		type lockdev_t, lockdev_exec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $1 lockdev_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($2, lockdev_exec_t, lockdev_t)
+
+	allow $2 lockdev_t:process { ptrace signal_perms };
+	ps_process_pattern($2, lockdev_t)
+
+	allow lockdev_t $2:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lockdev_role'($*)) dnl
+	')
+
+## <summary>Policy for GNU Privacy Guard and related programs.</summary>
+
+############################################################
+## <summary>
+##	Role access for gpg.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role gpg_roles, gpg_agent_roles, gpg_helper_roles, gpg_pinentry_roles;
+		type gpg_t, gpg_exec_t, gpg_agent_t;
+		type gpg_agent_exec_t, gpg_agent_tmp_t, gpg_helper_t;
+		type gpg_pinentry_t, gpg_pinentry_tmp_t, gpg_secret_t;
+	')
+
+	roleattribute $1 gpg_roles;
+	roleattribute $1 gpg_agent_roles;
+	roleattribute $1 gpg_helper_roles;
+	roleattribute $1 gpg_pinentry_roles;
+
+	domtrans_pattern($2, gpg_exec_t, gpg_t)
+	domtrans_pattern($2, gpg_agent_exec_t, gpg_agent_t)
+
+	allow $2 self:process setrlimit;
+	allow $2 { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t }:process { ptrace signal_perms };
+	ps_process_pattern($2, { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t })
+
+	allow gpg_pinentry_t $2:process signull;
+	allow gpg_helper_t $2:fd use;
+	allow { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t } $2:fifo_file { read write };
+
+	allow $2 { gpg_agent_tmp_t gpg_secret_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { gpg_agent_tmp_t gpg_secret_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 gpg_secret_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 { gpg_agent_tmp_t gpg_pinentry_tmp_t gpg_secret_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+	filetrans_pattern($2, gpg_secret_t, gpg_agent_tmp_t, sock_file, "log-socket")
+	userdom_user_home_dir_filetrans($2, gpg_secret_t, dir, ".gnupg")
+
+	optional_policy(`
+		gpg_pinentry_dbus_chat($2)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the gpg in the gpg domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_domtrans'($*)) dnl
+	
+	gen_require(`
+		type gpg_t, gpg_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, gpg_exec_t, gpg_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the gpg in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_exec'($*)) dnl
+	
+	gen_require(`
+		type gpg_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, gpg_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute gpg in a specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute gpg in a specified domain.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="source_domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	Domain to transition to.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type gpg_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domain_auto_transition_pattern($1, gpg_exec_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_spec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the gpg-agent in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_exec_agent',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_exec_agent'($*)) dnl
+	
+	gen_require(`
+		type gpg_agent_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, gpg_agent_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_exec_agent'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Make gpg executable files an
+##	entrypoint for the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain for which gpg_exec_t is an entrypoint.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_entry_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_entry_type'($*)) dnl
+	
+	gen_require(`
+		type gpg_exec_t;
+	')
+
+	domain_entry_file($1, gpg_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_entry_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to gpg.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_signal'($*)) dnl
+	
+	gen_require(`
+		type gpg_t;
+	')
+
+	allow $1 gpg_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write gpg agent pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_rw_agent_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_rw_agent_pipes'($*)) dnl
+	
+	gen_require(`
+		type gpg_agent_t;
+	')
+
+	allow $1 gpg_agent_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_rw_agent_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to gpg agent socket
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_stream_connect_agent',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_stream_connect_agent'($*)) dnl
+	
+	gen_require(`
+		type gpg_agent_t, gpg_agent_tmp_t;
+		type gpg_secret_t, gpg_runtime_t;
+	')
+
+	stream_connect_pattern($1, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
+	allow $1 { gpg_secret_t gpg_runtime_t }:dir search_dir_perms;
+	userdom_search_user_runtime($1)
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_stream_connect_agent'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search gpg agent dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_search_agent_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_search_agent_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type gpg_agent_tmp_t;
+	')
+
+	allow $1 gpg_agent_tmp_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_search_agent_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	filetrans in gpg_agent_tmp_t dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_agent_tmp_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_agent_tmp_filetrans'($*)) dnl
+	
+	gen_require(`
+		type gpg_agent_tmp_t;
+	')
+
+	filetrans_pattern($1, gpg_agent_tmp_t, $2, $3, $4)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_agent_tmp_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	filetrans in gpg_runtime_t dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_runtime_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_runtime_filetrans'($*)) dnl
+	
+	gen_require(`
+		type gpg_runtime_t;
+	')
+
+	filetrans_pattern($1, gpg_runtime_t, $2, $3, $4)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_runtime_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	filetrans in gpg_secret_t dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_secret_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_secret_filetrans'($*)) dnl
+	
+	gen_require(`
+		type gpg_secret_t;
+	')
+
+	filetrans_pattern($1, gpg_secret_t, $2, $3, $4)
+	allow $1 gpg_secret_t:dir search_dir_perms;
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_secret_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send messages to and from gpg
+##	pinentry over DBUS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_pinentry_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_pinentry_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type gpg_pinentry_t;
+		class dbus send_msg;
+	')
+
+	allow $1 gpg_pinentry_t:dbus send_msg;
+	allow gpg_pinentry_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_pinentry_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List gpg user secrets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpg_list_user_secrets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpg_list_user_secrets'($*)) dnl
+	
+	gen_require(`
+		type gpg_secret_t;
+	')
+
+	list_dirs_pattern($1, gpg_secret_t, gpg_secret_t)
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpg_list_user_secrets'($*)) dnl
+	')
+
+## <summary>helper function for grantpt(3), changes ownship and permissions of pseudotty.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run ptchown.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`ptchown_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ptchown_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ptchown_t, ptchown_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ptchown_exec_t, ptchown_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ptchown_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute ptchown in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ptchown_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ptchown_exec'($*)) dnl
+	
+	gen_require(`
+		type ptchown_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, ptchown_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ptchown_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ptchown in the ptchown
+##	domain, and allow the specified
+##	role the ptchown domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ptchown_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ptchown_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role ptchown_roles;
+	')
+
+	ptchown_domtrans($1)
+	roleattribute $2 ptchown_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ptchown_run'($*)) dnl
+	')
+
+## <summary>QEMU machine emulator and virtualizer.</summary>
+
+#######################################
+## <summary>
+##	The template to define a qemu domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_domain_template'($*)) dnl
+	
+	##############################
+	#
+	# Declarations
+	#
+
+	type $1_t;
+	domain_type($1_t)
+
+	type $1_tmp_t;
+	files_tmp_file($1_tmp_t)
+
+	##############################
+	#
+	# Policy
+	#
+
+	allow $1_t self:capability { dac_override dac_read_search };
+	allow $1_t self:process { execstack execmem signal getsched };
+	allow $1_t self:fifo_file rw_file_perms;
+	allow $1_t self:shm create_shm_perms;
+	allow $1_t self:unix_stream_socket create_stream_socket_perms;
+	allow $1_t self:tcp_socket create_stream_socket_perms;
+	allow $1_t self:tun_socket create;
+
+	manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t)
+	manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
+	files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
+
+	kernel_read_system_state($1_t)
+
+	corenet_all_recvfrom_unlabeled($1_t)
+	corenet_all_recvfrom_netlabel($1_t)
+	corenet_tcp_sendrecv_generic_if($1_t)
+	corenet_tcp_sendrecv_generic_node($1_t)
+	corenet_tcp_bind_generic_node($1_t)
+	corenet_tcp_bind_vnc_port($1_t)
+	corenet_rw_tun_tap_dev($1_t)
+
+#	dev_rw_kvm($1_t)
+
+	domain_use_interactive_fds($1_t)
+
+	files_read_etc_files($1_t)
+	files_read_usr_files($1_t)
+	files_read_var_files($1_t)
+	files_search_all($1_t)
+
+	fs_list_inotifyfs($1_t)
+	fs_rw_anon_inodefs_files($1_t)
+	fs_rw_tmpfs_files($1_t)
+
+	storage_raw_write_removable_device($1_t)
+	storage_raw_read_removable_device($1_t)
+
+	term_use_ptmx($1_t)
+	term_getattr_pty_fs($1_t)
+	term_use_generic_ptys($1_t)
+
+	miscfiles_read_localization($1_t)
+
+	sysnet_read_config($1_t)
+
+	userdom_use_user_terminals($1_t)
+	userdom_attach_admin_tun_iface($1_t)
+
+	optional_policy(`
+		samba_domtrans_smbd($1_t)
+	')
+
+	optional_policy(`
+		virt_manage_images($1_t)
+		virt_read_config($1_t)
+		virt_read_lib_files($1_t)
+		virt_attach_tun_iface($1_t)
+	')
+
+	optional_policy(`
+		xserver_stream_connect($1_t)
+		xserver_read_xdm_tmp_files($1_t)
+		xserver_read_xdm_pid($1_t)
+#		xserver_xdm_rw_shm($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for qemu.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_role'($*)) dnl
+	
+	gen_require(`
+		type qemu_t;
+	')
+
+	qemu_run($2, $1)
+
+	allow $2 qemu_t:process { ptrace signal_perms };
+	ps_process_pattern($2, qemu_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run qemu.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_domtrans'($*)) dnl
+	
+	gen_require(`
+		type qemu_t, qemu_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, qemu_exec_t, qemu_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a qemu in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_exec'($*)) dnl
+	
+	gen_require(`
+		type qemu_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, qemu_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute qemu in the qemu domain,
+##	and allow the specified role the
+##	qemu domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`qemu_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role qemu_roles;
+	')
+
+	qemu_domtrans($1)
+	roleattribute $2 qemu_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read qemu process state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to allow access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_read_state'($*)) dnl
+	
+	gen_require(`
+		type qemu_t;
+	')
+
+	kernel_search_proc($1)
+	allow $1 qemu_t:dir list_dir_perms;
+	allow $1 qemu_t:file read_file_perms;
+	allow $1 qemu_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set qemu scheduler.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_setsched',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_setsched'($*)) dnl
+	
+	gen_require(`
+		type qemu_t;
+	')
+
+	allow $1 qemu_t:process setsched;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_setsched'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to qemu.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_signal'($*)) dnl
+	
+	gen_require(`
+		type qemu_t;
+	')
+
+	allow $1 qemu_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to qemu.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_kill'($*)) dnl
+	
+	gen_require(`
+		type qemu_t;
+	')
+
+	allow $1 qemu_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to qemu with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type qemu_t, qemu_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, qemu_runtime_t, qemu_runtime_t, qemu_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unlink qemu socket
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_delete_pid_sock_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_delete_pid_sock_file'($*)) dnl
+	
+	gen_require(`
+		type qemu_runtime_t;
+	')
+
+	allow $1 qemu_runtime_t:sock_file unlink;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_delete_pid_sock_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run qemu unconfined.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_domtrans_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_domtrans_unconfined'($*)) dnl
+	
+	gen_require(`
+		type unconfined_qemu_t, qemu_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, qemu_exec_t, unconfined_qemu_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_domtrans_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	qemu temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_manage_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_manage_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type qemu_tmp_t;
+	')
+
+	files_search_tmp($1)
+	manage_dirs_pattern($1, qemu_tmp_t, qemu_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_manage_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	qemu temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_manage_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_manage_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type qemu_tmp_t;
+	')
+
+	files_search_tmp($1)
+	manage_files_pattern($1, qemu_tmp_t, qemu_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_manage_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute qemu in a specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute qemu in a specified domain.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="source_domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	Domain to transition to.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type qemu_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domain_auto_transition_pattern($1, qemu_exec_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_spec_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Make qemu executable files an
+##	entrypoint for the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain for which qemu_exec_t is an entrypoint.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_entry_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_entry_type'($*)) dnl
+	
+	gen_require(`
+		type qemu_exec_t;
+	')
+
+	domain_entry_file($1, qemu_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_entry_type'($*)) dnl
+	')
+
+
+# Gentoo specific but cannot use ifdef distro_gentoo here
+
+#######################################
+## <summary>
+##	Read/write to qemu socket files in /var/run
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qemu_rw_pid_sock_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qemu_rw_pid_sock_files'($*)) dnl
+	
+	gen_require(`
+		type qemu_runtime_t;
+	')
+
+	allow $1 qemu_runtime_t:sock_file rw_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qemu_rw_pid_sock_files'($*)) dnl
+	')
+
+## <summary>Wireshark packet capture tool.</summary>
+
+############################################################
+## <summary>
+##	Role access for wireshark.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`wireshark_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wireshark_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role wireshark_roles;
+		type wireshark_t, wireshark_exec_t, wireshark_home_t;
+		type wireshark_tmp_t, wireshark_tmpfs_t;
+	')
+
+	roleattribute $1 wireshark_roles;
+
+	domtrans_pattern($2, wireshark_exec_t, wireshark_t)
+
+	allow $2 wireshark_t:process { ptrace signal_perms };
+	ps_process_pattern($2, wireshark_t)
+
+	allow $2 { wireshark_tmp_t wireshark_home_t wireshark_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { wireshark_tmp_t wireshark_home_t wireshark_tmpfs_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { wireshark_home_t wireshark_tmpfs_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $2 wireshark_tmpfs_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+	allow $2 wireshark_tmpfs_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	userdom_user_home_dir_filetrans($2, wireshark_home_t, dir, ".wireshark")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wireshark_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute wireshark in wireshark domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`wireshark_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wireshark_domtrans'($*)) dnl
+	
+	gen_require(`
+		type wireshark_t, wireshark_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, wireshark_exec_t, wireshark_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wireshark_domtrans'($*)) dnl
+	')
+
+## <summary>Links web browser</summary>
+
+#######################################
+## <summary>
+##      The role interface for the links module.
+## </summary>
+## <param name="user_role">
+##      <summary>
+##      The role associated with the user domain.
+##      </summary>
+## </param>
+## <param name="user_domain">
+##      <summary>
+##      The type of the user domain.
+##      </summary>
+## </param>
+#
+ 	 	define(`links_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `links_role'($*)) dnl
+	
+	gen_require(`
+		type links_t, links_exec_t, links_tmpfs_t, links_home_t;
+	')
+
+	#######################################
+	#
+	# Declarations
+	#
+	
+	role $1 types links_t;
+
+	############################
+	#
+	# Policy
+	#
+
+	manage_dirs_pattern($2, links_home_t, links_home_t)
+	manage_files_pattern($2, links_home_t, links_home_t)
+	manage_lnk_files_pattern($2, links_home_t, links_home_t)
+
+	relabel_dirs_pattern($2, links_home_t, links_home_t)
+	relabel_files_pattern($2, links_home_t, links_home_t)
+	relabel_lnk_files_pattern($2, links_home_t, links_home_t)
+
+	domtrans_pattern($2, links_exec_t, links_t)
+
+	ps_process_pattern($2, links_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `links_role'($*)) dnl
+	')
+	
+## <summary>PHP FastCGI Process Manager</summary>
+
+#################################################
+## <summary>
+## 	Administrate a phpfpm environment
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+# 
+ 	 	define(`phpfpm_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `phpfpm_admin'($*)) dnl
+	
+	gen_require(`
+		type phpfpm_t;
+		type phpfpm_log_t, phpfpm_tmp_t, phpfpm_runtime_t;
+	')
+
+	allow $1 phpfpm_t:process { ptrace signal_perms };
+	ps_process_pattern($1, phpfpm_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, phpfpm_log_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, phpfpm_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, phpfpm_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `phpfpm_admin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Connect to phpfpm using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`phpfpm_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `phpfpm_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type phpfpm_t, phpfpm_runtime_t;
+	')
+	stream_connect_pattern($1, phpfpm_runtime_t, phpfpm_runtime_t, phpfpm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `phpfpm_stream_connect'($*)) dnl
+	')
+
+## <summary>policy for dirsrv</summary>
+#
+# Provided by the 389-ds-base package
+
+########################################
+## <summary>
+##	Execute a domain transition to run dirsrv.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`dirsrv_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_t, dirsrv_exec_t;
+	')
+
+	domain_auto_transition_pattern($1, dirsrv_exec_t, dirsrv_t)
+
+	allow dirsrv_t $1:fd use;
+	allow dirsrv_t $1:fifo_file rw_file_perms;
+	allow dirsrv_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_domtrans'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##  Allow caller to signal dirsrv.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dirsrv_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_signal'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_t;
+	')
+
+	allow $1 dirsrv_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_signal'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send a null signal to dirsrv.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dirsrv_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_signull'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_t;
+	')
+
+	allow $1 dirsrv_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_signull'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow a domain to manage dirsrv logs.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`dirsrv_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_manage_log'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_var_log_t;
+	')
+
+	allow $1 dirsrv_var_log_t:dir manage_dir_perms;
+	allow $1 dirsrv_var_log_t:file manage_file_perms;
+	allow $1 dirsrv_var_log_t:fifo_file manage_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_manage_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow a domain to manage dirsrv /var/lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`dirsrv_manage_var_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_manage_var_lib'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_var_lib_t;
+	')
+	allow $1 dirsrv_var_lib_t:dir manage_dir_perms;
+	allow $1 dirsrv_var_lib_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_manage_var_lib'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow a domain to manage dirsrv /var/run files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`dirsrv_manage_var_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_manage_var_run'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_runtime_t;
+	')
+	allow $1 dirsrv_runtime_t:dir manage_dir_perms;
+	allow $1 dirsrv_runtime_t:file manage_file_perms;
+	allow $1 dirsrv_runtime_t:sock_file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_manage_var_run'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Allow a domain to create dirsrv pid directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dirsrv_pid_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_pid_filetrans'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_runtime_t;
+	')
+	# Allow creating a dir in /var/run with this type
+	files_pid_filetrans($1, dirsrv_runtime_t, dir)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_pid_filetrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow a domain to read dirsrv /var/run files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`dirsrv_read_var_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_read_var_run'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_runtime_t;
+	')
+	allow $1 dirsrv_runtime_t:dir list_dir_perms;
+	allow $1 dirsrv_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_read_var_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage dirsrv configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dirsrv_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_manage_config'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_config_t;
+	')
+
+	allow $1 dirsrv_config_t:dir manage_dir_perms;
+	allow $1 dirsrv_config_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read dirsrv share files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dirsrv_read_share',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirsrv_read_share'($*)) dnl
+	
+	gen_require(`
+		type dirsrv_share_t;
+	')
+
+	allow $1 dirsrv_share_t:dir list_dir_perms;
+	allow $1 dirsrv_share_t:file read_file_perms;
+	allow $1 dirsrv_share_t:lnk_file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirsrv_read_share'($*)) dnl
+	')
+
+## <summary>Log file monitoring tool</summary>
+
+#######################################
+## <summary>
+##	All of the rules required to administrate
+##	a logsentry environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logsentry_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logsentry_admin'($*)) dnl
+	
+	gen_require(`
+		type logsentry_t, logsentry_etc_t, logsentry_tmp_t, logsentry_filter_t;
+	')
+
+	allow $1 logsentry_t:process { ptrace signal_perms };
+	ps_process_pattern($1, logsentry_t)
+
+	files_list_etc($1)
+	admin_pattern($1, logsentry_etc_t)
+	admin_pattern($1, logsentry_filter_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, logsentry_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logsentry_admin'($*)) dnl
+	')
+
+## <summary>Ceph distributed object storage</summary>
+
+#########################################
+## <summary>
+##	Create the individual Ceph domains
+## </summary>
+## <param name="cephdaemon">
+##	<summary>
+##	The daemon (osd, mds or mon) for which the rules are created
+##	</summary>
+## </param>
+#
+ 	 	define(`ceph_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ceph_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute cephdomain;
+		attribute cephdata;
+		attribute cephpidfile;
+		attribute_role ceph_roles;
+		
+		type ceph_runtime_t;
+	')
+
+	type ceph_$1_t, cephdomain;
+	type ceph_$1_exec_t;
+	init_system_domain(ceph_$1_t, ceph_$1_exec_t)
+	role ceph_roles types ceph_$1_t;
+
+	type ceph_$1_data_t, cephdata;
+	files_type(ceph_$1_data_t)
+
+	type ceph_$1_runtime_t, cephpidfile;
+	typealias ceph_$1_runtime_t alias ceph_$1_var_run_t;
+	files_pid_file(ceph_$1_runtime_t)
+
+	########################################
+	#
+	# Local policy 
+	#
+	# Rules which cannot be made part of the domain
+
+	allow ceph_$1_t ceph_$1_runtime_t:file manage_file_perms;
+	allow ceph_$1_t ceph_$1_runtime_t:sock_file manage_file_perms;
+	allow ceph_$1_t ceph_$1_data_t:dir manage_dir_perms;
+	allow ceph_$1_t ceph_$1_data_t:file manage_file_perms;
+
+	filetrans_pattern(ceph_$1_t, ceph_runtime_t, ceph_$1_runtime_t, { file sock_file })
+
+	files_var_lib_filetrans(ceph_$1_t, ceph_$1_data_t, { file dir })
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ceph_domain_template'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+## 	Administrative access for Ceph
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`ceph_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ceph_admin'($*)) dnl
+	
+	gen_require(`
+		attribute cephdomain, cephdata;
+		type ceph_initrc_exec_t, ceph_log_t;
+		type ceph_conf_t, ceph_key_t;
+	')
+
+	allow $1 cephdomain:process { ptrace signal_perms };
+	ps_process_pattern($1, cephdomain)
+
+	init_startstop_service($1, $2, cephdomain, ceph_initrc_exec_t)
+	allow $1 ceph_initrc_exec_t:lnk_file read_lnk_file_perms;
+	allow $1 ceph_initrc_exec_t:file read_file_perms;
+
+	files_list_etc($1)
+	admin_pattern($1, ceph_conf_t)
+	admin_pattern($1, ceph_key_t)
+
+	admin_pattern($1, cephdata)
+
+	admin_pattern($1, ceph_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ceph_admin'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read Ceph key files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`ceph_read_key',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ceph_read_key'($*)) dnl
+	
+	gen_require(`
+		type ceph_key_t;
+	')
+
+	allow $1 ceph_key_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ceph_read_key'($*)) dnl
+	')
+
+## <summary>rtorrent torrent client</summary>
+
+#######################################
+## <summary>
+## 	Role access for rtorrent
+## </summary>
+## <param name="user_role">
+##      <summary>
+##      The role associated with the user domain.
+##      </summary>
+## </param>
+## <param name="user_domain">
+##      <summary>
+##      The user domain.
+##      </summary>
+## </param>
+#
+ 	 	define(`rtorrent_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rtorrent_role'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_t, rtorrent_exec_t, rtorrent_home_t, rtorrent_session_t;
+	')
+
+	role $1 types rtorrent_t;
+
+	domtrans_pattern($2, rtorrent_exec_t, rtorrent_t)
+
+	allow $2 rtorrent_t:process signal_perms;
+
+	manage_files_pattern($2, rtorrent_home_t, rtorrent_home_t)
+
+	manage_files_pattern($2, rtorrent_session_t, rtorrent_session_t)
+	manage_dirs_pattern($2, rtorrent_session_t, rtorrent_session_t)
+
+	ps_process_pattern($2, rtorrent_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rtorrent_role'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##      Administer the rtorrent application.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <param name="role">
+##      <summary>
+##      Role allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`rtorrent_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rtorrent_admin'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_t;
+	')
+
+	allow $1 rtorrent_t:process ptrace;
+
+	rtorrent_role($2, $1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rtorrent_admin'($*)) dnl
+	')
+
+## <summary>Dropbox client - Store, Sync and Share Files Online</summary>
+
+#######################################
+## <summary>
+##      The role for using the dropbox client.
+## </summary>
+## <param name="role">
+##      <summary>
+##      The role associated with the user domain.
+##      </summary>
+## </param>
+## <param name="domain">
+##      <summary>
+##      The user domain.
+##      </summary>
+## </param>
+#
+ 	 	define(`dropbox_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dropbox_role'($*)) dnl
+	
+	gen_require(`
+		type dropbox_t;
+		type dropbox_exec_t;
+		type dropbox_home_t;
+		type dropbox_tmp_t;
+	')
+
+	role $1 types dropbox_t;
+
+	domtrans_pattern($2, dropbox_exec_t, dropbox_t)
+
+	allow $2 dropbox_t:process { ptrace signal_perms };
+
+	manage_dirs_pattern($2, dropbox_home_t, dropbox_home_t)
+	manage_files_pattern($2, dropbox_home_t, dropbox_home_t)
+	manage_sock_files_pattern($2, dropbox_home_t, dropbox_home_t)
+
+	manage_files_pattern($2, dropbox_home_t, dropbox_exec_t)
+	manage_lnk_files_pattern($2, dropbox_home_t, dropbox_exec_t)
+
+	userdom_user_home_dir_filetrans($2, dropbox_home_t, dir, ".dropbox-dist")
+	filetrans_pattern($2, dropbox_home_t, dropbox_exec_t, file, "dropbox")
+	filetrans_pattern($2, dropbox_home_t, dropbox_exec_t, file, "dropboxd")
+
+	manage_dirs_pattern($2, dropbox_tmp_t, dropbox_tmp_t)
+	manage_files_pattern($2, dropbox_tmp_t, dropbox_tmp_t)
+
+	allow $2 dropbox_content_t:dir relabel_dir_perms;
+	allow $2 dropbox_content_t:file relabel_file_perms;
+
+	dropbox_manage_content($2)
+	dropbox_dbus_chat($2)
+
+	ps_process_pattern($2, dropbox_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dropbox_role'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##     Send and receive messages from the dropbox daemon
+##     over dbus.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`dropbox_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dropbox_dbus_chat'($*)) dnl
+	
+       gen_require(`
+               type dropbox_t;
+               class dbus send_msg;
+       ')
+
+       allow $1 dropbox_t:dbus send_msg;
+       allow dropbox_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dropbox_dbus_chat'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##      Allow other domains to read dropbox's content files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      The domain that is allowed read access to the dropbox_content_t files
+##      </summary>
+## </param>
+#
+ 	 	define(`dropbox_read_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dropbox_read_content'($*)) dnl
+	
+	gen_require(`
+		type dropbox_content_t;
+	')
+
+	list_dirs_pattern($1, dropbox_content_t, dropbox_content_t)
+	read_files_pattern($1, dropbox_content_t, dropbox_content_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dropbox_read_content'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##      Allow other domains to manage dropbox's content files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      The domain that is allowed to manage the dropbox_content_t files and directories
+##      </summary>
+## </param>
+#
+ 	 	define(`dropbox_manage_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dropbox_manage_content'($*)) dnl
+	
+	gen_require(`
+		type dropbox_content_t;
+	')
+
+	manage_dirs_pattern($1, dropbox_content_t, dropbox_content_t)
+	manage_files_pattern($1, dropbox_content_t, dropbox_content_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dropbox_manage_content'($*)) dnl
+	')
+
+
+## <summary>Policy for gorg</summary>
+
+#######################################
+## <summary>
+##      Role access for gorg
+## </summary>
+## <param name="role">
+##      <summary>
+##      Role allowed access
+##      </summary>
+## </param>
+## <param name="domain">
+##      <summary>
+##      User domain for the role
+##      </summary>
+## </param>
+#
+ 	 	define(`gorg_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gorg_role'($*)) dnl
+	
+	gen_require(`
+		type gorg_t, gorg_exec_t;
+	')
+
+	role $1 types gorg_t;
+
+	domain_auto_transition_pattern($2, gorg_exec_t, gorg_t)
+	allow $2 gorg_t:process { noatsecure siginh rlimitinh };
+	allow gorg_t $2:fd use;
+	allow gorg_t $2:process { sigchld signull };
+
+	ps_process_pattern($2, gorg_t)
+	allow $2 gorg_t:process signal_perms;
+	# Needed for command-usage (pipe)
+	allow gorg_t $2:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gorg_role'($*)) dnl
+	')
+
+## <summary>uWSGI server for Python web applications</summary>
+
+########################################
+## <summary>
+##	Connect to uwsgi using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uwsgi_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uwsgi_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type uwsgi_t, uwsgi_run_t;
+	')
+
+	files_search_pids($1)
+	list_dirs_pattern($1, uwsgi_run_t, uwsgi_run_t)
+	stream_connect_pattern($1, uwsgi_run_t, uwsgi_run_t, uwsgi_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uwsgi_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage uwsgi content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uwsgi_manage_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uwsgi_manage_content'($*)) dnl
+	
+	gen_require(`
+		type uwsgi_content_t;
+	')
+
+	files_search_pids($1)
+	manage_dirs_pattern($1, uwsgi_content_t, uwsgi_content_t)
+	manage_files_pattern($1, uwsgi_content_t, uwsgi_content_t)
+	manage_lnk_files_pattern($1, uwsgi_content_t, uwsgi_content_t)
+
+	manage_files_pattern($1, uwsgi_content_exec_t, uwsgi_content_exec_t)
+	manage_lnk_files_pattern($1, uwsgi_content_exec_t, uwsgi_content_exec_t)
+
+	optional_policy(`
+		apache_manage_sys_content($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uwsgi_manage_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute uwsgi in the uwsgi domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`uwsgi_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uwsgi_domtrans'($*)) dnl
+	
+	gen_require(`
+		type uwsgi_t, uwsgi_exec_t, uwsgi_content_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, uwsgi_exec_t, uwsgi_t)
+	domtrans_pattern($1, uwsgi_content_exec_t, uwsgi_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uwsgi_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute uwsgi in the callers domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uwsgi_content_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uwsgi_content_exec'($*)) dnl
+	
+	gen_require(`
+		type uwsgi_t, uwsgi_exec_t, uwsgi_content_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, uwsgi_content_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uwsgi_content_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate a uWSGI environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`uwsgi_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uwsgi_admin'($*)) dnl
+	
+	gen_require(`
+		type uwsgi_t, uwsgi_exec_t, uwsgi_conf_t;
+		type uwsgi_run_t, uwsgi_var_log_t, uwsgi_tmp_t;
+		type uwsgi_content_t, uwsgi_content_exec_t;
+	')
+
+	allow $1 uwsgi_t:process { ptrace signal_perms };
+	ps_process_pattern($1, uwsgi_t)
+
+	files_search_etc($1)
+	admin_pattern($1, { uwsgi_conf_t uwsgi_exec_t })
+
+	files_search_var($1)
+	admin_pattern($1, { uwsgi_content_t uwsgi_content_exec_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, { uwsgi_var_log_t })
+
+	files_search_pids($1)
+	admin_pattern($1, uwsgi_run_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, uwsgi_tmp_t)
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, uwsgi_exec_t, uwsgi_t)
+	can_exec($1, uwsgi_content_exec_t)
+
+	optional_policy(`
+		apache_manage_sys_content($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uwsgi_admin'($*)) dnl
+	')
+
+## <summary>Mutt e-mail client</summary>
+
+#######################################
+## <summary>
+##      The role for using the mutt application.
+## </summary>
+## <param name="role">
+##      <summary>
+##      The role associated with the user domain.
+##      </summary>
+## </param>
+## <param name="domain">
+##      <summary>
+##      The user domain.
+##      </summary>
+## </param>
+#
+ 	 	define(`mutt_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mutt_role'($*)) dnl
+	
+	gen_require(`
+		type mutt_t, mutt_exec_t, mutt_home_t, mutt_conf_t, mutt_etc_t;
+		type mutt_tmp_t;
+	')
+
+	role $1 types mutt_t;
+
+	domtrans_pattern($2, mutt_exec_t, mutt_t)
+
+	allow $2 mutt_t:process { ptrace signal_perms };
+
+	manage_dirs_pattern($2, mutt_home_t, mutt_home_t)
+	manage_files_pattern($2, mutt_home_t, mutt_home_t)
+
+	manage_dirs_pattern($2, mutt_conf_t, mutt_conf_t)
+	manage_files_pattern($2, mutt_conf_t, mutt_conf_t)
+
+	relabel_dirs_pattern($2, mutt_home_t, mutt_home_t)
+	relabel_files_pattern($2, mutt_home_t, mutt_home_t)
+
+	relabel_dirs_pattern($2, mutt_conf_t, mutt_conf_t)
+	relabel_files_pattern($2, mutt_conf_t, mutt_conf_t)
+
+	relabel_dirs_pattern($2, mutt_tmp_t, mutt_tmp_t)
+	relabel_files_pattern($2, mutt_tmp_t, mutt_tmp_t)
+
+	ps_process_pattern($2, mutt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mutt_role'($*)) dnl
+	')
+	
+
+#######################################
+## <summary>
+##      Allow other domains to read mutt's home files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      The domain that is allowed read access to the mutt_home_t files
+##      </summary>
+## </param>
+#
+ 	 	define(`mutt_read_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mutt_read_home_files'($*)) dnl
+	
+	gen_require(`
+		type mutt_home_t;
+	')
+
+	read_files_pattern($1, mutt_home_t, mutt_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mutt_read_home_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##      Allow other domains to read mutt's temporary files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      The domain that is allowed read access to the temporary files
+##      </summary>
+## </param>
+#
+ 	 	define(`mutt_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mutt_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type mutt_tmp_t;
+	')
+
+	read_files_pattern($1, mutt_tmp_t, mutt_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mutt_read_tmp_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##      Allow other domains to handle mutt's temporary files (used for instance
+##      for e-mail drafts)
+## </summary>
+## <param name="domain">
+##      <summary>
+##      The domain that is allowed read/write access to the temporary files
+##      </summary>
+## </param>
+#
+ 	 	define(`mutt_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mutt_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type mutt_tmp_t;
+	')
+
+	# The use of rw_files_pattern here is not needed, since this incurs the open privilege as well
+	allow $1 mutt_tmp_t:dir search_dir_perms;
+	allow $1 mutt_tmp_t:file { read write };
+	files_search_tmp($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mutt_rw_tmp_files'($*)) dnl
+	')
+
+## <summary>Dracut initramfs creation tool</summary>
+
+########################################
+## <summary>
+##	Execute the dracut program in the dracut domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dracut_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dracut_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dracut_t, dracut_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dracut_exec_t, dracut_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dracut_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dracut in the dracut domain, and
+##	allow the specified role the dracut domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dracut_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dracut_run'($*)) dnl
+	
+	gen_require(`
+		type dracut_t;
+	')
+
+	dracut_domtrans($1)
+	role $2 types dracut_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dracut_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Read/write dracut temporary files
+## </summary>
+## <param name="domain">
+##	<summary>
+##		Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dracut_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dracut_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type dracut_tmp_t;
+	')
+
+	files_search_var($1)
+	files_search_tmp($1)
+
+	rw_files_pattern($1, dracut_tmp_t, dracut_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dracut_rw_tmp_files'($*)) dnl
+	')
+
+
+## <summary>Infrastructure management toolset</summary>
+
+#########################################
+## <summary>
+##	All the rules required to administer a salt master environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`salt_admin_master',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `salt_admin_master'($*)) dnl
+	
+	gen_require(`
+		type salt_master_t;
+		type salt_master_initrc_exec_t;
+		type salt_master_exec_t;
+		type salt_etc_t;
+		type salt_runtime_t;
+		type salt_master_runtime_t;
+		attribute_role salt_master_roles;
+	')
+
+	allow $1 salt_master_t:process { ptrace signal_perms };
+	ps_process_pattern($1, salt_master_t)
+
+	init_startstop_service($1, $2, salt_master_t, salt_master_initrc_exec_t)
+
+	# for debugging?
+	role_transition $2 salt_master_exec_t system_r;
+	domtrans_pattern($1, salt_master_exec_t, salt_master_t)
+
+	roleattribute $2 salt_master_roles;
+
+	files_list_etc($1)
+	admin_pattern($1, salt_etc_t, salt_etc_t)
+
+	allow $1 salt_runtime_t:dir search_dir_perms;
+	stream_connect_pattern($1, salt_master_runtime_t, salt_master_runtime_t, salt_master_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `salt_admin_master'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	All the rules required to administer a salt minion environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`salt_admin_minion',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `salt_admin_minion'($*)) dnl
+	
+	gen_require(`
+		type salt_minion_t;
+		type salt_minion_initrc_exec_t;
+		type salt_minion_exec_t;
+		type salt_etc_t;
+		attribute_role salt_minion_roles;
+	')
+
+	allow $1 salt_minion_t:process { ptrace signal_perms };
+	ps_process_pattern($1, salt_minion_t)
+
+	init_startstop_service($1, $2, salt_minion_t, salt_minion_initrc_exec_t)
+
+	# for debugging
+	role_transition $2 salt_minion_exec_t system_r;
+	domtrans_pattern($1, salt_minion_exec_t, salt_minion_t)
+
+	roleattribute $2 salt_minion_roles;
+
+	files_list_etc($1)
+	admin_pattern($1, salt_etc_t, salt_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `salt_admin_minion'($*)) dnl
+	')
+
+## <summary>policy for kdeconnect</summary>
+
+########################################
+## <summary>
+##	Execute kdeconnect in the kdeconnect domin.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`kdeconnect_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kdeconnect_domtrans'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_t, kdeconnect_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, kdeconnect_exec_t, kdeconnect_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kdeconnect_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute kdeconnect in the kdeconnect domain, and
+##	allow the specified role the kdeconnect domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the kdeconnect domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`kdeconnect_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kdeconnect_run'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_t;
+	')
+
+	kdeconnect_domtrans($1)
+	role $2 types kdeconnect_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kdeconnect_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for kdeconnect
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`kdeconnect_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kdeconnect_role'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_t;
+	')
+
+	role $1 types kdeconnect_t;
+
+	kdeconnect_domtrans($2)
+
+	allow $2 kdeconnect_t:unix_stream_socket connectto;
+	allow kdeconnect_t $2:unix_stream_socket { read write connectto };
+
+	ps_process_pattern($2, kdeconnect_t)
+	allow $2 kdeconnect_t:process { signull signal sigkill };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kdeconnect_role'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##     Send and receive messages from the kdeconnect daemon
+##     over dbus.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`kdeconnect_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kdeconnect_dbus_chat'($*)) dnl
+	
+       gen_require(`
+	       type kdeconnect_t;
+	       class dbus send_msg;
+       ')
+
+       allow $1 kdeconnect_t:dbus send_msg;
+       allow kdeconnect_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kdeconnect_dbus_chat'($*)) dnl
+	')
+
+## <summary>Android development tools - adb, fastboot, android studio</summary>
+
+#######################################
+## <summary>
+##      The role for using the android tools.
+## </summary>
+## <param name="role">
+##      <summary>
+##      The role associated with the user domain.
+##      </summary>
+## </param>
+## <param name="domain">
+##      <summary>
+##      The user domain.
+##      </summary>
+## </param>
+#
+ 	 	define(`android_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `android_role'($*)) dnl
+	
+	gen_require(`
+		type android_tools_t;
+		type android_tools_exec_t;
+		type android_home_t;
+		type android_tmp_t;
+		type android_java_t;
+		type android_java_exec_t;
+		type android_sdk_t;
+	')
+
+	role $1 types android_tools_t;
+	role $1 types android_java_t;
+
+	domtrans_pattern($2, android_tools_exec_t, android_tools_t)
+	domtrans_pattern($2, android_java_exec_t, android_java_t)
+
+	allow $2 android_tools_t:process { ptrace signal_perms };
+	allow $2 android_java_t:process { ptrace signal_perms noatsecure siginh rlimitinh };
+
+	manage_dirs_pattern($2, android_home_t, android_home_t)
+	manage_files_pattern($2, android_home_t, android_home_t)
+	manage_lnk_files_pattern($2, android_home_t, android_home_t)
+
+	list_dirs_pattern($2, android_sdk_t, android_sdk_t)
+	read_files_pattern($2, android_sdk_t, android_sdk_t)
+	read_lnk_files_pattern($2, android_sdk_t, android_sdk_t)
+
+	userdom_user_home_dir_filetrans($2, android_home_t, dir, ".android")
+	userdom_user_home_dir_filetrans($2, android_home_t, dir, ".AndroidStudioBeta")
+	userdom_user_home_dir_filetrans($2, android_home_t, dir, ".AndroidStudio")
+
+	manage_dirs_pattern($2, android_tmp_t, android_tmp_t)
+	manage_files_pattern($2, android_tmp_t, android_tmp_t)
+
+	allow $2 android_home_t:dir relabel_dir_perms;
+	allow $2 android_home_t:file relabel_file_perms;
+	allow $2 android_tools_exec_t:file relabel_file_perms;
+
+	ps_process_pattern($2, android_tools_t)
+	ps_process_pattern($2, android_java_t)
+
+	android_dbus_chat($2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `android_role'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##     Execute the android tools commands in the
+##     android tools domain.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+
+ 	 	define(`android_tools_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `android_tools_domtrans'($*)) dnl
+	
+	gen_require(`
+		type android_tools_t;
+		type android_tools_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, android_tools_exec_t, android_tools_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `android_tools_domtrans'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##     Send and receive messages from the android java
+##     domain over dbus.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`android_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `android_dbus_chat'($*)) dnl
+	
+       gen_require(`
+               type android_java_t;
+               class dbus send_msg;
+       ')
+
+       allow $1 android_java_t:dbus send_msg;
+       allow android_java_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `android_dbus_chat'($*)) dnl
+	')
+
+## <summary>OpenResolv network configuration management</summary>
+
+#########################################
+## <summary>
+##	Mark the domain as a resolvconf client, automatically granting
+##	the necessary privileges (execute resolvconf and type access).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to mark as a resolvconf client
+##	</summary>
+## </param>
+#
+ 	 	define(`resolvconf_client_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `resolvconf_client_domain'($*)) dnl
+	
+	gen_require(`
+		attribute resolvconf_client;
+	')
+
+	typeattribute $1 resolvconf_client;	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `resolvconf_client_domain'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Assign the proper permissions to the domain, such as
+##	executing resolvconf and accessing its types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to assign proper permissions to
+##	</summary>
+## </param>
+#
+ 	 	define(`resolvconf_client_domain_privs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `resolvconf_client_domain_privs'($*)) dnl
+	
+	resolvconf_domtrans($1)
+	resolvconf_generic_run_filetrans_run($1, dir, "resolvconf")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `resolvconf_client_domain_privs'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Execute resolvconf and transition to the resolvconf_t domain
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition
+##	</summary>
+## </param>
+#
+ 	 	define(`resolvconf_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `resolvconf_domtrans'($*)) dnl
+	
+	gen_require(`
+		type resolvconf_t;
+		type resolvconf_exec_t;
+	')
+
+	domtrans_pattern($1, resolvconf_exec_t, resolvconf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `resolvconf_domtrans'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Execute resolvconf in the calling domain (no transition)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to execute
+##	</summary>
+## </param>
+#
+ 	 	define(`resolvconf_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `resolvconf_exec'($*)) dnl
+	
+	gen_require(`
+		type resolvconf_exec_t;
+	')
+
+	can_exec($1, resolvconf_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `resolvconf_exec'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Transition to resolvconf_run_t when creating resources
+##	inside the generic run directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Class on which a file transition has to occur
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the resource on which a file transition has to occur
+##	</summary>
+## </param>
+#
+ 	 	define(`resolvconf_generic_run_filetrans_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `resolvconf_generic_run_filetrans_run'($*)) dnl
+	
+	gen_require(`
+		type resolvconf_runtime_t;
+	')
+
+	files_pid_filetrans($1, resolvconf_runtime_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `resolvconf_generic_run_filetrans_run'($*)) dnl
+	')
+
+## <summary>
+##	Flash player
+## </summary>
+
+#####################################
+## <summary>
+##	Manage the Flash player home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`flash_manage_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `flash_manage_home'($*)) dnl
+	
+	gen_require(`
+		type flash_home_t;
+	')
+
+	manage_files_pattern($1, flash_home_t, flash_home_t)
+	manage_dirs_pattern($1, flash_home_t, flash_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `flash_manage_home'($*)) dnl
+	')
+
+####################################
+## <summary>
+##	Relabel the flash home resources
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`flash_relabel_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `flash_relabel_home'($*)) dnl
+	
+	gen_require(`
+		type flash_home_t;
+	')
+
+	relabel_files_pattern($1, flash_home_t, flash_home_t)
+	relabel_dirs_pattern($1, flash_home_t, flash_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `flash_relabel_home'($*)) dnl
+	')
+
+## <summary>
+##	Google Talk
+## </summary>
+
+##########################################
+## <summary>
+##	Grant the plugin domain the needed privileges to launch and
+##	interact with the GoogleTalk application. Used for web browser
+##	plugin domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`googletalk_plugin_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `googletalk_plugin_domain'($*)) dnl
+	
+	gen_require(`
+		type googletalk_plugin_t;
+		type googletalk_plugin_xdg_config_t;
+	')
+
+	allow $1 googletalk_plugin_t:fd use;
+	allow $1 googletalk_plugin_t:unix_stream_socket { read write };
+
+	allow googletalk_plugin_t $1:unix_dgram_socket sendto;
+
+	# GoogleTalk process binds on an unreserved port, the client (plugin)
+	# then connects to this port
+	corenet_tcp_connect_all_unreserved_ports($1)
+
+	googletalk_domtrans_plugin($1)
+
+	# Create .config/google-googletalkplugin with correct type
+	manage_dirs_pattern($1, googletalk_plugin_xdg_config_t, googletalk_plugin_xdg_config_t)
+	manage_files_pattern($1, googletalk_plugin_xdg_config_t, googletalk_plugin_xdg_config_t)
+	xdg_config_home_filetrans($1, googletalk_plugin_xdg_config_t, dir, "google-googletalkplugin")
+	xdg_search_config_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `googletalk_plugin_domain'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute Google talk plugin in the Google talk plugin domain
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition
+##	</summary>
+## </param>
+#
+ 	 	define(`googletalk_domtrans_plugin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `googletalk_domtrans_plugin'($*)) dnl
+	
+	gen_require(`
+		type googletalk_plugin_t, googletalk_plugin_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, googletalk_plugin_exec_t, googletalk_plugin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `googletalk_domtrans_plugin'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute Google talk plugin in the Google talk plugin domain,
+##	and allow the specified role the google talk plugin domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`googletalk_run_plugin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `googletalk_run_plugin'($*)) dnl
+	
+	gen_require(`
+		type googletalk_plugin_t;
+	')
+
+	googletalk_domtrans_plugin($1)
+	role $2 types googletalk_plugin_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `googletalk_run_plugin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use the file descriptor of googletalk plugin
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`googletalk_use_plugin_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `googletalk_use_plugin_fds'($*)) dnl
+	
+	gen_require(`
+		type googletalk_plugin_t;
+	')
+
+	allow $1 googletalk_plugin_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `googletalk_use_plugin_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to the google talk plugin inherited stream sockets
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`googletalk_rw_inherited_plugin_unix_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `googletalk_rw_inherited_plugin_unix_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type googletalk_plugin_t;
+	')
+
+	allow $1 googletalk_plugin_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `googletalk_rw_inherited_plugin_unix_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the xdg config home location
+##	with an automatic type transition to the googletalk
+##	plugin xdg config home type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the file or directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`googletalk_generic_xdg_config_home_filetrans_plugin_xdg_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `googletalk_generic_xdg_config_home_filetrans_plugin_xdg_config'($*)) dnl
+	
+	gen_require(`
+		type googletalk_plugin_xdg_config_t;
+	')
+
+	xdg_config_home_filetrans($1, googletalk_plugin_xdg_config_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `googletalk_generic_xdg_config_home_filetrans_plugin_xdg_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Manage google talk plugin xdg configuration
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`googletalk_manage_plugin_xdg_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `googletalk_manage_plugin_xdg_config'($*)) dnl
+	
+	gen_require(`
+		type googletalk_plugin_xdg_config_t;
+	')
+
+	manage_dirs_pattern($1, googletalk_plugin_xdg_config_t, googletalk_plugin_xdg_config_t)
+	manage_files_pattern($1, googletalk_plugin_xdg_config_t, googletalk_plugin_xdg_config_t)
+
+	xdg_search_config_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `googletalk_manage_plugin_xdg_config'($*)) dnl
+	')
+
+## <summary>At daemon for running a task a single time</summary>
+
+########################################
+## <summary>
+##	Role access for at
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`at_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `at_role'($*)) dnl
+	
+	gen_require(`
+		type at_exec_t;
+		type at_t;
+		type atd_t;
+		type at_job_log_t;
+		type at_job_t;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	role $1 types at_t;
+
+	##############################
+	#
+	# Local policy
+	#
+
+	domtrans_pattern($2, at_exec_t, at_t)
+
+	allow $2 at_t:process signal_perms;
+
+	ps_process_pattern($2, at_t)
+
+	allow atd_t $2:process transition;
+	allow atd_t $2:fd use;
+	allow atd_t $2:key manage_key_perms;
+	dontaudit atd_t $2:process { noatsecure siginh rlimitinh };
+
+	allow $2 atd_t:process sigchld;
+	allow $2 atd_t:fd use;
+
+	allow $2 at_job_t:file read_inherited_file_perms;
+	allow $2 at_job_log_t:file rw_inherited_file_perms;
+
+	corecmd_shell_entry_type($2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `at_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read from and write to the the inherited atd
+##	joblog file
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`at_rw_inherited_job_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `at_rw_inherited_job_log_files'($*)) dnl
+	
+	gen_require(`
+		type at_job_log_t;
+	')
+
+	allow $1 at_job_log_t:file rw_inherited_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `at_rw_inherited_job_log_files'($*)) dnl
+	')
+
+## <summary>Subsonic Music Streaming Server</summary>
+## <summary>Pan news reader client</summary>
+
+########################################
+## <summary>
+##	Role access for pan
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`pan_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pan_role'($*)) dnl
+	
+	gen_require(`
+		type pan_t, pan_exec_t, pan_home_t;
+	')
+	role $1 types pan_t;
+
+	allow $2 pan_t:process signal_perms;
+
+	domtrans_pattern($2, pan_exec_t, pan_t)
+
+	ps_process_pattern($2, pan_t)
+
+        manage_dirs_pattern($2, pan_home_t, pan_home_t)
+        manage_files_pattern($2, pan_home_t, pan_home_t)
+        manage_lnk_files_pattern($2, pan_home_t, pan_home_t)
+
+        relabel_dirs_pattern($2, pan_home_t, pan_home_t)
+        relabel_files_pattern($2, pan_home_t, pan_home_t)
+        relabel_lnk_files_pattern($2, pan_home_t, pan_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pan_role'($*)) dnl
+	')
+
+
+###############################################################################
+# SELinux module for the NGINX Web Server
+#
+# Project Contact Information:
+#   Stuart Cianos
+#   Email: scianos@alphavida.com
+#
+###############################################################################
+# (C) Copyright 2009 by Stuart Cianos, d/b/a AlphaVida. All Rights Reserved.
+#
+#
+# Stuart Cianos licenses this file to You under the GNU General Public License,
+# Version 3.0 (the "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.gnu.org/licenses/gpl.txt
+#
+# or in the COPYING file included in the original archive.
+#
+# Disclaimer of Warranty.
+#
+# THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+# APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+# HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+# OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+# IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+# ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+#
+# Limitation of Liability.
+#
+# IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+# WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+# THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+# GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+# USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+# DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+# PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+# EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGES.
+###############################################################################
+## <summary>policy for nginx</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run nginx.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`nginx_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nginx_domtrans'($*)) dnl
+	
+	gen_require(`
+		type nginx_t, nginx_exec_t;
+	')
+	allow nginx_t $1:fd use;
+	allow nginx_t $1:fifo_file rw_file_perms;
+	allow nginx_t $1:process sigchld;
+
+	domain_auto_transition_pattern($1, nginx_exec_t, nginx_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nginx_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##   Administer the nginx domain
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the nginx domain.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nginx_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nginx_admin'($*)) dnl
+	
+	gen_require(`
+		type nginx_t, nginx_conf_t, nginx_log_t, nginx_var_lib_t, nginx_runtime_t;
+		type nginx_exec_t;
+	')
+
+	allow $1 nginx_t:process { ptrace signal_perms };
+	ps_process_pattern($1, nginx_t)
+
+	files_list_etc($1)
+	admin_pattern($1, nginx_conf_t)
+
+	can_exec($1, nginx_exec_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, nginx_var_lib_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, nginx_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, nginx_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nginx_admin'($*)) dnl
+	')
+
+## <summary>Skype softphone.</summary>
+
+#######################################
+## <summary>
+##      Role access for the skype module.
+## </summary>
+## <param name="role">
+##      <summary>
+##      The role associated with the user domain.
+##      </summary>
+## </param>
+## <param name="user_domain">
+##      <summary>
+##      The type of the user domain.
+##      </summary>
+## </param>
+#
+ 	 	define(`skype_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `skype_role'($*)) dnl
+	
+	gen_require(`
+		type skype_t, skype_exec_t, skype_tmpfs_t, skype_home_t;
+	')
+	
+	role $1 types skype_t;
+	
+	domtrans_pattern($2, skype_exec_t, skype_t)
+
+	allow $2 skype_t:process { ptrace signal_perms };
+	dontaudit skype_t $2:unix_stream_socket { connectto };
+
+	manage_dirs_pattern($2, skype_home_t, skype_home_t)
+	manage_files_pattern($2, skype_home_t, skype_home_t)
+	manage_lnk_files_pattern($2, skype_home_t, skype_home_t)
+
+	relabel_dirs_pattern($2, skype_home_t, skype_home_t)
+	relabel_files_pattern($2, skype_home_t, skype_home_t)
+	relabel_lnk_files_pattern($2, skype_home_t, skype_home_t)
+
+	ps_process_pattern($2, skype_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `skype_role'($*)) dnl
+	')
+	
+## <summary>OpenRC is an init system</summary>
+## <summary>Build whatis database from man pages</summary>
+## <summary>Virtual Distributed Ethernet switch service</summary>
+
+########################################
+## <summary>
+#    The rules needed to manage the VDE switches
+## </summary>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the vde domain.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`vde_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vde_role'($*)) dnl
+	
+	gen_require(`
+		type vde_t, vde_tmp_t;
+		type vde_runtime_t;
+		type vde_initrc_exec_t, vde_exec_t;
+	')
+
+	role $1 types vde_t;
+
+	allow $2 vde_t:process { ptrace signal_perms };
+	allow $2 vde_t:unix_stream_socket connectto;
+	allow vde_t $2:process { sigchld signull };
+	allow vde_t $2:fd use;
+	allow vde_t $2:tun_socket { relabelfrom };
+	allow vde_t self:tun_socket { relabelfrom relabelto };
+	ps_process_pattern($2, vde_t)
+
+	domain_auto_transition_pattern($2, vde_exec_t, vde_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vde_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+#    Allow communication with the VDE service 
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`vde_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vde_connect'($*)) dnl
+	
+	gen_require(`
+		type vde_t, vde_runtime_t, vde_tmp_t;
+	')
+	
+	allow $1 vde_runtime_t:sock_file write_sock_file_perms;
+	allow $1 vde_t:unix_stream_socket { connectto };
+	allow $1 vde_t:unix_dgram_socket { sendto };
+	allow vde_t $1:unix_dgram_socket { sendto };
+
+	allow $1 vde_tmp_t:sock_file manage_sock_file_perms;
+	files_tmp_filetrans($1, vde_tmp_t, sock_file)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vde_connect'($*)) dnl
+	')
+
+## <summary>Bitcoin software-based online payment system</summary>
+
+#########################################
+## <summary>
+##	Administer a bitcoin environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`bitcoin_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bitcoin_admin'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_t;
+		type bitcoin_etc_t, bitcoin_tmp_t, bitcoin_log_t;
+		type bitcoin_var_lib_t, bitcoin_runtime_t;
+		type bitcoin_initrc_exec_t;
+	')
+
+	allow $1 bitcoin_t:process { ptrace signal_perms };
+	ps_process_pattern($1, bitcoin_t)
+
+	init_startstop_service($1, $2, bitcoin_t, bitcoin_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, bitcoin_tmp_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, bitcoin_log_t)
+
+	files_list_etc($1)
+	admin_pattern($1, bitcoin_etc_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, bitcoin_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, bitcoin_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bitcoin_admin'($*)) dnl
+	')
+
+#
+# This is a generated file!  Instead of modifying this file, the
+# corenetwork.if.in or corenetwork.if.m4 file should be modified.
+#
+## <summary>Policy controlling access to network objects</summary>
+## <required val="true">
+##	Contains the initial SIDs for network objects.
+## </required>
+
+########################################
+## <summary>
+##	Define type to be a network port type
+## </summary>
+## <desc>
+##	<p>
+##	Define type to be a network port type
+##	</p>
+##	<p>
+##	This is for supporting third party modules and its
+##	use is not allowed in upstream reference policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used for network ports.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_port'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	typeattribute $1 port_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define network type to be a reserved port (lt 1024)
+## </summary>
+## <desc>
+##	<p>
+##	Define network type to be a reserved port (lt 1024)
+##	</p>
+##	<p>
+##	This is for supporting third party modules and its
+##	use is not allowed in upstream reference policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used for network ports.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_reserved_port'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	typeattribute $1 reserved_port_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define network type to be a rpc port ( 512 lt PORT lt 1024)
+## </summary>
+## <desc>
+##	<p>
+##	Define network type to be a rpc port ( 512 lt PORT lt 1024)
+##	</p>
+##	<p>
+##	This is for supporting third party modules and its
+##	use is not allowed in upstream reference policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used for network ports.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_rpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_rpc_port'($*)) dnl
+	
+	gen_require(`
+		attribute rpc_port_type;
+	')
+
+	typeattribute $1 rpc_port_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_rpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define type to be a network node type
+## </summary>
+## <desc>
+##	<p>
+##	Define type to be a network node type
+##	</p>
+##	<p>
+##	This is for supporting third party modules and its
+##	use is not allowed in upstream reference policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used for network nodes.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_node'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	typeattribute $1 node_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define type to be a network packet type
+## </summary>
+## <desc>
+##	<p>
+##	Define type to be a network packet type
+##	</p>
+##	<p>
+##	This is for supporting third party modules and its
+##	use is not allowed in upstream reference policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used for a network packet.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_packet',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_packet'($*)) dnl
+	
+	gen_require(`
+		attribute packet_type;
+	')
+
+	typeattribute $1 packet_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_packet'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define type to be a network client packet type
+## </summary>
+## <desc>
+##	<p>
+##	Define type to be a network client packet type
+##	</p>
+##	<p>
+##	This is for supporting third party modules and its
+##	use is not allowed in upstream reference policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used for a network client packet.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_client_packet',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_client_packet'($*)) dnl
+	
+	gen_require(`
+		attribute packet_type, client_packet_type;
+	')
+
+	typeattribute $1 client_packet_type, packet_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_client_packet'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define type to be a network server packet type
+## </summary>
+## <desc>
+##	<p>
+##	Define type to be a network server packet type
+##	</p>
+##	<p>
+##	This is for supporting third party modules and its
+##	use is not allowed in upstream reference policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used for a network server packet.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_server_packet',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_server_packet'($*)) dnl
+	
+	gen_require(`
+		attribute packet_type, server_packet_type;
+	')
+
+	typeattribute $1 server_packet_type, packet_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_server_packet'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable
+##	for labeled ipsec.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type to be used for labeled ipsec.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_spd_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_spd_type'($*)) dnl
+	
+	gen_require(`
+		attribute ipsec_spd_type;
+	')
+
+	typeattribute $1 ipsec_spd_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_spd_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define type to be an infiniband pkey type
+## </summary>
+## <desc>
+##	<p>
+##	Define type to be an infiniband pkey type
+##	</p>
+##	<p>
+##	This is for supporting third party modules and its
+##	use is not allowed in upstream reference policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used for infiniband pkeys.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_ib_pkey',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_ib_pkey'($*)) dnl
+	
+	gen_require(`
+		attribute ibpkey_type;
+	')
+
+	typeattribute $1 ibpkey_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_ib_pkey'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define type to be an infiniband endport
+## </summary>
+## <desc>
+##	<p>
+##	Define type to be an infiniband endport
+##	</p>
+##	<p>
+##	This is for supporting third party modules and its
+##	use is not allowed in upstream reference policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used for infiniband endports.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_ib_endport',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_ib_endport'($*)) dnl
+	
+	gen_require(`
+		attribute ibendport_type;
+	')
+
+	typeattribute $1 ibendport_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_ib_endport'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive TCP network traffic on generic interfaces.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to send and receive TCP network
+##	traffic on generic network interfaces.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_tcp_sendrecv_generic_node()</li>
+##		<li>corenet_tcp_sendrecv_all_ports()</li>
+##		<li>corenet_tcp_connect_all_ports()</li>
+##	</ul>
+##	<p>
+##	Example client being able to connect to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:tcp_socket create_stream_socket_perms;
+##	corenet_tcp_sendrecv_generic_if(myclient_t)
+##	corenet_tcp_sendrecv_generic_node(myclient_t)
+##	corenet_tcp_sendrecv_all_ports(myclient_t)
+##	corenet_tcp_connect_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_generic_if'($*)) dnl
+	
+	gen_require(`
+		type netif_t;
+	')
+
+	allow $1 netif_t:netif { egress ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP network traffic on generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_send_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_generic_if'($*)) dnl
+	
+	gen_require(`
+		type netif_t;
+	')
+
+	allow $1 netif_t:netif { egress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit attempts to send UDP network traffic
+##	on generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_send_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_generic_if'($*)) dnl
+	
+	gen_require(`
+		type netif_t;
+	')
+
+	dontaudit $1 netif_t:netif { egress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP network traffic on generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_receive_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_generic_if'($*)) dnl
+	
+	gen_require(`
+		type netif_t;
+	')
+
+	allow $1 netif_t:netif { ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP network
+##	traffic on generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_generic_if'($*)) dnl
+	
+	gen_require(`
+		type netif_t;
+	')
+
+	dontaudit $1 netif_t:netif { ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP network traffic on generic interfaces.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to send and receive UDP network
+##	traffic on generic network interfaces.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_udp_sendrecv_generic_node()</li>
+##		<li>corenet_udp_sendrecv_all_ports()</li>
+##	</ul>
+##	<p>
+##	Example client being able to send to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:udp_socket create_socket_perms;
+##	corenet_udp_sendrecv_generic_if(myclient_t)
+##	corenet_udp_sendrecv_generic_node(myclient_t)
+##	corenet_udp_sendrecv_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_generic_if'($*)) dnl
+	
+	corenet_udp_send_generic_if($1)
+	corenet_udp_receive_generic_if($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive UDP network
+##	traffic on generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_generic_if'($*)) dnl
+	
+	corenet_dontaudit_udp_send_generic_if($1)
+	corenet_dontaudit_udp_receive_generic_if($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send raw IP packets on generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_send_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_send_generic_if'($*)) dnl
+	
+	gen_require(`
+		type netif_t;
+	')
+
+	allow $1 netif_t:netif { egress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_send_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive raw IP packets on generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_receive_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_receive_generic_if'($*)) dnl
+	
+	gen_require(`
+		type netif_t;
+	')
+
+	allow $1 netif_t:netif { ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_receive_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive raw IP packets on generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_sendrecv_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_sendrecv_generic_if'($*)) dnl
+	
+	corenet_raw_send_generic_if($1)
+	corenet_raw_receive_generic_if($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_sendrecv_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow outgoing network traffic on the generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The peer label of the outgoing network traffic.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_out_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_out_generic_if'($*)) dnl
+	
+	gen_require(`
+		type netif_t;
+	')
+
+	allow $1 netif_t:netif egress;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_out_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow incoming traffic on the generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The peer label of the incoming network traffic.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_in_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_in_generic_if'($*)) dnl
+	
+	gen_require(`
+		type netif_t;
+	')
+
+	allow $1 netif_t:netif ingress;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_in_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow incoming and outgoing network traffic on the generic interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The peer label of the network traffic.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_inout_generic_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_inout_generic_if'($*)) dnl
+	
+	corenet_in_generic_if($1)
+	corenet_out_generic_if($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_inout_generic_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive TCP network traffic on all interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_sendrecv_all_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_all_if'($*)) dnl
+	
+	gen_require(`
+		attribute netif_type;
+	')
+
+	allow $1 netif_type:netif { egress ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_all_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP network traffic on all interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_send_all_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_all_if'($*)) dnl
+	
+	gen_require(`
+		attribute netif_type;
+	')
+
+	allow $1 netif_type:netif { egress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_all_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP network traffic on all interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_receive_all_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_all_if'($*)) dnl
+	
+	gen_require(`
+		attribute netif_type;
+	')
+
+	allow $1 netif_type:netif { ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_all_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP network traffic on all interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_sendrecv_all_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_all_if'($*)) dnl
+	
+	corenet_udp_send_all_if($1)
+	corenet_udp_receive_all_if($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_all_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send raw IP packets on all interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_send_all_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_send_all_if'($*)) dnl
+	
+	gen_require(`
+		attribute netif_type;
+	')
+
+	allow $1 netif_type:netif { egress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_send_all_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive SCTP network traffic on generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_sendrecv_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_sendrecv_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:node { sendto recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_sendrecv_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive raw IP packets on all interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_receive_all_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_receive_all_if'($*)) dnl
+	
+	gen_require(`
+		attribute netif_type;
+	')
+
+	allow $1 netif_type:netif { ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_receive_all_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive raw IP packets on all interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_sendrecv_all_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_sendrecv_all_if'($*)) dnl
+	
+	corenet_raw_send_all_if($1)
+	corenet_raw_receive_all_if($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_sendrecv_all_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive TCP network traffic on generic nodes.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to send and receive TCP network
+##	traffic to/from generic network nodes (hostnames/networks).
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_tcp_sendrecv_generic_if()</li>
+##		<li>corenet_tcp_sendrecv_all_ports()</li>
+##		<li>corenet_tcp_connect_all_ports()</li>
+##	</ul>
+##	<p>
+##	Example client being able to connect to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:tcp_socket create_stream_socket_perms;
+##	corenet_tcp_sendrecv_generic_if(myclient_t)
+##	corenet_tcp_sendrecv_generic_node(myclient_t)
+##	corenet_tcp_sendrecv_all_ports(myclient_t)
+##	corenet_tcp_connect_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:node { sendto recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP network traffic on generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_send_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:node { sendto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP network traffic on generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_receive_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:node { recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP network traffic on generic nodes.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to send and receive UDP network
+##	traffic to/from generic network nodes (hostnames/networks).
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_udp_sendrecv_generic_if()</li>
+##		<li>corenet_udp_sendrecv_all_ports()</li>
+##	</ul>
+##	<p>
+##	Example client being able to send to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:udp_socket create_socket_perms;
+##	corenet_udp_sendrecv_generic_if(myclient_t)
+##	corenet_udp_sendrecv_generic_node(myclient_t)
+##	corenet_udp_sendrecv_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_generic_node'($*)) dnl
+	
+	corenet_udp_send_generic_node($1)
+	corenet_udp_receive_generic_node($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send raw IP packets on generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_send_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_send_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:node { sendto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_send_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive raw IP packets on generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_receive_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_receive_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:node { recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_receive_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive raw IP packets on generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_sendrecv_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_sendrecv_generic_node'($*)) dnl
+	
+	corenet_raw_send_generic_node($1)
+	corenet_raw_receive_generic_node($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_sendrecv_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind SCTP sockets to generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_bind_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_bind_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:sctp_socket node_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_bind_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to generic nodes.
+## </summary>
+## <desc>
+##	<p>
+##	Bind TCP sockets to generic nodes.  This is
+##	necessary for binding a socket so it
+##	can be used for servers to listen
+##	for incoming connections.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_udp_bind_generic_node()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="1"/>
+#
+ 	 	define(`corenet_tcp_bind_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:tcp_socket node_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to generic nodes.
+## </summary>
+## <desc>
+##	<p>
+##	Bind UDP sockets to generic nodes.  This is
+##	necessary for binding a socket so it
+##	can be used for servers to listen
+##	for incoming connections.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_tcp_bind_generic_node()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="1"/>
+#
+ 	 	define(`corenet_udp_bind_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:udp_socket node_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind raw sockets to generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+# rawip_socket node_bind does not make much sense.
+# cjp: vmware hits this too
+ 	 	define(`corenet_raw_bind_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_bind_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:rawip_socket node_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_bind_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow outgoing network traffic to generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The peer label of the outgoing network traffic.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_out_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_out_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:node sendto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_out_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow incoming network traffic from generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The peer label of the incoming network traffic.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_in_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_in_generic_node'($*)) dnl
+	
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:node recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_in_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow incoming and outgoing network traffic with generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The peer label of the network traffic.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_inout_generic_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_inout_generic_node'($*)) dnl
+	
+	corenet_in_generic_node($1)
+	corenet_out_generic_node($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_inout_generic_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive TCP network traffic on all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_sendrecv_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:node { sendto recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP network traffic on all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_send_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:node { sendto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP network
+##	traffic on any nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_send_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	dontaudit $1 node_type:node { sendto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive SCTP network traffic on all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_sendrecv_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_sendrecv_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:node { sendto recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_sendrecv_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP network traffic on all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_receive_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:node { recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP
+##	network traffic on all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	dontaudit $1 node_type:node { recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP network traffic on all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_sendrecv_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_all_nodes'($*)) dnl
+	
+	corenet_udp_send_all_nodes($1)
+	corenet_udp_receive_all_nodes($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive UDP
+##	network traffic on any nodes nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_all_nodes'($*)) dnl
+	
+	corenet_dontaudit_udp_send_all_nodes($1)
+	corenet_dontaudit_udp_receive_all_nodes($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send raw IP packets on all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_send_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_send_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:node { sendto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_send_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive raw IP packets on all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_receive_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_receive_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:node { recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_receive_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive raw IP packets on all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_sendrecv_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_sendrecv_all_nodes'($*)) dnl
+	
+	corenet_raw_send_all_nodes($1)
+	corenet_raw_receive_all_nodes($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_sendrecv_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_bind_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:tcp_socket node_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_bind_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:udp_socket node_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind raw sockets to all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+# rawip_socket node_bind does not make much sense.
+# cjp: vmware hits this too
+ 	 	define(`corenet_raw_bind_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_bind_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:rawip_socket node_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_bind_all_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive TCP network traffic on generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_sendrecv_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_generic_port'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind SCTP sockets to all nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_bind_all_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_bind_all_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute node_type;
+	')
+
+	allow $1 node_type:sctp_socket node_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_bind_all_nodes'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Do not audit send and receive TCP network traffic on generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_sendrecv_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_sendrecv_generic_port'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_sendrecv_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP network traffic on generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_send_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_generic_port'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP network traffic on generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_receive_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_generic_port'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP network traffic on generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_sendrecv_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_generic_port'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_bind_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_generic_port'($*)) dnl
+	
+	gen_require(`
+		type port_t;
+		attribute defined_port_type;
+	')
+
+	allow $1 port_t:tcp_socket name_bind;
+	dontaudit $1 defined_port_type:tcp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit bind TCP sockets to generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_bind_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_bind_generic_port'($*)) dnl
+	
+	gen_require(`
+		type port_t;
+	')
+
+	dontaudit $1 port_t:tcp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_bind_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_bind_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_generic_port'($*)) dnl
+	
+	gen_require(`
+		type port_t;
+		attribute defined_port_type;
+	')
+
+	allow $1 port_t:udp_socket name_bind;
+	dontaudit $1 defined_port_type:udp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect TCP sockets to generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_generic_port'($*)) dnl
+	
+	gen_require(`
+		type port_t;
+	')
+
+	allow $1 port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive TCP network traffic on all ports.
+## </summary>
+## <desc>
+##	<p>
+##	Send and receive TCP network traffic on all ports.
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_tcp_sendrecv_generic_if()</li>
+##		<li>corenet_tcp_sendrecv_generic_node()</li>
+##		<li>corenet_tcp_connect_all_ports()</li>
+##		<li>corenet_tcp_bind_all_ports()</li>
+##	</ul>
+##	<p>
+##	Example client being able to connect to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:tcp_socket create_stream_socket_perms;
+##	corenet_tcp_sendrecv_generic_if(myclient_t)
+##	corenet_tcp_sendrecv_generic_node(myclient_t)
+##	corenet_tcp_sendrecv_all_ports(myclient_t)
+##	corenet_tcp_connect_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_all_ports'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP network traffic on all ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_send_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_all_ports'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind SCTP sockets to generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_bind_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_bind_generic_port'($*)) dnl
+	
+	gen_require(`
+		type port_t, unreserved_port_t, ephemeral_port_t;
+		attribute defined_port_type;
+	')
+
+	allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
+	dontaudit $1 defined_port_type:sctp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_bind_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP network traffic on all ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_receive_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_all_ports'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP network traffic on all ports.
+## </summary>
+## <desc>
+##	<p>
+##	Send and receive UDP network traffic on all ports.
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_udp_sendrecv_generic_if()</li>
+##		<li>corenet_udp_sendrecv_generic_node()</li>
+##		<li>corenet_udp_bind_all_ports()</li>
+##	</ul>
+##	<p>
+##	Example client being able to send to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:udp_socket create_socket_perms;
+##	corenet_udp_sendrecv_generic_if(myclient_t)
+##	corenet_udp_sendrecv_generic_node(myclient_t)
+##	corenet_udp_sendrecv_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_all_ports'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to bind SCTP
+##	sockets to generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_sctp_bind_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sctp_bind_generic_port'($*)) dnl
+	
+	gen_require(`
+		type port_t, unreserved_port_t, ephemeral_port_t;
+	')
+
+	dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sctp_bind_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to all ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_bind_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	allow $1 port_type:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attepts to bind TCP sockets to any ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_bind_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_bind_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	dontaudit $1 port_type:tcp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_bind_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to all ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_bind_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	allow $1 port_type:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect SCTP sockets to generic ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_connect_generic_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_connect_generic_port'($*)) dnl
+	
+	gen_require(`
+		type port_t, unreserved_port_t,ephemeral_port_t;
+	')
+
+	allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_connect_generic_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attepts to bind UDP sockets to any ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_bind_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_bind_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	dontaudit $1 port_type:udp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_bind_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect TCP sockets to all ports.
+## </summary>
+## <desc>
+##	<p>
+##	Connect TCP sockets to all ports
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_tcp_sendrecv_generic_if()</li>
+##		<li>corenet_tcp_sendrecv_generic_node()</li>
+##		<li>corenet_tcp_sendrecv_all_ports()</li>
+##		<li>corenet_tcp_bind_all_ports()</li>
+##	</ul>
+##	<p>
+##	Example client being able to connect to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:tcp_socket create_stream_socket_perms;
+##	corenet_tcp_sendrecv_generic_if(myclient_t)
+##	corenet_tcp_sendrecv_generic_node(myclient_t)
+##	corenet_tcp_sendrecv_all_ports(myclient_t)
+##	corenet_tcp_connect_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="1"/>
+#
+ 	 	define(`corenet_tcp_connect_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	allow $1 port_type:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to connect TCP sockets
+##	to all ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_connect_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_connect_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	dontaudit $1 port_type:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_connect_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive TCP network traffic on generic reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_sendrecv_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_reserved_port'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP network traffic on generic reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_send_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_reserved_port'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP network traffic on generic reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_receive_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_reserved_port'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP network traffic on generic reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_sendrecv_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_reserved_port'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to generic reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_bind_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_reserved_port'($*)) dnl
+	
+	gen_require(`
+		type reserved_port_t;
+	')
+
+	allow $1 reserved_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind SCTP sockets to all ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_bind_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_bind_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	allow $1 port_type:sctp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_bind_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to generic reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_bind_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_reserved_port'($*)) dnl
+	
+	gen_require(`
+		type reserved_port_t;
+	')
+
+	allow $1 reserved_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect TCP sockets to generic reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_reserved_port'($*)) dnl
+	
+	gen_require(`
+		type reserved_port_t;
+	')
+
+	allow $1 reserved_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to bind SCTP sockets to any ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_sctp_bind_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sctp_bind_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	dontaudit $1 port_type:sctp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sctp_bind_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive TCP network traffic on all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_sendrecv_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_all_reserved_ports'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP network traffic on all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_send_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_all_reserved_ports'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP network traffic on all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_receive_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_all_reserved_ports'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP network traffic on all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_sendrecv_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_all_reserved_ports'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect SCTP sockets to all ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_connect_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_connect_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	allow $1 port_type:sctp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_connect_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_bind_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	allow $1 reserved_port_type:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to bind TCP sockets to all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_bind_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_bind_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	dontaudit $1 reserved_port_type:tcp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_bind_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_bind_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	allow $1 reserved_port_type:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to bind UDP sockets to all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_bind_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_bind_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	dontaudit $1 reserved_port_type:udp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_bind_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to connect SCTP sockets
+##	to all ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_sctp_connect_all_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sctp_connect_all_ports'($*)) dnl
+	
+	gen_require(`
+		attribute port_type;
+	')
+
+	dontaudit $1 port_type:sctp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sctp_connect_all_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to all ports > 1024.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_bind_all_unreserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_all_unreserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute unreserved_port_type;
+	')
+
+	allow $1 unreserved_port_type:tcp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_all_unreserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to all ports > 1024.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_bind_all_unreserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_all_unreserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute unreserved_port_type;
+	')
+
+	allow $1 unreserved_port_type:udp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_all_unreserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect TCP sockets to reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	allow $1 reserved_port_type:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect SCTP sockets to all ports > 1024.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_connect_all_unreserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_connect_all_unreserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute unreserved_port_type;
+	')
+
+	allow $1 unreserved_port_type:sctp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_connect_all_unreserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit connect attempts to TCP sockets on
+##	ports greater than 1024.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain not to audit access to.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_connect_all_unreserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_connect_all_unreserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute unreserved_port_type;
+	')
+
+	dontaudit $1 unreserved_port_type:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_connect_all_unreserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect TCP sockets to all ports > 1024.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_all_unreserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_all_unreserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute unreserved_port_type;
+	')
+
+	allow $1 unreserved_port_type:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_all_unreserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to connect TCP sockets
+##	all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_connect_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_connect_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	dontaudit $1 reserved_port_type:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_connect_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect TCP sockets to rpc ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_all_rpc_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_all_rpc_ports'($*)) dnl
+	
+	gen_require(`
+		attribute rpc_port_type;
+	')
+
+	allow $1 rpc_port_type:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_all_rpc_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to connect TCP sockets
+##	all rpc ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_connect_all_rpc_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_connect_all_rpc_ports'($*)) dnl
+	
+	gen_require(`
+		attribute rpc_port_type;
+	')
+
+	dontaudit $1 rpc_port_type:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_connect_all_rpc_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind SCTP sockets to generic reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_bind_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_bind_reserved_port'($*)) dnl
+	
+	gen_require(`
+		type reserved_port_t;
+	')
+
+	allow $1 reserved_port_t:sctp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_bind_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the TUN/TAP virtual network device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain read allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_read_tun_tap_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_read_tun_tap_dev'($*)) dnl
+	
+	gen_require(`
+		type tun_tap_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tun_tap_device_t:chr_file read_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_read_tun_tap_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write the TUN/TAP virtual network device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain allowed write access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_write_tun_tap_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_write_tun_tap_dev'($*)) dnl
+	
+	gen_require(`
+		type tun_tap_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tun_tap_device_t:chr_file write_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_write_tun_tap_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the TUN/TAP virtual network device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_rw_tun_tap_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_rw_tun_tap_dev'($*)) dnl
+	
+	gen_require(`
+		type tun_tap_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tun_tap_device_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_rw_tun_tap_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect SCTP sockets to generic reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_connect_reserved_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_connect_reserved_port'($*)) dnl
+	
+	gen_require(`
+		type reserved_port_t;
+	')
+
+	allow $1 reserved_port_t:sctp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_connect_reserved_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write the TUN/TAP
+##	virtual network device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_rw_tun_tap_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_rw_tun_tap_dev'($*)) dnl
+	
+	gen_require(`
+		type tun_tap_device_t;
+	')
+
+	dontaudit $1 tun_tap_device_t:chr_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_rw_tun_tap_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr the point-to-point device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_getattr_ppp_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_getattr_ppp_dev'($*)) dnl
+	
+	gen_require(`
+		type ppp_device_t;
+	')
+
+	allow $1 ppp_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_getattr_ppp_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the point-to-point device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_rw_ppp_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_rw_ppp_dev'($*)) dnl
+	
+	gen_require(`
+		type ppp_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ppp_device_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_rw_ppp_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to all RPC ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_bind_all_rpc_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_all_rpc_ports'($*)) dnl
+	
+	gen_require(`
+		attribute rpc_port_type;
+	')
+
+	allow $1 rpc_port_type:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_all_rpc_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to bind TCP sockets to all RPC ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_bind_all_rpc_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_bind_all_rpc_ports'($*)) dnl
+	
+	gen_require(`
+		attribute rpc_port_type;
+	')
+
+	dontaudit $1 rpc_port_type:tcp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_bind_all_rpc_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to all RPC ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_bind_all_rpc_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_all_rpc_ports'($*)) dnl
+	
+	gen_require(`
+		attribute rpc_port_type;
+	')
+
+	allow $1 rpc_port_type:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_all_rpc_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to bind UDP sockets to all RPC ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_bind_all_rpc_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_bind_all_rpc_ports'($*)) dnl
+	
+	gen_require(`
+		attribute rpc_port_type;
+	')
+
+	dontaudit $1 rpc_port_type:udp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_bind_all_rpc_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind SCTP sockets to all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_bind_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_bind_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	allow $1 reserved_port_type:sctp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_bind_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive TCP packets from a NetLabel connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_recvfrom_netlabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_recvfrom_netlabel'($*)) dnl
+	
+	gen_require(`
+		type netlabel_peer_t;
+	')
+
+	allow $1 netlabel_peer_t:peer recv;
+	allow $1 netlabel_peer_t:tcp_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_recvfrom_netlabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive TCP packets from an unlabled connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_recvfrom_unlabeled'($*)) dnl
+	
+	kernel_tcp_recvfrom_unlabeled($1)
+	kernel_recvfrom_unlabeled_peer($1)
+
+	# XXX - at some point the oubound/send access check will be removed
+	# but for right now we need to keep this in place so as not to break
+	# older systems
+	kernel_sendrecv_unlabeled_association($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to bind SCTP sockets to all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_sctp_bind_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sctp_bind_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	dontaudit $1 reserved_port_type:sctp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sctp_bind_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive TCP packets from a NetLabel
+##	connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_recvfrom_netlabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_recvfrom_netlabel'($*)) dnl
+	
+	gen_require(`
+		type netlabel_peer_t;
+	')
+
+	dontaudit $1 netlabel_peer_t:peer recv;
+	dontaudit $1 netlabel_peer_t:tcp_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_recvfrom_netlabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive TCP packets from an unlabeled
+##	connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_tcp_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_tcp_recvfrom_unlabeled'($*)) dnl
+	
+	kernel_dontaudit_tcp_recvfrom_unlabeled($1)
+	kernel_dontaudit_recvfrom_unlabeled_peer($1)
+
+	# XXX - at some point the oubound/send access check will be removed
+	# but for right now we need to keep this in place so as not to break
+	# older systems
+	kernel_dontaudit_sendrecv_unlabeled_association($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_tcp_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP packets from a NetLabel connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_recvfrom_netlabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_recvfrom_netlabel'($*)) dnl
+	
+	gen_require(`
+		type netlabel_peer_t;
+	')
+
+	allow $1 netlabel_peer_t:peer recv;
+	allow $1 netlabel_peer_t:udp_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_recvfrom_netlabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP packets from an unlabeled connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_recvfrom_unlabeled'($*)) dnl
+	
+	kernel_udp_recvfrom_unlabeled($1)
+	kernel_recvfrom_unlabeled_peer($1)
+
+	# XXX - at some point the oubound/send access check will be removed
+	# but for right now we need to keep this in place so as not to break
+	# older systems
+	kernel_sendrecv_unlabeled_association($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind SCTP sockets to all ports > 1024.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_bind_all_unreserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_bind_all_unreserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute unreserved_port_type;
+	')
+
+	allow $1 unreserved_port_type:sctp_socket name_bind;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_bind_all_unreserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP packets from a NetLabel
+##	connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_recvfrom_netlabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_recvfrom_netlabel'($*)) dnl
+	
+	gen_require(`
+		type netlabel_peer_t;
+	')
+
+	dontaudit $1 netlabel_peer_t:peer recv;
+	dontaudit $1 netlabel_peer_t:udp_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_recvfrom_netlabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP packets from an unlabeled
+##	connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_udp_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_recvfrom_unlabeled'($*)) dnl
+	
+	kernel_dontaudit_udp_recvfrom_unlabeled($1)
+	kernel_dontaudit_recvfrom_unlabeled_peer($1)
+
+	# XXX - at some point the oubound/send access check will be removed
+	# but for right now we need to keep this in place so as not to break
+	# older systems
+	kernel_dontaudit_sendrecv_unlabeled_association($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive Raw IP packets from a NetLabel connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_recvfrom_netlabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_recvfrom_netlabel'($*)) dnl
+	
+	gen_require(`
+		type netlabel_peer_t;
+	')
+
+	allow $1 netlabel_peer_t:peer recv;
+	allow $1 netlabel_peer_t:rawip_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_recvfrom_netlabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive Raw IP packets from an unlabeled connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_recvfrom_unlabeled'($*)) dnl
+	
+	kernel_raw_recvfrom_unlabeled($1)
+	kernel_recvfrom_unlabeled_peer($1)
+
+	# XXX - at some point the oubound/send access check will be removed
+	# but for right now we need to keep this in place so as not to break
+	# older systems
+	kernel_sendrecv_unlabeled_association($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive Raw IP packets from a NetLabel
+##	connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_raw_recvfrom_netlabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_raw_recvfrom_netlabel'($*)) dnl
+	
+	gen_require(`
+		type netlabel_peer_t;
+	')
+
+	dontaudit $1 netlabel_peer_t:peer recv;
+	dontaudit $1 netlabel_peer_t:rawip_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_raw_recvfrom_netlabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect SCTP sockets to reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_connect_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_connect_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	allow $1 reserved_port_type:sctp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_connect_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive Raw IP packets from an unlabeled
+##	connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_raw_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_raw_recvfrom_unlabeled'($*)) dnl
+	
+	kernel_dontaudit_raw_recvfrom_unlabeled($1)
+	kernel_dontaudit_recvfrom_unlabeled_peer($1)
+
+	# XXX - at some point the oubound/send access check will be removed
+	# but for right now we need to keep this in place so as not to break
+	# older systems
+	kernel_dontaudit_sendrecv_unlabeled_association($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_raw_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive packets from an unlabeled connection.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to receive packets from an
+##	unlabeled connection.  On machines that do not utilize
+##	labeled networking, this will be required on all
+##	networking domains.  On machines tha do utilize
+##	labeled networking, this will be required for any
+##	networking domain that is allowed to receive
+##	network traffic that does not have a label.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_all_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_all_recvfrom_unlabeled'($*)) dnl
+	
+	kernel_tcp_recvfrom_unlabeled($1)
+	kernel_udp_recvfrom_unlabeled($1)
+	kernel_raw_recvfrom_unlabeled($1)
+	kernel_recvfrom_unlabeled_peer($1)
+
+	# XXX - at some point the oubound/send access check will be removed
+	# but for right now we need to keep this in place so as not to break
+	# older systems
+	kernel_sendrecv_unlabeled_association($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_all_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive packets from a NetLabel connection.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to receive NetLabel
+##	network traffic, which utilizes the Commercial IP
+##	Security Option (CIPSO) to set the MLS level
+##	of the network packets.  This is required for
+##	all networking domains that receive NetLabel
+##	network traffic.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_all_recvfrom_netlabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_all_recvfrom_netlabel'($*)) dnl
+	
+	gen_require(`
+		type netlabel_peer_t;
+	')
+
+	allow $1 netlabel_peer_t:peer recv;
+	allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_all_recvfrom_netlabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive packets from an unlabeled connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_all_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_all_recvfrom_unlabeled'($*)) dnl
+	
+	kernel_dontaudit_tcp_recvfrom_unlabeled($1)
+	kernel_dontaudit_udp_recvfrom_unlabeled($1)
+	kernel_dontaudit_raw_recvfrom_unlabeled($1)
+	kernel_dontaudit_recvfrom_unlabeled_peer($1)
+
+	# XXX - at some point the oubound/send access check will be removed
+	# but for right now we need to keep this in place so as not to break
+	# older systems
+	kernel_dontaudit_sendrecv_unlabeled_association($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_all_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to connect SCTP sockets
+##	all reserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_sctp_connect_all_reserved_ports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sctp_connect_all_reserved_ports'($*)) dnl
+	
+	gen_require(`
+		attribute reserved_port_type;
+	')
+
+	dontaudit $1 reserved_port_type:sctp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sctp_connect_all_reserved_ports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive packets from a NetLabel
+##	connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_dontaudit_all_recvfrom_netlabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_all_recvfrom_netlabel'($*)) dnl
+	
+	gen_require(`
+		type netlabel_peer_t;
+	')
+
+	dontaudit $1 netlabel_peer_t:peer recv;
+	dontaudit $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_all_recvfrom_netlabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Rules for receiving labeled TCP packets.
+## </summary>
+## <desc>
+##	<p>
+##	Rules for receiving labeled TCP packets.
+##	</p>
+##	<p>
+##	Due to the nature of TCP, this is bidirectional.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="peer_domain">
+##	<summary>
+##	Peer domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_recvfrom_labeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_recvfrom_labeled'($*)) dnl
+	
+	allow { $1 $2 } self:association sendto;
+	allow $1 $2:{ association tcp_socket } recvfrom;
+	allow $2 $1:{ association tcp_socket } recvfrom;
+
+	allow $1 $2:peer recv;
+	allow $2 $1:peer recv;
+
+	# allow receiving packets from MLS-only peers using NetLabel
+	corenet_tcp_recvfrom_netlabel($1)
+	corenet_tcp_recvfrom_netlabel($2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_recvfrom_labeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Rules for receiving labeled UDP packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="peer_domain">
+##	<summary>
+##	Peer domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_udp_recvfrom_labeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_recvfrom_labeled'($*)) dnl
+	
+	allow $2 self:association sendto;
+	allow $1 $2:{ association udp_socket } recvfrom;
+
+	allow $1 $2:peer recv;
+
+	# allow receiving packets from MLS-only peers using NetLabel
+	corenet_udp_recvfrom_netlabel($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_recvfrom_labeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Rules for receiving labeled raw IP packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="peer_domain">
+##	<summary>
+##	Peer domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_raw_recvfrom_labeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_recvfrom_labeled'($*)) dnl
+	
+	allow $2 self:association sendto;
+	allow $1 $2:{ association rawip_socket } recvfrom;
+
+	allow $1 $2:peer recv;
+
+	# allow receiving packets from MLS-only peers using NetLabel
+	corenet_raw_recvfrom_netlabel($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_recvfrom_labeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Rules for receiving labeled packets via TCP, UDP and raw IP.
+## </summary>
+## <desc>
+##	<p>
+##	Rules for receiving labeled packets via TCP, UDP and raw IP.
+##	</p>
+##	<p>
+##	Due to the nature of TCP, the rules (for TCP
+##	networking only) are bidirectional.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="peer_domain">
+##	<summary>
+##	Peer domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_all_recvfrom_labeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_all_recvfrom_labeled'($*)) dnl
+	
+	corenet_sctp_recvfrom_labeled($1, $2)
+	corenet_tcp_recvfrom_labeled($1, $2)
+	corenet_udp_recvfrom_labeled($1, $2)
+	corenet_raw_recvfrom_labeled($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_all_recvfrom_labeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified type to set the context of
+##	a SPD entry for labeled ipsec associations.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_setcontext_all_spds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_setcontext_all_spds'($*)) dnl
+	
+	gen_require(`
+		attribute ipsec_spd_type;
+	')
+
+	allow $1 ipsec_spd_type:association setcontext;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_setcontext_all_spds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_send_generic_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_generic_client_packets'($*)) dnl
+	
+	gen_require(`
+		type client_packet_t;
+	')
+
+	allow $1 client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_generic_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive generic client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_receive_generic_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_generic_client_packets'($*)) dnl
+	
+	gen_require(`
+		type client_packet_t;
+	')
+
+	allow $1 client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_generic_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive generic client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sendrecv_generic_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_generic_client_packets'($*)) dnl
+	
+	corenet_send_generic_client_packets($1)
+	corenet_receive_generic_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_generic_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to the generic client packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_generic_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_generic_client_packets'($*)) dnl
+	
+	gen_require(`
+		type client_packet_t;
+	')
+
+	allow $1 client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_generic_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_send_generic_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_generic_server_packets'($*)) dnl
+	
+	gen_require(`
+		type server_packet_t;
+	')
+
+	allow $1 server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_generic_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive generic server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_receive_generic_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_generic_server_packets'($*)) dnl
+	
+	gen_require(`
+		type server_packet_t;
+	')
+
+	allow $1 server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_generic_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive generic server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sendrecv_generic_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_generic_server_packets'($*)) dnl
+	
+	corenet_send_generic_server_packets($1)
+	corenet_receive_generic_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_generic_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to the generic server packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_generic_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_generic_server_packets'($*)) dnl
+	
+	gen_require(`
+		type server_packet_t;
+	')
+
+	allow $1 server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_generic_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive unlabeled packets.
+## </summary>
+## <desc>
+##	<p>
+##	Send and receive unlabeled packets.
+##	These packets do not match any netfilter
+##	SECMARK rules.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sendrecv_unlabeled_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_unlabeled_packets'($*)) dnl
+	
+	kernel_sendrecv_unlabeled_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_unlabeled_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send all client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_send_all_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_all_client_packets'($*)) dnl
+	
+	gen_require(`
+		attribute client_packet_type;
+	')
+
+	allow $1 client_packet_type:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_all_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive all client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_receive_all_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_all_client_packets'($*)) dnl
+	
+	gen_require(`
+		attribute client_packet_type;
+	')
+
+	allow $1 client_packet_type:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_all_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive all client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sendrecv_all_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_all_client_packets'($*)) dnl
+	
+	corenet_send_all_client_packets($1)
+	corenet_receive_all_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_all_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to any client packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_all_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_all_client_packets'($*)) dnl
+	
+	gen_require(`
+		attribute client_packet_type;
+	')
+
+	allow $1 client_packet_type:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_all_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send all server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_send_all_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_all_server_packets'($*)) dnl
+	
+	gen_require(`
+		attribute server_packet_type;
+	')
+
+	allow $1 server_packet_type:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_all_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive SCTP packets from a NetLabel connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_recvfrom_netlabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_recvfrom_netlabel'($*)) dnl
+	
+	gen_require(`
+		type netlabel_peer_t;
+	')
+
+	allow $1 netlabel_peer_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_recvfrom_netlabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive all server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_receive_all_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_all_server_packets'($*)) dnl
+	
+	gen_require(`
+		attribute server_packet_type;
+	')
+
+	allow $1 server_packet_type:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_all_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive all server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sendrecv_all_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_all_server_packets'($*)) dnl
+	
+	corenet_send_all_server_packets($1)
+	corenet_receive_all_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_all_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to any server packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_all_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_all_server_packets'($*)) dnl
+	
+	gen_require(`
+		attribute server_packet_type;
+	')
+
+	allow $1 server_packet_type:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_all_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive SCTP packets from an unlabled connection.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_recvfrom_unlabeled'($*)) dnl
+	
+	gen_require(`
+		attribute corenet_unlabeled_type;
+	')
+
+	kernel_recvfrom_unlabeled_peer($1)
+
+	typeattribute $1 corenet_unlabeled_type;
+	kernel_sendrecv_unlabeled_association($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send all packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_send_all_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_all_packets'($*)) dnl
+	
+	gen_require(`
+		attribute packet_type;
+	')
+
+	allow $1 packet_type:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_all_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive all packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_receive_all_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_all_packets'($*)) dnl
+	
+	gen_require(`
+		attribute packet_type;
+	')
+
+	allow $1 packet_type:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_all_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive all packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sendrecv_all_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_all_packets'($*)) dnl
+	
+	corenet_send_all_packets($1)
+	corenet_receive_all_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_all_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to any packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_all_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_all_packets'($*)) dnl
+	
+	gen_require(`
+		attribute packet_type;
+	')
+
+	allow $1 packet_type:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_all_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Access unlabeled infiniband pkeys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_ib_access_unlabeled_pkeys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_ib_access_unlabeled_pkeys'($*)) dnl
+	
+	kernel_ib_access_unlabeled_pkeys($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_ib_access_unlabeled_pkeys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Access all labeled infiniband pkeys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_ib_access_all_pkeys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_ib_access_all_pkeys'($*)) dnl
+	
+	gen_require(`
+		attribute ibpkey_type;
+	')
+
+	allow $1 ibpkey_type:infiniband_pkey access;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_ib_access_all_pkeys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage subnets on all labeled Infiniband endports
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_ib_manage_subnet_all_endports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_ib_manage_subnet_all_endports'($*)) dnl
+	
+	gen_require(`
+		attribute ibendport_type;
+	')
+
+	allow $1 ibendport_type:infiniband_endport manage_subnet;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_ib_manage_subnet_all_endports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage subnet on all unlabeled Infiniband endports
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_ib_manage_subnet_unlabeled_endports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_ib_manage_subnet_unlabeled_endports'($*)) dnl
+	
+	kernel_ib_manage_subnet_unlabeled_endports($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_ib_manage_subnet_unlabeled_endports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Rules for receiving labeled SCTP packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="peer_domain">
+##	<summary>
+##	Peer domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_sctp_recvfrom_labeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sctp_recvfrom_labeled'($*)) dnl
+	
+	allow { $1 $2 } self:association sendto;
+	allow $1 $2:association recvfrom;
+	allow $2 $1:association recvfrom;
+
+	allow $1 $2:peer recv;
+	allow $2 $1:peer recv;
+
+	# allow receiving packets from MLS-only peers using NetLabel
+	corenet_sctp_recvfrom_netlabel($1)
+	corenet_sctp_recvfrom_netlabel($2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sctp_recvfrom_labeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to network objects.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute corenet_unconfined_type;
+	')
+
+	typeattribute $1 corenet_unconfined_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_unconfined'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_adb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_adb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_adb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_adb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_adb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_adb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_adb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_adb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_adb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_adb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_adb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_adb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_adb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_adb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_adb_port'($*)) dnl
+	
+	gen_require(`
+		type adb_port_t;
+	')
+
+	allow $1 adb_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_adb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_adb_port'($*)) dnl
+	
+	gen_require(`
+		type adb_port_t;
+	')
+
+	allow $1 adb_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_adb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_adb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_adb_port'($*)) dnl
+	
+	gen_require(`
+		type adb_port_t;
+	')
+
+	allow $1 adb_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_adb_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_adb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_adb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	allow $1 adb_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_adb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_adb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_adb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	dontaudit $1 adb_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_adb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_adb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_adb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	allow $1 adb_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_adb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_adb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_adb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	dontaudit $1 adb_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_adb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_adb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_adb_client_packets'($*)) dnl
+	
+	corenet_send_adb_client_packets($1)
+	corenet_receive_adb_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_adb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_adb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_adb_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_adb_client_packets($1)
+	corenet_dontaudit_receive_adb_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_adb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to adb_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_adb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_adb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	allow $1 adb_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_adb_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_adb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_adb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	allow $1 adb_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_adb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_adb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_adb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	dontaudit $1 adb_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_adb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_adb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_adb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	allow $1 adb_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_adb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_adb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_adb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	dontaudit $1 adb_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_adb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_adb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_adb_server_packets'($*)) dnl
+	
+	corenet_send_adb_server_packets($1)
+	corenet_receive_adb_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_adb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_adb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_adb_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_adb_server_packets($1)
+	corenet_dontaudit_receive_adb_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_adb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to adb_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_adb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_adb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	allow $1 adb_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_adb_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_afs_bos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_afs_bos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_afs_bos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_afs_bos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_afs_bos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_afs_bos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_afs_bos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_afs_bos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_afs_bos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_afs_bos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_afs_bos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_afs_bos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_afs_bos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_afs_bos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_afs_bos_port'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_port_t;
+	')
+
+	allow $1 afs_bos_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_afs_bos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_afs_bos_port'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_port_t;
+	')
+
+	allow $1 afs_bos_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_afs_bos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the afs_bos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_afs_bos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_afs_bos_port'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_port_t;
+	')
+
+	allow $1 afs_bos_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_afs_bos_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_bos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_bos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_bos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_client_packet_t;
+	')
+
+	allow $1 afs_bos_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_bos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_bos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_bos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_bos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_client_packet_t;
+	')
+
+	dontaudit $1 afs_bos_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_bos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_bos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_bos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_bos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_client_packet_t;
+	')
+
+	allow $1 afs_bos_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_bos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_bos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_bos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_bos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_client_packet_t;
+	')
+
+	dontaudit $1 afs_bos_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_bos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_bos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_bos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_bos_client_packets'($*)) dnl
+	
+	corenet_send_afs_bos_client_packets($1)
+	corenet_receive_afs_bos_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_bos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_bos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_bos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_bos_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_bos_client_packets($1)
+	corenet_dontaudit_receive_afs_bos_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_bos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_bos_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_bos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_bos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_client_packet_t;
+	')
+
+	allow $1 afs_bos_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_bos_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_bos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_bos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_bos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_server_packet_t;
+	')
+
+	allow $1 afs_bos_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_bos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_bos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_bos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_bos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_server_packet_t;
+	')
+
+	dontaudit $1 afs_bos_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_bos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_bos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_bos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_bos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_server_packet_t;
+	')
+
+	allow $1 afs_bos_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_bos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_bos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_bos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_bos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_server_packet_t;
+	')
+
+	dontaudit $1 afs_bos_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_bos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_bos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_bos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_bos_server_packets'($*)) dnl
+	
+	corenet_send_afs_bos_server_packets($1)
+	corenet_receive_afs_bos_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_bos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_bos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_bos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_bos_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_bos_server_packets($1)
+	corenet_dontaudit_receive_afs_bos_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_bos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_bos_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_bos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_bos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_bos_server_packet_t;
+	')
+
+	allow $1 afs_bos_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_bos_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_afs_fs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_afs_fs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_afs_fs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_afs_fs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_afs_fs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_afs_fs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_afs_fs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_afs_fs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_afs_fs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_afs_fs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_afs_fs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_afs_fs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_afs_fs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_afs_fs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_afs_fs_port'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_port_t;
+	')
+
+	allow $1 afs_fs_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_afs_fs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_afs_fs_port'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_port_t;
+	')
+
+	allow $1 afs_fs_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_afs_fs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the afs_fs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_afs_fs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_afs_fs_port'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_port_t;
+	')
+
+	allow $1 afs_fs_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_afs_fs_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_fs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_fs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_fs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_client_packet_t;
+	')
+
+	allow $1 afs_fs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_fs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_fs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_fs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_fs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_client_packet_t;
+	')
+
+	dontaudit $1 afs_fs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_fs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_fs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_fs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_fs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_client_packet_t;
+	')
+
+	allow $1 afs_fs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_fs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_fs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_fs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_fs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_client_packet_t;
+	')
+
+	dontaudit $1 afs_fs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_fs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_fs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_fs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_fs_client_packets'($*)) dnl
+	
+	corenet_send_afs_fs_client_packets($1)
+	corenet_receive_afs_fs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_fs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_fs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_fs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_fs_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_fs_client_packets($1)
+	corenet_dontaudit_receive_afs_fs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_fs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_fs_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_fs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_fs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_client_packet_t;
+	')
+
+	allow $1 afs_fs_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_fs_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_fs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_fs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_fs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_server_packet_t;
+	')
+
+	allow $1 afs_fs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_fs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_fs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_fs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_fs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_server_packet_t;
+	')
+
+	dontaudit $1 afs_fs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_fs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_fs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_fs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_fs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_server_packet_t;
+	')
+
+	allow $1 afs_fs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_fs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_fs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_fs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_fs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_server_packet_t;
+	')
+
+	dontaudit $1 afs_fs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_fs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_fs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_fs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_fs_server_packets'($*)) dnl
+	
+	corenet_send_afs_fs_server_packets($1)
+	corenet_receive_afs_fs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_fs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_fs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_fs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_fs_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_fs_server_packets($1)
+	corenet_dontaudit_receive_afs_fs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_fs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_fs_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_fs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_fs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_fs_server_packet_t;
+	')
+
+	allow $1 afs_fs_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_fs_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_afs_ka_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_afs_ka_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_afs_ka_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_afs_ka_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_afs_ka_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_afs_ka_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_afs_ka_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_afs_ka_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_afs_ka_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_afs_ka_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_afs_ka_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_afs_ka_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_afs_ka_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_afs_ka_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_afs_ka_port'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_port_t;
+	')
+
+	allow $1 afs_ka_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_afs_ka_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_afs_ka_port'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_port_t;
+	')
+
+	allow $1 afs_ka_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_afs_ka_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the afs_ka port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_afs_ka_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_afs_ka_port'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_port_t;
+	')
+
+	allow $1 afs_ka_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_afs_ka_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_ka_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_ka_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_ka_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_client_packet_t;
+	')
+
+	allow $1 afs_ka_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_ka_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_ka_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_ka_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_ka_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_client_packet_t;
+	')
+
+	dontaudit $1 afs_ka_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_ka_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_ka_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_ka_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_ka_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_client_packet_t;
+	')
+
+	allow $1 afs_ka_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_ka_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_ka_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_ka_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_ka_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_client_packet_t;
+	')
+
+	dontaudit $1 afs_ka_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_ka_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_ka_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_ka_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_ka_client_packets'($*)) dnl
+	
+	corenet_send_afs_ka_client_packets($1)
+	corenet_receive_afs_ka_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_ka_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_ka_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_ka_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_ka_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_ka_client_packets($1)
+	corenet_dontaudit_receive_afs_ka_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_ka_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_ka_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_ka_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_ka_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_client_packet_t;
+	')
+
+	allow $1 afs_ka_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_ka_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_ka_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_ka_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_ka_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_server_packet_t;
+	')
+
+	allow $1 afs_ka_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_ka_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_ka_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_ka_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_ka_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_server_packet_t;
+	')
+
+	dontaudit $1 afs_ka_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_ka_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_ka_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_ka_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_ka_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_server_packet_t;
+	')
+
+	allow $1 afs_ka_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_ka_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_ka_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_ka_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_ka_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_server_packet_t;
+	')
+
+	dontaudit $1 afs_ka_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_ka_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_ka_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_ka_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_ka_server_packets'($*)) dnl
+	
+	corenet_send_afs_ka_server_packets($1)
+	corenet_receive_afs_ka_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_ka_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_ka_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_ka_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_ka_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_ka_server_packets($1)
+	corenet_dontaudit_receive_afs_ka_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_ka_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_ka_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_ka_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_ka_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_ka_server_packet_t;
+	')
+
+	allow $1 afs_ka_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_ka_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_afs_pt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_afs_pt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_afs_pt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_afs_pt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_afs_pt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_afs_pt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_afs_pt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_afs_pt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_afs_pt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_afs_pt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_afs_pt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_afs_pt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_afs_pt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_afs_pt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_afs_pt_port'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_port_t;
+	')
+
+	allow $1 afs_pt_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_afs_pt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_afs_pt_port'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_port_t;
+	')
+
+	allow $1 afs_pt_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_afs_pt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the afs_pt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_afs_pt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_afs_pt_port'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_port_t;
+	')
+
+	allow $1 afs_pt_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_afs_pt_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_pt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_pt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_pt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_client_packet_t;
+	')
+
+	allow $1 afs_pt_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_pt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_pt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_pt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_pt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_client_packet_t;
+	')
+
+	dontaudit $1 afs_pt_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_pt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_pt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_pt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_pt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_client_packet_t;
+	')
+
+	allow $1 afs_pt_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_pt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_pt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_pt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_pt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_client_packet_t;
+	')
+
+	dontaudit $1 afs_pt_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_pt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_pt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_pt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_pt_client_packets'($*)) dnl
+	
+	corenet_send_afs_pt_client_packets($1)
+	corenet_receive_afs_pt_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_pt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_pt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_pt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_pt_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_pt_client_packets($1)
+	corenet_dontaudit_receive_afs_pt_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_pt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_pt_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_pt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_pt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_client_packet_t;
+	')
+
+	allow $1 afs_pt_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_pt_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_pt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_pt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_pt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_server_packet_t;
+	')
+
+	allow $1 afs_pt_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_pt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_pt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_pt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_pt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_server_packet_t;
+	')
+
+	dontaudit $1 afs_pt_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_pt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_pt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_pt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_pt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_server_packet_t;
+	')
+
+	allow $1 afs_pt_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_pt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_pt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_pt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_pt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_server_packet_t;
+	')
+
+	dontaudit $1 afs_pt_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_pt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_pt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_pt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_pt_server_packets'($*)) dnl
+	
+	corenet_send_afs_pt_server_packets($1)
+	corenet_receive_afs_pt_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_pt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_pt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_pt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_pt_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_pt_server_packets($1)
+	corenet_dontaudit_receive_afs_pt_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_pt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_pt_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_pt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_pt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_pt_server_packet_t;
+	')
+
+	allow $1 afs_pt_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_pt_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_afs_vl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_afs_vl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_afs_vl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_afs_vl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_afs_vl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_afs_vl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_afs_vl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_afs_vl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_afs_vl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_afs_vl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_afs_vl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_afs_vl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_afs_vl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_afs_vl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_afs_vl_port'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_port_t;
+	')
+
+	allow $1 afs_vl_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_afs_vl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_afs_vl_port'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_port_t;
+	')
+
+	allow $1 afs_vl_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_afs_vl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the afs_vl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_afs_vl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_afs_vl_port'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_port_t;
+	')
+
+	allow $1 afs_vl_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_afs_vl_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_vl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_vl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_vl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_client_packet_t;
+	')
+
+	allow $1 afs_vl_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_vl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_vl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_vl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_vl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_client_packet_t;
+	')
+
+	dontaudit $1 afs_vl_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_vl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_vl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_vl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_vl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_client_packet_t;
+	')
+
+	allow $1 afs_vl_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_vl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_vl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_vl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_vl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_client_packet_t;
+	')
+
+	dontaudit $1 afs_vl_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_vl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_vl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_vl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_vl_client_packets'($*)) dnl
+	
+	corenet_send_afs_vl_client_packets($1)
+	corenet_receive_afs_vl_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_vl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_vl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_vl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_vl_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_vl_client_packets($1)
+	corenet_dontaudit_receive_afs_vl_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_vl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_vl_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_vl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_vl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_client_packet_t;
+	')
+
+	allow $1 afs_vl_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_vl_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs_vl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs_vl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs_vl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_server_packet_t;
+	')
+
+	allow $1 afs_vl_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs_vl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs_vl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs_vl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs_vl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_server_packet_t;
+	')
+
+	dontaudit $1 afs_vl_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs_vl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs_vl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs_vl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs_vl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_server_packet_t;
+	')
+
+	allow $1 afs_vl_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs_vl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs_vl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs_vl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs_vl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_server_packet_t;
+	')
+
+	dontaudit $1 afs_vl_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs_vl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs_vl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs_vl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs_vl_server_packets'($*)) dnl
+	
+	corenet_send_afs_vl_server_packets($1)
+	corenet_receive_afs_vl_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs_vl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs_vl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs_vl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs_vl_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs_vl_server_packets($1)
+	corenet_dontaudit_receive_afs_vl_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs_vl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs_vl_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs_vl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs_vl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs_vl_server_packet_t;
+	')
+
+	allow $1 afs_vl_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs_vl_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_afs3_callback_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_afs3_callback_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_afs3_callback_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_afs3_callback_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_afs3_callback_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_afs3_callback_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_afs3_callback_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_afs3_callback_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_afs3_callback_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_afs3_callback_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_afs3_callback_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_afs3_callback_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_afs3_callback_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_afs3_callback_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_afs3_callback_port'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_port_t;
+	')
+
+	allow $1 afs3_callback_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_afs3_callback_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_afs3_callback_port'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_port_t;
+	')
+
+	allow $1 afs3_callback_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_afs3_callback_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the afs3_callback port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_afs3_callback_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_afs3_callback_port'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_port_t;
+	')
+
+	allow $1 afs3_callback_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_afs3_callback_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs3_callback_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs3_callback_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs3_callback_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_client_packet_t;
+	')
+
+	allow $1 afs3_callback_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs3_callback_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs3_callback_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs3_callback_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs3_callback_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_client_packet_t;
+	')
+
+	dontaudit $1 afs3_callback_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs3_callback_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs3_callback_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs3_callback_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs3_callback_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_client_packet_t;
+	')
+
+	allow $1 afs3_callback_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs3_callback_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs3_callback_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs3_callback_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs3_callback_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_client_packet_t;
+	')
+
+	dontaudit $1 afs3_callback_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs3_callback_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs3_callback_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs3_callback_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs3_callback_client_packets'($*)) dnl
+	
+	corenet_send_afs3_callback_client_packets($1)
+	corenet_receive_afs3_callback_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs3_callback_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs3_callback_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs3_callback_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs3_callback_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs3_callback_client_packets($1)
+	corenet_dontaudit_receive_afs3_callback_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs3_callback_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs3_callback_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs3_callback_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs3_callback_client_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_client_packet_t;
+	')
+
+	allow $1 afs3_callback_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs3_callback_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send afs3_callback_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_afs3_callback_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_afs3_callback_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_server_packet_t;
+	')
+
+	allow $1 afs3_callback_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_afs3_callback_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send afs3_callback_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_afs3_callback_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_afs3_callback_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_server_packet_t;
+	')
+
+	dontaudit $1 afs3_callback_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_afs3_callback_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive afs3_callback_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_afs3_callback_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_afs3_callback_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_server_packet_t;
+	')
+
+	allow $1 afs3_callback_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_afs3_callback_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive afs3_callback_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_afs3_callback_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_afs3_callback_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_server_packet_t;
+	')
+
+	dontaudit $1 afs3_callback_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_afs3_callback_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive afs3_callback_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_afs3_callback_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_afs3_callback_server_packets'($*)) dnl
+	
+	corenet_send_afs3_callback_server_packets($1)
+	corenet_receive_afs3_callback_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_afs3_callback_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive afs3_callback_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_afs3_callback_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_afs3_callback_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_afs3_callback_server_packets($1)
+	corenet_dontaudit_receive_afs3_callback_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_afs3_callback_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to afs3_callback_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_afs3_callback_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_afs3_callback_server_packets'($*)) dnl
+	
+	gen_require(`
+		type afs3_callback_server_packet_t;
+	')
+
+	allow $1 afs3_callback_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_afs3_callback_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_agentx_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_agentx_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_agentx_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_agentx_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_agentx_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_agentx_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_agentx_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_agentx_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_agentx_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_agentx_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_agentx_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_agentx_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_agentx_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_agentx_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_agentx_port'($*)) dnl
+	
+	gen_require(`
+		type agentx_port_t;
+	')
+
+	allow $1 agentx_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_agentx_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_agentx_port'($*)) dnl
+	
+	gen_require(`
+		type agentx_port_t;
+	')
+
+	allow $1 agentx_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_agentx_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the agentx port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_agentx_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_agentx_port'($*)) dnl
+	
+	gen_require(`
+		type agentx_port_t;
+	')
+
+	allow $1 agentx_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_agentx_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send agentx_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_agentx_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_agentx_client_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_client_packet_t;
+	')
+
+	allow $1 agentx_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_agentx_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send agentx_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_agentx_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_agentx_client_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_client_packet_t;
+	')
+
+	dontaudit $1 agentx_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_agentx_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive agentx_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_agentx_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_agentx_client_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_client_packet_t;
+	')
+
+	allow $1 agentx_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_agentx_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive agentx_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_agentx_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_agentx_client_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_client_packet_t;
+	')
+
+	dontaudit $1 agentx_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_agentx_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive agentx_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_agentx_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_agentx_client_packets'($*)) dnl
+	
+	corenet_send_agentx_client_packets($1)
+	corenet_receive_agentx_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_agentx_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive agentx_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_agentx_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_agentx_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_agentx_client_packets($1)
+	corenet_dontaudit_receive_agentx_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_agentx_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to agentx_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_agentx_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_agentx_client_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_client_packet_t;
+	')
+
+	allow $1 agentx_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_agentx_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send agentx_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_agentx_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_agentx_server_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_server_packet_t;
+	')
+
+	allow $1 agentx_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_agentx_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send agentx_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_agentx_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_agentx_server_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_server_packet_t;
+	')
+
+	dontaudit $1 agentx_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_agentx_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive agentx_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_agentx_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_agentx_server_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_server_packet_t;
+	')
+
+	allow $1 agentx_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_agentx_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive agentx_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_agentx_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_agentx_server_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_server_packet_t;
+	')
+
+	dontaudit $1 agentx_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_agentx_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive agentx_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_agentx_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_agentx_server_packets'($*)) dnl
+	
+	corenet_send_agentx_server_packets($1)
+	corenet_receive_agentx_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_agentx_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive agentx_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_agentx_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_agentx_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_agentx_server_packets($1)
+	corenet_dontaudit_receive_agentx_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_agentx_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to agentx_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_agentx_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_agentx_server_packets'($*)) dnl
+	
+	gen_require(`
+		type agentx_server_packet_t;
+	')
+
+	allow $1 agentx_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_agentx_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_amanda_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_amanda_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_amanda_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_amanda_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_amanda_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_amanda_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_amanda_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_amanda_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_amanda_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_amanda_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_amanda_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_amanda_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_amanda_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_amanda_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_amanda_port'($*)) dnl
+	
+	gen_require(`
+		type amanda_port_t;
+	')
+
+	allow $1 amanda_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_amanda_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_amanda_port'($*)) dnl
+	
+	gen_require(`
+		type amanda_port_t;
+	')
+
+	allow $1 amanda_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_amanda_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the amanda port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_amanda_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_amanda_port'($*)) dnl
+	
+	gen_require(`
+		type amanda_port_t;
+	')
+
+	allow $1 amanda_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_amanda_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send amanda_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_amanda_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_amanda_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_client_packet_t;
+	')
+
+	allow $1 amanda_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_amanda_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send amanda_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_amanda_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_amanda_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_client_packet_t;
+	')
+
+	dontaudit $1 amanda_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_amanda_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive amanda_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_amanda_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_amanda_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_client_packet_t;
+	')
+
+	allow $1 amanda_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_amanda_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive amanda_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_amanda_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_amanda_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_client_packet_t;
+	')
+
+	dontaudit $1 amanda_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_amanda_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive amanda_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_amanda_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_amanda_client_packets'($*)) dnl
+	
+	corenet_send_amanda_client_packets($1)
+	corenet_receive_amanda_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_amanda_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive amanda_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_amanda_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_amanda_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_amanda_client_packets($1)
+	corenet_dontaudit_receive_amanda_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_amanda_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to amanda_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_amanda_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_amanda_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_client_packet_t;
+	')
+
+	allow $1 amanda_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_amanda_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send amanda_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_amanda_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_amanda_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_server_packet_t;
+	')
+
+	allow $1 amanda_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_amanda_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send amanda_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_amanda_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_amanda_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_server_packet_t;
+	')
+
+	dontaudit $1 amanda_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_amanda_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive amanda_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_amanda_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_amanda_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_server_packet_t;
+	')
+
+	allow $1 amanda_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_amanda_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive amanda_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_amanda_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_amanda_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_server_packet_t;
+	')
+
+	dontaudit $1 amanda_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_amanda_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive amanda_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_amanda_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_amanda_server_packets'($*)) dnl
+	
+	corenet_send_amanda_server_packets($1)
+	corenet_receive_amanda_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_amanda_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive amanda_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_amanda_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_amanda_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_amanda_server_packets($1)
+	corenet_dontaudit_receive_amanda_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_amanda_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to amanda_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_amanda_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_amanda_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amanda_server_packet_t;
+	')
+
+	allow $1 amanda_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_amanda_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_amavisd_recv_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_amavisd_recv_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_amavisd_recv_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_amavisd_recv_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_amavisd_recv_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_amavisd_recv_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_amavisd_recv_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_amavisd_recv_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_amavisd_recv_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_amavisd_recv_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_amavisd_recv_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_amavisd_recv_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_amavisd_recv_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_amavisd_recv_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_amavisd_recv_port'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_port_t;
+	')
+
+	allow $1 amavisd_recv_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_amavisd_recv_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_amavisd_recv_port'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_port_t;
+	')
+
+	allow $1 amavisd_recv_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_amavisd_recv_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the amavisd_recv port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_amavisd_recv_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_amavisd_recv_port'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_port_t;
+	')
+
+	allow $1 amavisd_recv_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_amavisd_recv_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send amavisd_recv_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_amavisd_recv_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_amavisd_recv_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_client_packet_t;
+	')
+
+	allow $1 amavisd_recv_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_amavisd_recv_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send amavisd_recv_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_amavisd_recv_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_amavisd_recv_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_client_packet_t;
+	')
+
+	dontaudit $1 amavisd_recv_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_amavisd_recv_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive amavisd_recv_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_amavisd_recv_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_amavisd_recv_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_client_packet_t;
+	')
+
+	allow $1 amavisd_recv_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_amavisd_recv_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive amavisd_recv_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_amavisd_recv_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_amavisd_recv_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_client_packet_t;
+	')
+
+	dontaudit $1 amavisd_recv_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_amavisd_recv_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive amavisd_recv_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_amavisd_recv_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_amavisd_recv_client_packets'($*)) dnl
+	
+	corenet_send_amavisd_recv_client_packets($1)
+	corenet_receive_amavisd_recv_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_amavisd_recv_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive amavisd_recv_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_amavisd_recv_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_amavisd_recv_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_amavisd_recv_client_packets($1)
+	corenet_dontaudit_receive_amavisd_recv_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_amavisd_recv_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to amavisd_recv_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_amavisd_recv_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_amavisd_recv_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_client_packet_t;
+	')
+
+	allow $1 amavisd_recv_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_amavisd_recv_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send amavisd_recv_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_amavisd_recv_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_amavisd_recv_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_server_packet_t;
+	')
+
+	allow $1 amavisd_recv_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_amavisd_recv_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send amavisd_recv_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_amavisd_recv_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_amavisd_recv_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_server_packet_t;
+	')
+
+	dontaudit $1 amavisd_recv_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_amavisd_recv_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive amavisd_recv_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_amavisd_recv_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_amavisd_recv_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_server_packet_t;
+	')
+
+	allow $1 amavisd_recv_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_amavisd_recv_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive amavisd_recv_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_amavisd_recv_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_amavisd_recv_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_server_packet_t;
+	')
+
+	dontaudit $1 amavisd_recv_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_amavisd_recv_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive amavisd_recv_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_amavisd_recv_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_amavisd_recv_server_packets'($*)) dnl
+	
+	corenet_send_amavisd_recv_server_packets($1)
+	corenet_receive_amavisd_recv_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_amavisd_recv_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive amavisd_recv_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_amavisd_recv_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_amavisd_recv_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_amavisd_recv_server_packets($1)
+	corenet_dontaudit_receive_amavisd_recv_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_amavisd_recv_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to amavisd_recv_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_amavisd_recv_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_amavisd_recv_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_recv_server_packet_t;
+	')
+
+	allow $1 amavisd_recv_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_amavisd_recv_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_amavisd_send_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_amavisd_send_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_amavisd_send_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_amavisd_send_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_amavisd_send_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_amavisd_send_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_amavisd_send_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_amavisd_send_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_amavisd_send_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_amavisd_send_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_amavisd_send_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_amavisd_send_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_amavisd_send_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_amavisd_send_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_amavisd_send_port'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_port_t;
+	')
+
+	allow $1 amavisd_send_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_amavisd_send_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_amavisd_send_port'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_port_t;
+	')
+
+	allow $1 amavisd_send_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_amavisd_send_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the amavisd_send port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_amavisd_send_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_amavisd_send_port'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_port_t;
+	')
+
+	allow $1 amavisd_send_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_amavisd_send_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send amavisd_send_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_amavisd_send_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_amavisd_send_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_client_packet_t;
+	')
+
+	allow $1 amavisd_send_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_amavisd_send_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send amavisd_send_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_amavisd_send_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_amavisd_send_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_client_packet_t;
+	')
+
+	dontaudit $1 amavisd_send_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_amavisd_send_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive amavisd_send_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_amavisd_send_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_amavisd_send_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_client_packet_t;
+	')
+
+	allow $1 amavisd_send_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_amavisd_send_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive amavisd_send_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_amavisd_send_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_amavisd_send_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_client_packet_t;
+	')
+
+	dontaudit $1 amavisd_send_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_amavisd_send_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive amavisd_send_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_amavisd_send_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_amavisd_send_client_packets'($*)) dnl
+	
+	corenet_send_amavisd_send_client_packets($1)
+	corenet_receive_amavisd_send_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_amavisd_send_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive amavisd_send_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_amavisd_send_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_amavisd_send_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_amavisd_send_client_packets($1)
+	corenet_dontaudit_receive_amavisd_send_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_amavisd_send_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to amavisd_send_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_amavisd_send_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_amavisd_send_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_client_packet_t;
+	')
+
+	allow $1 amavisd_send_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_amavisd_send_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send amavisd_send_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_amavisd_send_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_amavisd_send_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_server_packet_t;
+	')
+
+	allow $1 amavisd_send_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_amavisd_send_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send amavisd_send_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_amavisd_send_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_amavisd_send_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_server_packet_t;
+	')
+
+	dontaudit $1 amavisd_send_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_amavisd_send_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive amavisd_send_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_amavisd_send_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_amavisd_send_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_server_packet_t;
+	')
+
+	allow $1 amavisd_send_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_amavisd_send_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive amavisd_send_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_amavisd_send_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_amavisd_send_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_server_packet_t;
+	')
+
+	dontaudit $1 amavisd_send_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_amavisd_send_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive amavisd_send_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_amavisd_send_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_amavisd_send_server_packets'($*)) dnl
+	
+	corenet_send_amavisd_send_server_packets($1)
+	corenet_receive_amavisd_send_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_amavisd_send_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive amavisd_send_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_amavisd_send_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_amavisd_send_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_amavisd_send_server_packets($1)
+	corenet_dontaudit_receive_amavisd_send_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_amavisd_send_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to amavisd_send_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_amavisd_send_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_amavisd_send_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amavisd_send_server_packet_t;
+	')
+
+	allow $1 amavisd_send_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_amavisd_send_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_amqp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_amqp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_amqp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_amqp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_amqp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_amqp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_amqp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_amqp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_amqp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_amqp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_amqp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_amqp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_amqp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_amqp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_amqp_port'($*)) dnl
+	
+	gen_require(`
+		type amqp_port_t;
+	')
+
+	allow $1 amqp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_amqp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_amqp_port'($*)) dnl
+	
+	gen_require(`
+		type amqp_port_t;
+	')
+
+	allow $1 amqp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_amqp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the amqp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_amqp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_amqp_port'($*)) dnl
+	
+	gen_require(`
+		type amqp_port_t;
+	')
+
+	allow $1 amqp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_amqp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send amqp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_amqp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_amqp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_client_packet_t;
+	')
+
+	allow $1 amqp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_amqp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send amqp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_amqp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_amqp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_client_packet_t;
+	')
+
+	dontaudit $1 amqp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_amqp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive amqp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_amqp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_amqp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_client_packet_t;
+	')
+
+	allow $1 amqp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_amqp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive amqp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_amqp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_amqp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_client_packet_t;
+	')
+
+	dontaudit $1 amqp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_amqp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive amqp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_amqp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_amqp_client_packets'($*)) dnl
+	
+	corenet_send_amqp_client_packets($1)
+	corenet_receive_amqp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_amqp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive amqp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_amqp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_amqp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_amqp_client_packets($1)
+	corenet_dontaudit_receive_amqp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_amqp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to amqp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_amqp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_amqp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_client_packet_t;
+	')
+
+	allow $1 amqp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_amqp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send amqp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_amqp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_amqp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_server_packet_t;
+	')
+
+	allow $1 amqp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_amqp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send amqp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_amqp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_amqp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_server_packet_t;
+	')
+
+	dontaudit $1 amqp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_amqp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive amqp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_amqp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_amqp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_server_packet_t;
+	')
+
+	allow $1 amqp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_amqp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive amqp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_amqp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_amqp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_server_packet_t;
+	')
+
+	dontaudit $1 amqp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_amqp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive amqp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_amqp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_amqp_server_packets'($*)) dnl
+	
+	corenet_send_amqp_server_packets($1)
+	corenet_receive_amqp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_amqp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive amqp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_amqp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_amqp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_amqp_server_packets($1)
+	corenet_dontaudit_receive_amqp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_amqp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to amqp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_amqp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_amqp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type amqp_server_packet_t;
+	')
+
+	allow $1 amqp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_amqp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_aol_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_aol_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_aol_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_aol_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_aol_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_aol_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_aol_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_aol_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_aol_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_aol_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_aol_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_aol_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_aol_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_aol_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_aol_port'($*)) dnl
+	
+	gen_require(`
+		type aol_port_t;
+	')
+
+	allow $1 aol_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_aol_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_aol_port'($*)) dnl
+	
+	gen_require(`
+		type aol_port_t;
+	')
+
+	allow $1 aol_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_aol_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the aol port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_aol_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_aol_port'($*)) dnl
+	
+	gen_require(`
+		type aol_port_t;
+	')
+
+	allow $1 aol_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_aol_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send aol_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_aol_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_aol_client_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_client_packet_t;
+	')
+
+	allow $1 aol_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_aol_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send aol_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_aol_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_aol_client_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_client_packet_t;
+	')
+
+	dontaudit $1 aol_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_aol_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive aol_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_aol_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_aol_client_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_client_packet_t;
+	')
+
+	allow $1 aol_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_aol_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive aol_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_aol_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_aol_client_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_client_packet_t;
+	')
+
+	dontaudit $1 aol_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_aol_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive aol_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_aol_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_aol_client_packets'($*)) dnl
+	
+	corenet_send_aol_client_packets($1)
+	corenet_receive_aol_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_aol_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive aol_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_aol_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_aol_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_aol_client_packets($1)
+	corenet_dontaudit_receive_aol_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_aol_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to aol_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_aol_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_aol_client_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_client_packet_t;
+	')
+
+	allow $1 aol_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_aol_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send aol_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_aol_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_aol_server_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_server_packet_t;
+	')
+
+	allow $1 aol_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_aol_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send aol_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_aol_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_aol_server_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_server_packet_t;
+	')
+
+	dontaudit $1 aol_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_aol_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive aol_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_aol_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_aol_server_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_server_packet_t;
+	')
+
+	allow $1 aol_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_aol_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive aol_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_aol_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_aol_server_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_server_packet_t;
+	')
+
+	dontaudit $1 aol_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_aol_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive aol_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_aol_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_aol_server_packets'($*)) dnl
+	
+	corenet_send_aol_server_packets($1)
+	corenet_receive_aol_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_aol_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive aol_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_aol_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_aol_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_aol_server_packets($1)
+	corenet_dontaudit_receive_aol_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_aol_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to aol_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_aol_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_aol_server_packets'($*)) dnl
+	
+	gen_require(`
+		type aol_server_packet_t;
+	')
+
+	allow $1 aol_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_aol_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_apcupsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_apcupsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_apcupsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_apcupsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_apcupsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_apcupsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_apcupsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_apcupsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_apcupsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_apcupsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_apcupsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_apcupsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_apcupsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_apcupsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_apcupsd_port'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_port_t;
+	')
+
+	allow $1 apcupsd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_apcupsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_apcupsd_port'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_port_t;
+	')
+
+	allow $1 apcupsd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_apcupsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the apcupsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_apcupsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_apcupsd_port'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_port_t;
+	')
+
+	allow $1 apcupsd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_apcupsd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send apcupsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_apcupsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_apcupsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_client_packet_t;
+	')
+
+	allow $1 apcupsd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_apcupsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send apcupsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_apcupsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_apcupsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_client_packet_t;
+	')
+
+	dontaudit $1 apcupsd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_apcupsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive apcupsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_apcupsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_apcupsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_client_packet_t;
+	')
+
+	allow $1 apcupsd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_apcupsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive apcupsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_apcupsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_apcupsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_client_packet_t;
+	')
+
+	dontaudit $1 apcupsd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_apcupsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive apcupsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_apcupsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_apcupsd_client_packets'($*)) dnl
+	
+	corenet_send_apcupsd_client_packets($1)
+	corenet_receive_apcupsd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_apcupsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive apcupsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_apcupsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_apcupsd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_apcupsd_client_packets($1)
+	corenet_dontaudit_receive_apcupsd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_apcupsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to apcupsd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_apcupsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_apcupsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_client_packet_t;
+	')
+
+	allow $1 apcupsd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_apcupsd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send apcupsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_apcupsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_apcupsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_server_packet_t;
+	')
+
+	allow $1 apcupsd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_apcupsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send apcupsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_apcupsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_apcupsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_server_packet_t;
+	')
+
+	dontaudit $1 apcupsd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_apcupsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive apcupsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_apcupsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_apcupsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_server_packet_t;
+	')
+
+	allow $1 apcupsd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_apcupsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive apcupsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_apcupsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_apcupsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_server_packet_t;
+	')
+
+	dontaudit $1 apcupsd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_apcupsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive apcupsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_apcupsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_apcupsd_server_packets'($*)) dnl
+	
+	corenet_send_apcupsd_server_packets($1)
+	corenet_receive_apcupsd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_apcupsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive apcupsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_apcupsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_apcupsd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_apcupsd_server_packets($1)
+	corenet_dontaudit_receive_apcupsd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_apcupsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to apcupsd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_apcupsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_apcupsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_server_packet_t;
+	')
+
+	allow $1 apcupsd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_apcupsd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_apertus_ldp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_apertus_ldp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_apertus_ldp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_apertus_ldp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_apertus_ldp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_apertus_ldp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_apertus_ldp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_apertus_ldp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_apertus_ldp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_apertus_ldp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_apertus_ldp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_apertus_ldp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_apertus_ldp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_apertus_ldp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_apertus_ldp_port'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_port_t;
+	')
+
+	allow $1 apertus_ldp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_apertus_ldp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_apertus_ldp_port'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_port_t;
+	')
+
+	allow $1 apertus_ldp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_apertus_ldp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the apertus_ldp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_apertus_ldp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_apertus_ldp_port'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_port_t;
+	')
+
+	allow $1 apertus_ldp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_apertus_ldp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send apertus_ldp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_apertus_ldp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_apertus_ldp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_client_packet_t;
+	')
+
+	allow $1 apertus_ldp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_apertus_ldp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send apertus_ldp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_apertus_ldp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_apertus_ldp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_client_packet_t;
+	')
+
+	dontaudit $1 apertus_ldp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_apertus_ldp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive apertus_ldp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_apertus_ldp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_apertus_ldp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_client_packet_t;
+	')
+
+	allow $1 apertus_ldp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_apertus_ldp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive apertus_ldp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_apertus_ldp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_apertus_ldp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_client_packet_t;
+	')
+
+	dontaudit $1 apertus_ldp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_apertus_ldp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive apertus_ldp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_apertus_ldp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_apertus_ldp_client_packets'($*)) dnl
+	
+	corenet_send_apertus_ldp_client_packets($1)
+	corenet_receive_apertus_ldp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_apertus_ldp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive apertus_ldp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_apertus_ldp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_apertus_ldp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_apertus_ldp_client_packets($1)
+	corenet_dontaudit_receive_apertus_ldp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_apertus_ldp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to apertus_ldp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_apertus_ldp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_apertus_ldp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_client_packet_t;
+	')
+
+	allow $1 apertus_ldp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_apertus_ldp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send apertus_ldp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_apertus_ldp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_apertus_ldp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_server_packet_t;
+	')
+
+	allow $1 apertus_ldp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_apertus_ldp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send apertus_ldp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_apertus_ldp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_apertus_ldp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_server_packet_t;
+	')
+
+	dontaudit $1 apertus_ldp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_apertus_ldp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive apertus_ldp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_apertus_ldp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_apertus_ldp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_server_packet_t;
+	')
+
+	allow $1 apertus_ldp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_apertus_ldp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive apertus_ldp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_apertus_ldp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_apertus_ldp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_server_packet_t;
+	')
+
+	dontaudit $1 apertus_ldp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_apertus_ldp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive apertus_ldp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_apertus_ldp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_apertus_ldp_server_packets'($*)) dnl
+	
+	corenet_send_apertus_ldp_server_packets($1)
+	corenet_receive_apertus_ldp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_apertus_ldp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive apertus_ldp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_apertus_ldp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_apertus_ldp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_apertus_ldp_server_packets($1)
+	corenet_dontaudit_receive_apertus_ldp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_apertus_ldp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to apertus_ldp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_apertus_ldp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_apertus_ldp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type apertus_ldp_server_packet_t;
+	')
+
+	allow $1 apertus_ldp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_apertus_ldp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_armtechdaemon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_armtechdaemon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_armtechdaemon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_armtechdaemon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_armtechdaemon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_armtechdaemon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_armtechdaemon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_armtechdaemon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_armtechdaemon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_armtechdaemon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_armtechdaemon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_armtechdaemon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_armtechdaemon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_armtechdaemon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_armtechdaemon_port'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_port_t;
+	')
+
+	allow $1 armtechdaemon_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_armtechdaemon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_armtechdaemon_port'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_port_t;
+	')
+
+	allow $1 armtechdaemon_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_armtechdaemon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the armtechdaemon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_armtechdaemon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_armtechdaemon_port'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_port_t;
+	')
+
+	allow $1 armtechdaemon_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_armtechdaemon_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send armtechdaemon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_armtechdaemon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_armtechdaemon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_client_packet_t;
+	')
+
+	allow $1 armtechdaemon_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_armtechdaemon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send armtechdaemon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_armtechdaemon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_armtechdaemon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_client_packet_t;
+	')
+
+	dontaudit $1 armtechdaemon_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_armtechdaemon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive armtechdaemon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_armtechdaemon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_armtechdaemon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_client_packet_t;
+	')
+
+	allow $1 armtechdaemon_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_armtechdaemon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive armtechdaemon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_armtechdaemon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_armtechdaemon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_client_packet_t;
+	')
+
+	dontaudit $1 armtechdaemon_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_armtechdaemon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive armtechdaemon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_armtechdaemon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_armtechdaemon_client_packets'($*)) dnl
+	
+	corenet_send_armtechdaemon_client_packets($1)
+	corenet_receive_armtechdaemon_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_armtechdaemon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive armtechdaemon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_armtechdaemon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_armtechdaemon_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_armtechdaemon_client_packets($1)
+	corenet_dontaudit_receive_armtechdaemon_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_armtechdaemon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to armtechdaemon_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_armtechdaemon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_armtechdaemon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_client_packet_t;
+	')
+
+	allow $1 armtechdaemon_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_armtechdaemon_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send armtechdaemon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_armtechdaemon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_armtechdaemon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_server_packet_t;
+	')
+
+	allow $1 armtechdaemon_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_armtechdaemon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send armtechdaemon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_armtechdaemon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_armtechdaemon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_server_packet_t;
+	')
+
+	dontaudit $1 armtechdaemon_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_armtechdaemon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive armtechdaemon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_armtechdaemon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_armtechdaemon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_server_packet_t;
+	')
+
+	allow $1 armtechdaemon_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_armtechdaemon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive armtechdaemon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_armtechdaemon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_armtechdaemon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_server_packet_t;
+	')
+
+	dontaudit $1 armtechdaemon_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_armtechdaemon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive armtechdaemon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_armtechdaemon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_armtechdaemon_server_packets'($*)) dnl
+	
+	corenet_send_armtechdaemon_server_packets($1)
+	corenet_receive_armtechdaemon_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_armtechdaemon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive armtechdaemon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_armtechdaemon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_armtechdaemon_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_armtechdaemon_server_packets($1)
+	corenet_dontaudit_receive_armtechdaemon_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_armtechdaemon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to armtechdaemon_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_armtechdaemon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_armtechdaemon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type armtechdaemon_server_packet_t;
+	')
+
+	allow $1 armtechdaemon_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_armtechdaemon_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_asterisk_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_asterisk_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_asterisk_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_asterisk_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_asterisk_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_asterisk_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_asterisk_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_asterisk_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_asterisk_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_asterisk_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_asterisk_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_asterisk_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_asterisk_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_asterisk_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_asterisk_port'($*)) dnl
+	
+	gen_require(`
+		type asterisk_port_t;
+	')
+
+	allow $1 asterisk_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_asterisk_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_asterisk_port'($*)) dnl
+	
+	gen_require(`
+		type asterisk_port_t;
+	')
+
+	allow $1 asterisk_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_asterisk_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the asterisk port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_asterisk_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_asterisk_port'($*)) dnl
+	
+	gen_require(`
+		type asterisk_port_t;
+	')
+
+	allow $1 asterisk_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_asterisk_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send asterisk_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_asterisk_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_asterisk_client_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_client_packet_t;
+	')
+
+	allow $1 asterisk_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_asterisk_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send asterisk_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_asterisk_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_asterisk_client_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_client_packet_t;
+	')
+
+	dontaudit $1 asterisk_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_asterisk_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive asterisk_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_asterisk_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_asterisk_client_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_client_packet_t;
+	')
+
+	allow $1 asterisk_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_asterisk_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive asterisk_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_asterisk_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_asterisk_client_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_client_packet_t;
+	')
+
+	dontaudit $1 asterisk_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_asterisk_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive asterisk_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_asterisk_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_asterisk_client_packets'($*)) dnl
+	
+	corenet_send_asterisk_client_packets($1)
+	corenet_receive_asterisk_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_asterisk_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive asterisk_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_asterisk_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_asterisk_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_asterisk_client_packets($1)
+	corenet_dontaudit_receive_asterisk_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_asterisk_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to asterisk_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_asterisk_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_asterisk_client_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_client_packet_t;
+	')
+
+	allow $1 asterisk_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_asterisk_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send asterisk_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_asterisk_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_asterisk_server_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_server_packet_t;
+	')
+
+	allow $1 asterisk_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_asterisk_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send asterisk_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_asterisk_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_asterisk_server_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_server_packet_t;
+	')
+
+	dontaudit $1 asterisk_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_asterisk_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive asterisk_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_asterisk_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_asterisk_server_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_server_packet_t;
+	')
+
+	allow $1 asterisk_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_asterisk_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive asterisk_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_asterisk_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_asterisk_server_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_server_packet_t;
+	')
+
+	dontaudit $1 asterisk_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_asterisk_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive asterisk_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_asterisk_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_asterisk_server_packets'($*)) dnl
+	
+	corenet_send_asterisk_server_packets($1)
+	corenet_receive_asterisk_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_asterisk_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive asterisk_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_asterisk_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_asterisk_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_asterisk_server_packets($1)
+	corenet_dontaudit_receive_asterisk_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_asterisk_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to asterisk_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_asterisk_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_asterisk_server_packets'($*)) dnl
+	
+	gen_require(`
+		type asterisk_server_packet_t;
+	')
+
+	allow $1 asterisk_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_asterisk_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_audit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_audit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_audit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_audit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_audit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_audit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_audit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_audit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_audit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_audit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_audit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_audit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_audit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_audit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_audit_port'($*)) dnl
+	
+	gen_require(`
+		type audit_port_t;
+	')
+
+	allow $1 audit_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_audit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_audit_port'($*)) dnl
+	
+	gen_require(`
+		type audit_port_t;
+	')
+
+	allow $1 audit_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_audit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the audit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_audit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_audit_port'($*)) dnl
+	
+	gen_require(`
+		type audit_port_t;
+	')
+
+	allow $1 audit_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_audit_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send audit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_audit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_audit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_client_packet_t;
+	')
+
+	allow $1 audit_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_audit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send audit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_audit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_audit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_client_packet_t;
+	')
+
+	dontaudit $1 audit_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_audit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive audit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_audit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_audit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_client_packet_t;
+	')
+
+	allow $1 audit_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_audit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive audit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_audit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_audit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_client_packet_t;
+	')
+
+	dontaudit $1 audit_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_audit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive audit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_audit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_audit_client_packets'($*)) dnl
+	
+	corenet_send_audit_client_packets($1)
+	corenet_receive_audit_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_audit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive audit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_audit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_audit_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_audit_client_packets($1)
+	corenet_dontaudit_receive_audit_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_audit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to audit_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_audit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_audit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_client_packet_t;
+	')
+
+	allow $1 audit_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_audit_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send audit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_audit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_audit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_server_packet_t;
+	')
+
+	allow $1 audit_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_audit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send audit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_audit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_audit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_server_packet_t;
+	')
+
+	dontaudit $1 audit_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_audit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive audit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_audit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_audit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_server_packet_t;
+	')
+
+	allow $1 audit_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_audit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive audit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_audit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_audit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_server_packet_t;
+	')
+
+	dontaudit $1 audit_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_audit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive audit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_audit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_audit_server_packets'($*)) dnl
+	
+	corenet_send_audit_server_packets($1)
+	corenet_receive_audit_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_audit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive audit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_audit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_audit_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_audit_server_packets($1)
+	corenet_dontaudit_receive_audit_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_audit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to audit_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_audit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_audit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type audit_server_packet_t;
+	')
+
+	allow $1 audit_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_audit_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_auth_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_auth_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_auth_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_auth_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_auth_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_auth_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_auth_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_auth_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_auth_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_auth_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_auth_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_auth_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_auth_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_auth_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_auth_port'($*)) dnl
+	
+	gen_require(`
+		type auth_port_t;
+	')
+
+	allow $1 auth_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_auth_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_auth_port'($*)) dnl
+	
+	gen_require(`
+		type auth_port_t;
+	')
+
+	allow $1 auth_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_auth_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the auth port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_auth_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_auth_port'($*)) dnl
+	
+	gen_require(`
+		type auth_port_t;
+	')
+
+	allow $1 auth_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_auth_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send auth_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_auth_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_auth_client_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_client_packet_t;
+	')
+
+	allow $1 auth_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_auth_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send auth_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_auth_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_auth_client_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_client_packet_t;
+	')
+
+	dontaudit $1 auth_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_auth_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive auth_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_auth_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_auth_client_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_client_packet_t;
+	')
+
+	allow $1 auth_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_auth_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive auth_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_auth_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_auth_client_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_client_packet_t;
+	')
+
+	dontaudit $1 auth_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_auth_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive auth_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_auth_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_auth_client_packets'($*)) dnl
+	
+	corenet_send_auth_client_packets($1)
+	corenet_receive_auth_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_auth_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive auth_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_auth_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_auth_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_auth_client_packets($1)
+	corenet_dontaudit_receive_auth_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_auth_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to auth_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_auth_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_auth_client_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_client_packet_t;
+	')
+
+	allow $1 auth_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_auth_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send auth_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_auth_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_auth_server_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_server_packet_t;
+	')
+
+	allow $1 auth_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_auth_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send auth_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_auth_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_auth_server_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_server_packet_t;
+	')
+
+	dontaudit $1 auth_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_auth_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive auth_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_auth_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_auth_server_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_server_packet_t;
+	')
+
+	allow $1 auth_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_auth_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive auth_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_auth_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_auth_server_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_server_packet_t;
+	')
+
+	dontaudit $1 auth_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_auth_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive auth_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_auth_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_auth_server_packets'($*)) dnl
+	
+	corenet_send_auth_server_packets($1)
+	corenet_receive_auth_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_auth_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive auth_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_auth_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_auth_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_auth_server_packets($1)
+	corenet_dontaudit_receive_auth_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_auth_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to auth_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_auth_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_auth_server_packets'($*)) dnl
+	
+	gen_require(`
+		type auth_server_packet_t;
+	')
+
+	allow $1 auth_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_auth_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_bgp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_bgp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_bgp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_bgp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_bgp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_bgp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_bgp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_bgp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_bgp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_bgp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_bgp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_bgp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_bgp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_bgp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_bgp_port'($*)) dnl
+	
+	gen_require(`
+		type bgp_port_t;
+	')
+
+	allow $1 bgp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_bgp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_bgp_port'($*)) dnl
+	
+	gen_require(`
+		type bgp_port_t;
+	')
+
+	allow $1 bgp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_bgp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the bgp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_bgp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_bgp_port'($*)) dnl
+	
+	gen_require(`
+		type bgp_port_t;
+	')
+
+	allow $1 bgp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_bgp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send bgp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_bgp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_bgp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_client_packet_t;
+	')
+
+	allow $1 bgp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_bgp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send bgp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_bgp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_bgp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_client_packet_t;
+	')
+
+	dontaudit $1 bgp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_bgp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive bgp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_bgp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_bgp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_client_packet_t;
+	')
+
+	allow $1 bgp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_bgp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive bgp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_bgp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_bgp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_client_packet_t;
+	')
+
+	dontaudit $1 bgp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_bgp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive bgp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_bgp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_bgp_client_packets'($*)) dnl
+	
+	corenet_send_bgp_client_packets($1)
+	corenet_receive_bgp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_bgp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive bgp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_bgp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_bgp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_bgp_client_packets($1)
+	corenet_dontaudit_receive_bgp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_bgp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to bgp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_bgp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_bgp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_client_packet_t;
+	')
+
+	allow $1 bgp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_bgp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send bgp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_bgp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_bgp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_server_packet_t;
+	')
+
+	allow $1 bgp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_bgp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send bgp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_bgp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_bgp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_server_packet_t;
+	')
+
+	dontaudit $1 bgp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_bgp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive bgp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_bgp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_bgp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_server_packet_t;
+	')
+
+	allow $1 bgp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_bgp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive bgp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_bgp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_bgp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_server_packet_t;
+	')
+
+	dontaudit $1 bgp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_bgp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive bgp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_bgp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_bgp_server_packets'($*)) dnl
+	
+	corenet_send_bgp_server_packets($1)
+	corenet_receive_bgp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_bgp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive bgp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_bgp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_bgp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_bgp_server_packets($1)
+	corenet_dontaudit_receive_bgp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_bgp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to bgp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_bgp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_bgp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bgp_server_packet_t;
+	')
+
+	allow $1 bgp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_bgp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_bitcoin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_bitcoin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_bitcoin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_bitcoin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_bitcoin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_bitcoin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_bitcoin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_bitcoin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_bitcoin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_bitcoin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_bitcoin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_bitcoin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_bitcoin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_bitcoin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_bitcoin_port'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_port_t;
+	')
+
+	allow $1 bitcoin_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_bitcoin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_bitcoin_port'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_port_t;
+	')
+
+	allow $1 bitcoin_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_bitcoin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the bitcoin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_bitcoin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_bitcoin_port'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_port_t;
+	')
+
+	allow $1 bitcoin_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_bitcoin_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send bitcoin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_bitcoin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_bitcoin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_client_packet_t;
+	')
+
+	allow $1 bitcoin_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_bitcoin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send bitcoin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_bitcoin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_bitcoin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_client_packet_t;
+	')
+
+	dontaudit $1 bitcoin_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_bitcoin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive bitcoin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_bitcoin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_bitcoin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_client_packet_t;
+	')
+
+	allow $1 bitcoin_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_bitcoin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive bitcoin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_bitcoin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_bitcoin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_client_packet_t;
+	')
+
+	dontaudit $1 bitcoin_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_bitcoin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive bitcoin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_bitcoin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_bitcoin_client_packets'($*)) dnl
+	
+	corenet_send_bitcoin_client_packets($1)
+	corenet_receive_bitcoin_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_bitcoin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive bitcoin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_bitcoin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_bitcoin_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_bitcoin_client_packets($1)
+	corenet_dontaudit_receive_bitcoin_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_bitcoin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to bitcoin_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_bitcoin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_bitcoin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_client_packet_t;
+	')
+
+	allow $1 bitcoin_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_bitcoin_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send bitcoin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_bitcoin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_bitcoin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_server_packet_t;
+	')
+
+	allow $1 bitcoin_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_bitcoin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send bitcoin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_bitcoin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_bitcoin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_server_packet_t;
+	')
+
+	dontaudit $1 bitcoin_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_bitcoin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive bitcoin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_bitcoin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_bitcoin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_server_packet_t;
+	')
+
+	allow $1 bitcoin_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_bitcoin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive bitcoin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_bitcoin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_bitcoin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_server_packet_t;
+	')
+
+	dontaudit $1 bitcoin_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_bitcoin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive bitcoin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_bitcoin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_bitcoin_server_packets'($*)) dnl
+	
+	corenet_send_bitcoin_server_packets($1)
+	corenet_receive_bitcoin_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_bitcoin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive bitcoin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_bitcoin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_bitcoin_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_bitcoin_server_packets($1)
+	corenet_dontaudit_receive_bitcoin_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_bitcoin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to bitcoin_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_bitcoin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_bitcoin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type bitcoin_server_packet_t;
+	')
+
+	allow $1 bitcoin_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_bitcoin_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_boinc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_boinc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_boinc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_boinc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_boinc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_boinc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_boinc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_boinc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_boinc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_boinc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_boinc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_boinc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_boinc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_boinc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_boinc_port'($*)) dnl
+	
+	gen_require(`
+		type boinc_port_t;
+	')
+
+	allow $1 boinc_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_boinc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_boinc_port'($*)) dnl
+	
+	gen_require(`
+		type boinc_port_t;
+	')
+
+	allow $1 boinc_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_boinc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the boinc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_boinc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_boinc_port'($*)) dnl
+	
+	gen_require(`
+		type boinc_port_t;
+	')
+
+	allow $1 boinc_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_boinc_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send boinc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_boinc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_boinc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_packet_t;
+	')
+
+	allow $1 boinc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_boinc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send boinc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_boinc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_boinc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_packet_t;
+	')
+
+	dontaudit $1 boinc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_boinc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive boinc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_boinc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_boinc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_packet_t;
+	')
+
+	allow $1 boinc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_boinc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive boinc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_boinc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_boinc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_packet_t;
+	')
+
+	dontaudit $1 boinc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_boinc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive boinc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_boinc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_boinc_client_packets'($*)) dnl
+	
+	corenet_send_boinc_client_packets($1)
+	corenet_receive_boinc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_boinc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive boinc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_boinc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_boinc_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_boinc_client_packets($1)
+	corenet_dontaudit_receive_boinc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_boinc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to boinc_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_boinc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_boinc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_packet_t;
+	')
+
+	allow $1 boinc_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_boinc_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send boinc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_boinc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_boinc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_server_packet_t;
+	')
+
+	allow $1 boinc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_boinc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send boinc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_boinc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_boinc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_server_packet_t;
+	')
+
+	dontaudit $1 boinc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_boinc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive boinc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_boinc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_boinc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_server_packet_t;
+	')
+
+	allow $1 boinc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_boinc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive boinc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_boinc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_boinc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_server_packet_t;
+	')
+
+	dontaudit $1 boinc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_boinc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive boinc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_boinc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_boinc_server_packets'($*)) dnl
+	
+	corenet_send_boinc_server_packets($1)
+	corenet_receive_boinc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_boinc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive boinc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_boinc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_boinc_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_boinc_server_packets($1)
+	corenet_dontaudit_receive_boinc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_boinc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to boinc_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_boinc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_boinc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_server_packet_t;
+	')
+
+	allow $1 boinc_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_boinc_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_boinc_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_boinc_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_boinc_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_boinc_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_boinc_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_boinc_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_boinc_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_boinc_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_boinc_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_boinc_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_boinc_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_boinc_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_boinc_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_boinc_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_boinc_client_port'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_port_t;
+	')
+
+	allow $1 boinc_client_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_boinc_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_boinc_client_port'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_port_t;
+	')
+
+	allow $1 boinc_client_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_boinc_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the boinc_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_boinc_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_boinc_client_port'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_port_t;
+	')
+
+	allow $1 boinc_client_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_boinc_client_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send boinc_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_boinc_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_boinc_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_client_packet_t;
+	')
+
+	allow $1 boinc_client_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_boinc_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send boinc_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_boinc_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_boinc_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_client_packet_t;
+	')
+
+	dontaudit $1 boinc_client_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_boinc_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive boinc_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_boinc_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_boinc_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_client_packet_t;
+	')
+
+	allow $1 boinc_client_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_boinc_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive boinc_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_boinc_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_boinc_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_client_packet_t;
+	')
+
+	dontaudit $1 boinc_client_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_boinc_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive boinc_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_boinc_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_boinc_client_client_packets'($*)) dnl
+	
+	corenet_send_boinc_client_client_packets($1)
+	corenet_receive_boinc_client_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_boinc_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive boinc_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_boinc_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_boinc_client_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_boinc_client_client_packets($1)
+	corenet_dontaudit_receive_boinc_client_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_boinc_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to boinc_client_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_boinc_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_boinc_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_client_packet_t;
+	')
+
+	allow $1 boinc_client_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_boinc_client_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send boinc_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_boinc_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_boinc_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_server_packet_t;
+	')
+
+	allow $1 boinc_client_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_boinc_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send boinc_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_boinc_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_boinc_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_server_packet_t;
+	')
+
+	dontaudit $1 boinc_client_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_boinc_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive boinc_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_boinc_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_boinc_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_server_packet_t;
+	')
+
+	allow $1 boinc_client_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_boinc_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive boinc_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_boinc_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_boinc_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_server_packet_t;
+	')
+
+	dontaudit $1 boinc_client_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_boinc_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive boinc_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_boinc_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_boinc_client_server_packets'($*)) dnl
+	
+	corenet_send_boinc_client_server_packets($1)
+	corenet_receive_boinc_client_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_boinc_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive boinc_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_boinc_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_boinc_client_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_boinc_client_server_packets($1)
+	corenet_dontaudit_receive_boinc_client_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_boinc_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to boinc_client_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_boinc_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_boinc_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type boinc_client_server_packet_t;
+	')
+
+	allow $1 boinc_client_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_boinc_client_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_biff_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_biff_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_biff_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_biff_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_biff_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_biff_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_biff_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_biff_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_biff_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_biff_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_biff_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_biff_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_biff_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_biff_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_biff_port'($*)) dnl
+	
+	gen_require(`
+		type biff_port_t;
+	')
+
+	allow $1 biff_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_biff_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_biff_port'($*)) dnl
+	
+	gen_require(`
+		type biff_port_t;
+	')
+
+	allow $1 biff_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_biff_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the biff port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_biff_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_biff_port'($*)) dnl
+	
+	gen_require(`
+		type biff_port_t;
+	')
+
+	allow $1 biff_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_biff_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send biff_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_biff_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_biff_client_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_client_packet_t;
+	')
+
+	allow $1 biff_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_biff_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send biff_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_biff_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_biff_client_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_client_packet_t;
+	')
+
+	dontaudit $1 biff_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_biff_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive biff_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_biff_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_biff_client_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_client_packet_t;
+	')
+
+	allow $1 biff_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_biff_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive biff_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_biff_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_biff_client_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_client_packet_t;
+	')
+
+	dontaudit $1 biff_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_biff_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive biff_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_biff_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_biff_client_packets'($*)) dnl
+	
+	corenet_send_biff_client_packets($1)
+	corenet_receive_biff_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_biff_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive biff_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_biff_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_biff_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_biff_client_packets($1)
+	corenet_dontaudit_receive_biff_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_biff_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to biff_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_biff_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_biff_client_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_client_packet_t;
+	')
+
+	allow $1 biff_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_biff_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send biff_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_biff_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_biff_server_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_server_packet_t;
+	')
+
+	allow $1 biff_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_biff_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send biff_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_biff_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_biff_server_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_server_packet_t;
+	')
+
+	dontaudit $1 biff_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_biff_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive biff_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_biff_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_biff_server_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_server_packet_t;
+	')
+
+	allow $1 biff_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_biff_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive biff_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_biff_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_biff_server_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_server_packet_t;
+	')
+
+	dontaudit $1 biff_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_biff_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive biff_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_biff_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_biff_server_packets'($*)) dnl
+	
+	corenet_send_biff_server_packets($1)
+	corenet_receive_biff_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_biff_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive biff_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_biff_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_biff_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_biff_server_packets($1)
+	corenet_dontaudit_receive_biff_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_biff_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to biff_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_biff_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_biff_server_packets'($*)) dnl
+	
+	gen_require(`
+		type biff_server_packet_t;
+	')
+
+	allow $1 biff_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_biff_server_packets'($*)) dnl
+	')
+
+
+ # no defined portcon
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_certmaster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_certmaster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_certmaster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_certmaster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_certmaster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_certmaster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_certmaster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_certmaster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_certmaster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_certmaster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_certmaster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_certmaster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_certmaster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_certmaster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_certmaster_port'($*)) dnl
+	
+	gen_require(`
+		type certmaster_port_t;
+	')
+
+	allow $1 certmaster_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_certmaster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_certmaster_port'($*)) dnl
+	
+	gen_require(`
+		type certmaster_port_t;
+	')
+
+	allow $1 certmaster_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_certmaster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the certmaster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_certmaster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_certmaster_port'($*)) dnl
+	
+	gen_require(`
+		type certmaster_port_t;
+	')
+
+	allow $1 certmaster_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_certmaster_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send certmaster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_certmaster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_certmaster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_client_packet_t;
+	')
+
+	allow $1 certmaster_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_certmaster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send certmaster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_certmaster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_certmaster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_client_packet_t;
+	')
+
+	dontaudit $1 certmaster_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_certmaster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive certmaster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_certmaster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_certmaster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_client_packet_t;
+	')
+
+	allow $1 certmaster_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_certmaster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive certmaster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_certmaster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_certmaster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_client_packet_t;
+	')
+
+	dontaudit $1 certmaster_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_certmaster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive certmaster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_certmaster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_certmaster_client_packets'($*)) dnl
+	
+	corenet_send_certmaster_client_packets($1)
+	corenet_receive_certmaster_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_certmaster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive certmaster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_certmaster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_certmaster_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_certmaster_client_packets($1)
+	corenet_dontaudit_receive_certmaster_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_certmaster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to certmaster_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_certmaster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_certmaster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_client_packet_t;
+	')
+
+	allow $1 certmaster_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_certmaster_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send certmaster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_certmaster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_certmaster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_server_packet_t;
+	')
+
+	allow $1 certmaster_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_certmaster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send certmaster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_certmaster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_certmaster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_server_packet_t;
+	')
+
+	dontaudit $1 certmaster_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_certmaster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive certmaster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_certmaster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_certmaster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_server_packet_t;
+	')
+
+	allow $1 certmaster_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_certmaster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive certmaster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_certmaster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_certmaster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_server_packet_t;
+	')
+
+	dontaudit $1 certmaster_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_certmaster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive certmaster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_certmaster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_certmaster_server_packets'($*)) dnl
+	
+	corenet_send_certmaster_server_packets($1)
+	corenet_receive_certmaster_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_certmaster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive certmaster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_certmaster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_certmaster_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_certmaster_server_packets($1)
+	corenet_dontaudit_receive_certmaster_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_certmaster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to certmaster_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_certmaster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_certmaster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type certmaster_server_packet_t;
+	')
+
+	allow $1 certmaster_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_certmaster_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_chronyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_chronyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_chronyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_chronyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_chronyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_chronyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_chronyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_chronyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_chronyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_chronyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_chronyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_chronyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_chronyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_chronyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_chronyd_port'($*)) dnl
+	
+	gen_require(`
+		type chronyd_port_t;
+	')
+
+	allow $1 chronyd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_chronyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_chronyd_port'($*)) dnl
+	
+	gen_require(`
+		type chronyd_port_t;
+	')
+
+	allow $1 chronyd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_chronyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the chronyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_chronyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_chronyd_port'($*)) dnl
+	
+	gen_require(`
+		type chronyd_port_t;
+	')
+
+	allow $1 chronyd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_chronyd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send chronyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_chronyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_chronyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_client_packet_t;
+	')
+
+	allow $1 chronyd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_chronyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send chronyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_chronyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_chronyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_client_packet_t;
+	')
+
+	dontaudit $1 chronyd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_chronyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive chronyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_chronyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_chronyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_client_packet_t;
+	')
+
+	allow $1 chronyd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_chronyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive chronyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_chronyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_chronyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_client_packet_t;
+	')
+
+	dontaudit $1 chronyd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_chronyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive chronyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_chronyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_chronyd_client_packets'($*)) dnl
+	
+	corenet_send_chronyd_client_packets($1)
+	corenet_receive_chronyd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_chronyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive chronyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_chronyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_chronyd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_chronyd_client_packets($1)
+	corenet_dontaudit_receive_chronyd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_chronyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to chronyd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_chronyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_chronyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_client_packet_t;
+	')
+
+	allow $1 chronyd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_chronyd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send chronyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_chronyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_chronyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_server_packet_t;
+	')
+
+	allow $1 chronyd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_chronyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send chronyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_chronyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_chronyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_server_packet_t;
+	')
+
+	dontaudit $1 chronyd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_chronyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive chronyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_chronyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_chronyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_server_packet_t;
+	')
+
+	allow $1 chronyd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_chronyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive chronyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_chronyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_chronyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_server_packet_t;
+	')
+
+	dontaudit $1 chronyd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_chronyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive chronyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_chronyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_chronyd_server_packets'($*)) dnl
+	
+	corenet_send_chronyd_server_packets($1)
+	corenet_receive_chronyd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_chronyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive chronyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_chronyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_chronyd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_chronyd_server_packets($1)
+	corenet_dontaudit_receive_chronyd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_chronyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to chronyd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_chronyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_chronyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type chronyd_server_packet_t;
+	')
+
+	allow $1 chronyd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_chronyd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_clamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_clamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_clamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_clamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_clamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_clamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_clamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_clamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_clamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_clamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_clamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_clamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_clamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_clamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_clamd_port'($*)) dnl
+	
+	gen_require(`
+		type clamd_port_t;
+	')
+
+	allow $1 clamd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_clamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_clamd_port'($*)) dnl
+	
+	gen_require(`
+		type clamd_port_t;
+	')
+
+	allow $1 clamd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_clamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the clamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_clamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_clamd_port'($*)) dnl
+	
+	gen_require(`
+		type clamd_port_t;
+	')
+
+	allow $1 clamd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_clamd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send clamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_clamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_clamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_client_packet_t;
+	')
+
+	allow $1 clamd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_clamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send clamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_clamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_clamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_client_packet_t;
+	')
+
+	dontaudit $1 clamd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_clamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive clamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_clamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_clamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_client_packet_t;
+	')
+
+	allow $1 clamd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_clamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive clamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_clamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_clamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_client_packet_t;
+	')
+
+	dontaudit $1 clamd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_clamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive clamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_clamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_clamd_client_packets'($*)) dnl
+	
+	corenet_send_clamd_client_packets($1)
+	corenet_receive_clamd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_clamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive clamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_clamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_clamd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_clamd_client_packets($1)
+	corenet_dontaudit_receive_clamd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_clamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to clamd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_clamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_clamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_client_packet_t;
+	')
+
+	allow $1 clamd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_clamd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send clamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_clamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_clamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_server_packet_t;
+	')
+
+	allow $1 clamd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_clamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send clamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_clamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_clamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_server_packet_t;
+	')
+
+	dontaudit $1 clamd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_clamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive clamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_clamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_clamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_server_packet_t;
+	')
+
+	allow $1 clamd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_clamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive clamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_clamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_clamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_server_packet_t;
+	')
+
+	dontaudit $1 clamd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_clamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive clamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_clamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_clamd_server_packets'($*)) dnl
+	
+	corenet_send_clamd_server_packets($1)
+	corenet_receive_clamd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_clamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive clamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_clamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_clamd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_clamd_server_packets($1)
+	corenet_dontaudit_receive_clamd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_clamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to clamd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_clamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_clamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clamd_server_packet_t;
+	')
+
+	allow $1 clamd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_clamd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_clockspeed_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_clockspeed_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_clockspeed_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_clockspeed_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_clockspeed_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_clockspeed_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_clockspeed_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_clockspeed_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_clockspeed_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_clockspeed_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_clockspeed_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_clockspeed_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_clockspeed_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_clockspeed_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_clockspeed_port'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_port_t;
+	')
+
+	allow $1 clockspeed_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_clockspeed_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_clockspeed_port'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_port_t;
+	')
+
+	allow $1 clockspeed_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_clockspeed_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the clockspeed port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_clockspeed_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_clockspeed_port'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_port_t;
+	')
+
+	allow $1 clockspeed_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_clockspeed_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send clockspeed_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_clockspeed_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_clockspeed_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_client_packet_t;
+	')
+
+	allow $1 clockspeed_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_clockspeed_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send clockspeed_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_clockspeed_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_clockspeed_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_client_packet_t;
+	')
+
+	dontaudit $1 clockspeed_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_clockspeed_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive clockspeed_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_clockspeed_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_clockspeed_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_client_packet_t;
+	')
+
+	allow $1 clockspeed_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_clockspeed_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive clockspeed_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_clockspeed_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_clockspeed_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_client_packet_t;
+	')
+
+	dontaudit $1 clockspeed_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_clockspeed_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive clockspeed_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_clockspeed_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_clockspeed_client_packets'($*)) dnl
+	
+	corenet_send_clockspeed_client_packets($1)
+	corenet_receive_clockspeed_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_clockspeed_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive clockspeed_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_clockspeed_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_clockspeed_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_clockspeed_client_packets($1)
+	corenet_dontaudit_receive_clockspeed_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_clockspeed_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to clockspeed_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_clockspeed_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_clockspeed_client_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_client_packet_t;
+	')
+
+	allow $1 clockspeed_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_clockspeed_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send clockspeed_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_clockspeed_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_clockspeed_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_server_packet_t;
+	')
+
+	allow $1 clockspeed_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_clockspeed_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send clockspeed_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_clockspeed_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_clockspeed_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_server_packet_t;
+	')
+
+	dontaudit $1 clockspeed_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_clockspeed_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive clockspeed_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_clockspeed_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_clockspeed_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_server_packet_t;
+	')
+
+	allow $1 clockspeed_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_clockspeed_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive clockspeed_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_clockspeed_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_clockspeed_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_server_packet_t;
+	')
+
+	dontaudit $1 clockspeed_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_clockspeed_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive clockspeed_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_clockspeed_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_clockspeed_server_packets'($*)) dnl
+	
+	corenet_send_clockspeed_server_packets($1)
+	corenet_receive_clockspeed_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_clockspeed_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive clockspeed_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_clockspeed_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_clockspeed_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_clockspeed_server_packets($1)
+	corenet_dontaudit_receive_clockspeed_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_clockspeed_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to clockspeed_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_clockspeed_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_clockspeed_server_packets'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_server_packet_t;
+	')
+
+	allow $1 clockspeed_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_clockspeed_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_cluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_cluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_cluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_cluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_cluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_cluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_cluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_cluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_cluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_cluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_cluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_cluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_cluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_cluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_cluster_port'($*)) dnl
+	
+	gen_require(`
+		type cluster_port_t;
+	')
+
+	allow $1 cluster_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_cluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_cluster_port'($*)) dnl
+	
+	gen_require(`
+		type cluster_port_t;
+	')
+
+	allow $1 cluster_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_cluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the cluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_cluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_cluster_port'($*)) dnl
+	
+	gen_require(`
+		type cluster_port_t;
+	')
+
+	allow $1 cluster_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_cluster_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_client_packet_t;
+	')
+
+	allow $1 cluster_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_client_packet_t;
+	')
+
+	dontaudit $1 cluster_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_client_packet_t;
+	')
+
+	allow $1 cluster_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_client_packet_t;
+	')
+
+	dontaudit $1 cluster_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cluster_client_packets'($*)) dnl
+	
+	corenet_send_cluster_client_packets($1)
+	corenet_receive_cluster_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cluster_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cluster_client_packets($1)
+	corenet_dontaudit_receive_cluster_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cluster_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_client_packet_t;
+	')
+
+	allow $1 cluster_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cluster_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_server_packet_t;
+	')
+
+	allow $1 cluster_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_server_packet_t;
+	')
+
+	dontaudit $1 cluster_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_server_packet_t;
+	')
+
+	allow $1 cluster_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_server_packet_t;
+	')
+
+	dontaudit $1 cluster_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cluster_server_packets'($*)) dnl
+	
+	corenet_send_cluster_server_packets($1)
+	corenet_receive_cluster_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cluster_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cluster_server_packets($1)
+	corenet_dontaudit_receive_cluster_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cluster_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cluster_server_packet_t;
+	')
+
+	allow $1 cluster_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cluster_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_cma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_cma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_cma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_cma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_cma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_cma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_cma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_cma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_cma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_cma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_cma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_cma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_cma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_cma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_cma_port'($*)) dnl
+	
+	gen_require(`
+		type cma_port_t;
+	')
+
+	allow $1 cma_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_cma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_cma_port'($*)) dnl
+	
+	gen_require(`
+		type cma_port_t;
+	')
+
+	allow $1 cma_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_cma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the cma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_cma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_cma_port'($*)) dnl
+	
+	gen_require(`
+		type cma_port_t;
+	')
+
+	allow $1 cma_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_cma_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_client_packet_t;
+	')
+
+	allow $1 cma_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_client_packet_t;
+	')
+
+	dontaudit $1 cma_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_client_packet_t;
+	')
+
+	allow $1 cma_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_client_packet_t;
+	')
+
+	dontaudit $1 cma_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cma_client_packets'($*)) dnl
+	
+	corenet_send_cma_client_packets($1)
+	corenet_receive_cma_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cma_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cma_client_packets($1)
+	corenet_dontaudit_receive_cma_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cma_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_client_packet_t;
+	')
+
+	allow $1 cma_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cma_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_server_packet_t;
+	')
+
+	allow $1 cma_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_server_packet_t;
+	')
+
+	dontaudit $1 cma_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_server_packet_t;
+	')
+
+	allow $1 cma_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_server_packet_t;
+	')
+
+	dontaudit $1 cma_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cma_server_packets'($*)) dnl
+	
+	corenet_send_cma_server_packets($1)
+	corenet_receive_cma_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cma_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cma_server_packets($1)
+	corenet_dontaudit_receive_cma_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cma_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cma_server_packet_t;
+	')
+
+	allow $1 cma_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cma_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_cobbler_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_cobbler_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_cobbler_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_cobbler_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_cobbler_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_cobbler_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_cobbler_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_cobbler_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_cobbler_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_cobbler_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_cobbler_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_cobbler_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_cobbler_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_cobbler_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_cobbler_port'($*)) dnl
+	
+	gen_require(`
+		type cobbler_port_t;
+	')
+
+	allow $1 cobbler_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_cobbler_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_cobbler_port'($*)) dnl
+	
+	gen_require(`
+		type cobbler_port_t;
+	')
+
+	allow $1 cobbler_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_cobbler_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the cobbler port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_cobbler_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_cobbler_port'($*)) dnl
+	
+	gen_require(`
+		type cobbler_port_t;
+	')
+
+	allow $1 cobbler_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_cobbler_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cobbler_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cobbler_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cobbler_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_client_packet_t;
+	')
+
+	allow $1 cobbler_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cobbler_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cobbler_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cobbler_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cobbler_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_client_packet_t;
+	')
+
+	dontaudit $1 cobbler_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cobbler_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cobbler_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cobbler_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cobbler_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_client_packet_t;
+	')
+
+	allow $1 cobbler_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cobbler_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cobbler_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cobbler_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cobbler_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_client_packet_t;
+	')
+
+	dontaudit $1 cobbler_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cobbler_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cobbler_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cobbler_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cobbler_client_packets'($*)) dnl
+	
+	corenet_send_cobbler_client_packets($1)
+	corenet_receive_cobbler_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cobbler_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cobbler_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cobbler_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cobbler_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cobbler_client_packets($1)
+	corenet_dontaudit_receive_cobbler_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cobbler_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cobbler_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cobbler_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cobbler_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_client_packet_t;
+	')
+
+	allow $1 cobbler_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cobbler_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cobbler_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cobbler_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cobbler_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_server_packet_t;
+	')
+
+	allow $1 cobbler_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cobbler_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cobbler_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cobbler_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cobbler_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_server_packet_t;
+	')
+
+	dontaudit $1 cobbler_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cobbler_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cobbler_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cobbler_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cobbler_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_server_packet_t;
+	')
+
+	allow $1 cobbler_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cobbler_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cobbler_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cobbler_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cobbler_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_server_packet_t;
+	')
+
+	dontaudit $1 cobbler_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cobbler_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cobbler_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cobbler_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cobbler_server_packets'($*)) dnl
+	
+	corenet_send_cobbler_server_packets($1)
+	corenet_receive_cobbler_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cobbler_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cobbler_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cobbler_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cobbler_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cobbler_server_packets($1)
+	corenet_dontaudit_receive_cobbler_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cobbler_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cobbler_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cobbler_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cobbler_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cobbler_server_packet_t;
+	')
+
+	allow $1 cobbler_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cobbler_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_commplex_link_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_commplex_link_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_commplex_link_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_commplex_link_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_commplex_link_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_commplex_link_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_commplex_link_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_commplex_link_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_commplex_link_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_commplex_link_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_commplex_link_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_commplex_link_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_commplex_link_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_commplex_link_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_commplex_link_port'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_port_t;
+	')
+
+	allow $1 commplex_link_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_commplex_link_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_commplex_link_port'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_port_t;
+	')
+
+	allow $1 commplex_link_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_commplex_link_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the commplex_link port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_commplex_link_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_commplex_link_port'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_port_t;
+	')
+
+	allow $1 commplex_link_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_commplex_link_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send commplex_link_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_commplex_link_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_commplex_link_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_client_packet_t;
+	')
+
+	allow $1 commplex_link_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_commplex_link_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send commplex_link_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_commplex_link_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_commplex_link_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_client_packet_t;
+	')
+
+	dontaudit $1 commplex_link_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_commplex_link_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive commplex_link_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_commplex_link_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_commplex_link_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_client_packet_t;
+	')
+
+	allow $1 commplex_link_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_commplex_link_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive commplex_link_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_commplex_link_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_commplex_link_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_client_packet_t;
+	')
+
+	dontaudit $1 commplex_link_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_commplex_link_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive commplex_link_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_commplex_link_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_commplex_link_client_packets'($*)) dnl
+	
+	corenet_send_commplex_link_client_packets($1)
+	corenet_receive_commplex_link_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_commplex_link_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive commplex_link_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_commplex_link_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_commplex_link_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_commplex_link_client_packets($1)
+	corenet_dontaudit_receive_commplex_link_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_commplex_link_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to commplex_link_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_commplex_link_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_commplex_link_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_client_packet_t;
+	')
+
+	allow $1 commplex_link_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_commplex_link_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send commplex_link_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_commplex_link_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_commplex_link_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_server_packet_t;
+	')
+
+	allow $1 commplex_link_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_commplex_link_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send commplex_link_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_commplex_link_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_commplex_link_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_server_packet_t;
+	')
+
+	dontaudit $1 commplex_link_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_commplex_link_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive commplex_link_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_commplex_link_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_commplex_link_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_server_packet_t;
+	')
+
+	allow $1 commplex_link_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_commplex_link_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive commplex_link_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_commplex_link_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_commplex_link_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_server_packet_t;
+	')
+
+	dontaudit $1 commplex_link_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_commplex_link_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive commplex_link_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_commplex_link_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_commplex_link_server_packets'($*)) dnl
+	
+	corenet_send_commplex_link_server_packets($1)
+	corenet_receive_commplex_link_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_commplex_link_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive commplex_link_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_commplex_link_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_commplex_link_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_commplex_link_server_packets($1)
+	corenet_dontaudit_receive_commplex_link_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_commplex_link_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to commplex_link_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_commplex_link_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_commplex_link_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_link_server_packet_t;
+	')
+
+	allow $1 commplex_link_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_commplex_link_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_commplex_main_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_commplex_main_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_commplex_main_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_commplex_main_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_commplex_main_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_commplex_main_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_commplex_main_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_commplex_main_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_commplex_main_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_commplex_main_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_commplex_main_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_commplex_main_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_commplex_main_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_commplex_main_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_commplex_main_port'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_port_t;
+	')
+
+	allow $1 commplex_main_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_commplex_main_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_commplex_main_port'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_port_t;
+	')
+
+	allow $1 commplex_main_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_commplex_main_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the commplex_main port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_commplex_main_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_commplex_main_port'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_port_t;
+	')
+
+	allow $1 commplex_main_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_commplex_main_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send commplex_main_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_commplex_main_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_commplex_main_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_client_packet_t;
+	')
+
+	allow $1 commplex_main_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_commplex_main_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send commplex_main_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_commplex_main_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_commplex_main_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_client_packet_t;
+	')
+
+	dontaudit $1 commplex_main_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_commplex_main_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive commplex_main_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_commplex_main_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_commplex_main_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_client_packet_t;
+	')
+
+	allow $1 commplex_main_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_commplex_main_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive commplex_main_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_commplex_main_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_commplex_main_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_client_packet_t;
+	')
+
+	dontaudit $1 commplex_main_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_commplex_main_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive commplex_main_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_commplex_main_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_commplex_main_client_packets'($*)) dnl
+	
+	corenet_send_commplex_main_client_packets($1)
+	corenet_receive_commplex_main_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_commplex_main_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive commplex_main_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_commplex_main_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_commplex_main_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_commplex_main_client_packets($1)
+	corenet_dontaudit_receive_commplex_main_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_commplex_main_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to commplex_main_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_commplex_main_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_commplex_main_client_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_client_packet_t;
+	')
+
+	allow $1 commplex_main_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_commplex_main_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send commplex_main_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_commplex_main_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_commplex_main_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_server_packet_t;
+	')
+
+	allow $1 commplex_main_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_commplex_main_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send commplex_main_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_commplex_main_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_commplex_main_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_server_packet_t;
+	')
+
+	dontaudit $1 commplex_main_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_commplex_main_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive commplex_main_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_commplex_main_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_commplex_main_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_server_packet_t;
+	')
+
+	allow $1 commplex_main_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_commplex_main_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive commplex_main_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_commplex_main_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_commplex_main_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_server_packet_t;
+	')
+
+	dontaudit $1 commplex_main_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_commplex_main_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive commplex_main_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_commplex_main_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_commplex_main_server_packets'($*)) dnl
+	
+	corenet_send_commplex_main_server_packets($1)
+	corenet_receive_commplex_main_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_commplex_main_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive commplex_main_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_commplex_main_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_commplex_main_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_commplex_main_server_packets($1)
+	corenet_dontaudit_receive_commplex_main_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_commplex_main_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to commplex_main_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_commplex_main_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_commplex_main_server_packets'($*)) dnl
+	
+	gen_require(`
+		type commplex_main_server_packet_t;
+	')
+
+	allow $1 commplex_main_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_commplex_main_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_comsat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_comsat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_comsat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_comsat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_comsat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_comsat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_comsat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_comsat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_comsat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_comsat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_comsat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_comsat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_comsat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_comsat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_comsat_port'($*)) dnl
+	
+	gen_require(`
+		type comsat_port_t;
+	')
+
+	allow $1 comsat_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_comsat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_comsat_port'($*)) dnl
+	
+	gen_require(`
+		type comsat_port_t;
+	')
+
+	allow $1 comsat_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_comsat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the comsat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_comsat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_comsat_port'($*)) dnl
+	
+	gen_require(`
+		type comsat_port_t;
+	')
+
+	allow $1 comsat_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_comsat_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send comsat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_comsat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_comsat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_client_packet_t;
+	')
+
+	allow $1 comsat_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_comsat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send comsat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_comsat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_comsat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_client_packet_t;
+	')
+
+	dontaudit $1 comsat_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_comsat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive comsat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_comsat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_comsat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_client_packet_t;
+	')
+
+	allow $1 comsat_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_comsat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive comsat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_comsat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_comsat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_client_packet_t;
+	')
+
+	dontaudit $1 comsat_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_comsat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive comsat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_comsat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_comsat_client_packets'($*)) dnl
+	
+	corenet_send_comsat_client_packets($1)
+	corenet_receive_comsat_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_comsat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive comsat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_comsat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_comsat_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_comsat_client_packets($1)
+	corenet_dontaudit_receive_comsat_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_comsat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to comsat_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_comsat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_comsat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_client_packet_t;
+	')
+
+	allow $1 comsat_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_comsat_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send comsat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_comsat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_comsat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_server_packet_t;
+	')
+
+	allow $1 comsat_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_comsat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send comsat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_comsat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_comsat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_server_packet_t;
+	')
+
+	dontaudit $1 comsat_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_comsat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive comsat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_comsat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_comsat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_server_packet_t;
+	')
+
+	allow $1 comsat_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_comsat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive comsat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_comsat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_comsat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_server_packet_t;
+	')
+
+	dontaudit $1 comsat_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_comsat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive comsat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_comsat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_comsat_server_packets'($*)) dnl
+	
+	corenet_send_comsat_server_packets($1)
+	corenet_receive_comsat_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_comsat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive comsat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_comsat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_comsat_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_comsat_server_packets($1)
+	corenet_dontaudit_receive_comsat_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_comsat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to comsat_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_comsat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_comsat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type comsat_server_packet_t;
+	')
+
+	allow $1 comsat_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_comsat_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_condor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_condor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_condor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_condor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_condor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_condor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_condor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_condor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_condor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_condor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_condor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_condor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_condor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_condor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_condor_port'($*)) dnl
+	
+	gen_require(`
+		type condor_port_t;
+	')
+
+	allow $1 condor_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_condor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_condor_port'($*)) dnl
+	
+	gen_require(`
+		type condor_port_t;
+	')
+
+	allow $1 condor_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_condor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the condor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_condor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_condor_port'($*)) dnl
+	
+	gen_require(`
+		type condor_port_t;
+	')
+
+	allow $1 condor_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_condor_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send condor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_condor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_condor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_client_packet_t;
+	')
+
+	allow $1 condor_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_condor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send condor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_condor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_condor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_client_packet_t;
+	')
+
+	dontaudit $1 condor_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_condor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive condor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_condor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_condor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_client_packet_t;
+	')
+
+	allow $1 condor_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_condor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive condor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_condor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_condor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_client_packet_t;
+	')
+
+	dontaudit $1 condor_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_condor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive condor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_condor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_condor_client_packets'($*)) dnl
+	
+	corenet_send_condor_client_packets($1)
+	corenet_receive_condor_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_condor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive condor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_condor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_condor_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_condor_client_packets($1)
+	corenet_dontaudit_receive_condor_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_condor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to condor_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_condor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_condor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_client_packet_t;
+	')
+
+	allow $1 condor_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_condor_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send condor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_condor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_condor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_server_packet_t;
+	')
+
+	allow $1 condor_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_condor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send condor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_condor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_condor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_server_packet_t;
+	')
+
+	dontaudit $1 condor_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_condor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive condor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_condor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_condor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_server_packet_t;
+	')
+
+	allow $1 condor_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_condor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive condor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_condor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_condor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_server_packet_t;
+	')
+
+	dontaudit $1 condor_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_condor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive condor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_condor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_condor_server_packets'($*)) dnl
+	
+	corenet_send_condor_server_packets($1)
+	corenet_receive_condor_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_condor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive condor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_condor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_condor_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_condor_server_packets($1)
+	corenet_dontaudit_receive_condor_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_condor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to condor_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_condor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_condor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type condor_server_packet_t;
+	')
+
+	allow $1 condor_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_condor_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_couchdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_couchdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_couchdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_couchdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_couchdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_couchdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_couchdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_couchdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_couchdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_couchdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_couchdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_couchdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_couchdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_couchdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_couchdb_port'($*)) dnl
+	
+	gen_require(`
+		type couchdb_port_t;
+	')
+
+	allow $1 couchdb_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_couchdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_couchdb_port'($*)) dnl
+	
+	gen_require(`
+		type couchdb_port_t;
+	')
+
+	allow $1 couchdb_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_couchdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the couchdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_couchdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_couchdb_port'($*)) dnl
+	
+	gen_require(`
+		type couchdb_port_t;
+	')
+
+	allow $1 couchdb_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_couchdb_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send couchdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_couchdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_couchdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_client_packet_t;
+	')
+
+	allow $1 couchdb_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_couchdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send couchdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_couchdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_couchdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_client_packet_t;
+	')
+
+	dontaudit $1 couchdb_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_couchdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive couchdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_couchdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_couchdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_client_packet_t;
+	')
+
+	allow $1 couchdb_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_couchdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive couchdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_couchdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_couchdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_client_packet_t;
+	')
+
+	dontaudit $1 couchdb_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_couchdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive couchdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_couchdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_couchdb_client_packets'($*)) dnl
+	
+	corenet_send_couchdb_client_packets($1)
+	corenet_receive_couchdb_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_couchdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive couchdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_couchdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_couchdb_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_couchdb_client_packets($1)
+	corenet_dontaudit_receive_couchdb_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_couchdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to couchdb_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_couchdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_couchdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_client_packet_t;
+	')
+
+	allow $1 couchdb_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_couchdb_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send couchdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_couchdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_couchdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_server_packet_t;
+	')
+
+	allow $1 couchdb_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_couchdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send couchdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_couchdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_couchdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_server_packet_t;
+	')
+
+	dontaudit $1 couchdb_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_couchdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive couchdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_couchdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_couchdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_server_packet_t;
+	')
+
+	allow $1 couchdb_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_couchdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive couchdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_couchdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_couchdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_server_packet_t;
+	')
+
+	dontaudit $1 couchdb_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_couchdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive couchdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_couchdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_couchdb_server_packets'($*)) dnl
+	
+	corenet_send_couchdb_server_packets($1)
+	corenet_receive_couchdb_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_couchdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive couchdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_couchdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_couchdb_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_couchdb_server_packets($1)
+	corenet_dontaudit_receive_couchdb_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_couchdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to couchdb_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_couchdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_couchdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type couchdb_server_packet_t;
+	')
+
+	allow $1 couchdb_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_couchdb_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_cslistener_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_cslistener_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_cslistener_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_cslistener_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_cslistener_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_cslistener_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_cslistener_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_cslistener_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_cslistener_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_cslistener_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_cslistener_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_cslistener_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_cslistener_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_cslistener_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_cslistener_port'($*)) dnl
+	
+	gen_require(`
+		type cslistener_port_t;
+	')
+
+	allow $1 cslistener_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_cslistener_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_cslistener_port'($*)) dnl
+	
+	gen_require(`
+		type cslistener_port_t;
+	')
+
+	allow $1 cslistener_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_cslistener_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the cslistener port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_cslistener_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_cslistener_port'($*)) dnl
+	
+	gen_require(`
+		type cslistener_port_t;
+	')
+
+	allow $1 cslistener_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_cslistener_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cslistener_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cslistener_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cslistener_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_client_packet_t;
+	')
+
+	allow $1 cslistener_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cslistener_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cslistener_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cslistener_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cslistener_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_client_packet_t;
+	')
+
+	dontaudit $1 cslistener_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cslistener_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cslistener_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cslistener_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cslistener_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_client_packet_t;
+	')
+
+	allow $1 cslistener_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cslistener_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cslistener_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cslistener_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cslistener_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_client_packet_t;
+	')
+
+	dontaudit $1 cslistener_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cslistener_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cslistener_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cslistener_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cslistener_client_packets'($*)) dnl
+	
+	corenet_send_cslistener_client_packets($1)
+	corenet_receive_cslistener_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cslistener_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cslistener_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cslistener_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cslistener_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cslistener_client_packets($1)
+	corenet_dontaudit_receive_cslistener_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cslistener_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cslistener_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cslistener_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cslistener_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_client_packet_t;
+	')
+
+	allow $1 cslistener_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cslistener_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cslistener_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cslistener_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cslistener_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_server_packet_t;
+	')
+
+	allow $1 cslistener_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cslistener_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cslistener_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cslistener_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cslistener_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_server_packet_t;
+	')
+
+	dontaudit $1 cslistener_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cslistener_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cslistener_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cslistener_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cslistener_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_server_packet_t;
+	')
+
+	allow $1 cslistener_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cslistener_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cslistener_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cslistener_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cslistener_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_server_packet_t;
+	')
+
+	dontaudit $1 cslistener_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cslistener_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cslistener_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cslistener_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cslistener_server_packets'($*)) dnl
+	
+	corenet_send_cslistener_server_packets($1)
+	corenet_receive_cslistener_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cslistener_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cslistener_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cslistener_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cslistener_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cslistener_server_packets($1)
+	corenet_dontaudit_receive_cslistener_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cslistener_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cslistener_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cslistener_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cslistener_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cslistener_server_packet_t;
+	')
+
+	allow $1 cslistener_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cslistener_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ctdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ctdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ctdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ctdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ctdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ctdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ctdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ctdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ctdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ctdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ctdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ctdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ctdb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ctdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ctdb_port'($*)) dnl
+	
+	gen_require(`
+		type ctdb_port_t;
+	')
+
+	allow $1 ctdb_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ctdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ctdb_port'($*)) dnl
+	
+	gen_require(`
+		type ctdb_port_t;
+	')
+
+	allow $1 ctdb_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ctdb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ctdb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ctdb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ctdb_port'($*)) dnl
+	
+	gen_require(`
+		type ctdb_port_t;
+	')
+
+	allow $1 ctdb_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ctdb_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ctdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ctdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ctdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_client_packet_t;
+	')
+
+	allow $1 ctdb_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ctdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ctdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ctdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ctdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_client_packet_t;
+	')
+
+	dontaudit $1 ctdb_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ctdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ctdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ctdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ctdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_client_packet_t;
+	')
+
+	allow $1 ctdb_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ctdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ctdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ctdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ctdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_client_packet_t;
+	')
+
+	dontaudit $1 ctdb_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ctdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ctdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ctdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ctdb_client_packets'($*)) dnl
+	
+	corenet_send_ctdb_client_packets($1)
+	corenet_receive_ctdb_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ctdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ctdb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ctdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ctdb_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ctdb_client_packets($1)
+	corenet_dontaudit_receive_ctdb_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ctdb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ctdb_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ctdb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ctdb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_client_packet_t;
+	')
+
+	allow $1 ctdb_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ctdb_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ctdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ctdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ctdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_server_packet_t;
+	')
+
+	allow $1 ctdb_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ctdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ctdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ctdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ctdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_server_packet_t;
+	')
+
+	dontaudit $1 ctdb_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ctdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ctdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ctdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ctdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_server_packet_t;
+	')
+
+	allow $1 ctdb_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ctdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ctdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ctdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ctdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_server_packet_t;
+	')
+
+	dontaudit $1 ctdb_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ctdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ctdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ctdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ctdb_server_packets'($*)) dnl
+	
+	corenet_send_ctdb_server_packets($1)
+	corenet_receive_ctdb_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ctdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ctdb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ctdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ctdb_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ctdb_server_packets($1)
+	corenet_dontaudit_receive_ctdb_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ctdb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ctdb_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ctdb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ctdb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ctdb_server_packet_t;
+	')
+
+	allow $1 ctdb_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ctdb_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_cvs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_cvs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_cvs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_cvs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_cvs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_cvs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_cvs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_cvs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_cvs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_cvs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_cvs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_cvs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_cvs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_cvs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_cvs_port'($*)) dnl
+	
+	gen_require(`
+		type cvs_port_t;
+	')
+
+	allow $1 cvs_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_cvs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_cvs_port'($*)) dnl
+	
+	gen_require(`
+		type cvs_port_t;
+	')
+
+	allow $1 cvs_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_cvs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the cvs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_cvs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_cvs_port'($*)) dnl
+	
+	gen_require(`
+		type cvs_port_t;
+	')
+
+	allow $1 cvs_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_cvs_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cvs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cvs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cvs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_client_packet_t;
+	')
+
+	allow $1 cvs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cvs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cvs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cvs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cvs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_client_packet_t;
+	')
+
+	dontaudit $1 cvs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cvs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cvs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cvs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cvs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_client_packet_t;
+	')
+
+	allow $1 cvs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cvs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cvs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cvs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cvs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_client_packet_t;
+	')
+
+	dontaudit $1 cvs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cvs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cvs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cvs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cvs_client_packets'($*)) dnl
+	
+	corenet_send_cvs_client_packets($1)
+	corenet_receive_cvs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cvs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cvs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cvs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cvs_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cvs_client_packets($1)
+	corenet_dontaudit_receive_cvs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cvs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cvs_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cvs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cvs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_client_packet_t;
+	')
+
+	allow $1 cvs_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cvs_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cvs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cvs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cvs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_server_packet_t;
+	')
+
+	allow $1 cvs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cvs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cvs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cvs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cvs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_server_packet_t;
+	')
+
+	dontaudit $1 cvs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cvs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cvs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cvs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cvs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_server_packet_t;
+	')
+
+	allow $1 cvs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cvs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cvs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cvs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cvs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_server_packet_t;
+	')
+
+	dontaudit $1 cvs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cvs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cvs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cvs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cvs_server_packets'($*)) dnl
+	
+	corenet_send_cvs_server_packets($1)
+	corenet_receive_cvs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cvs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cvs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cvs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cvs_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cvs_server_packets($1)
+	corenet_dontaudit_receive_cvs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cvs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cvs_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cvs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cvs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cvs_server_packet_t;
+	')
+
+	allow $1 cvs_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cvs_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_cyphesis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_cyphesis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_cyphesis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_cyphesis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_cyphesis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_cyphesis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_cyphesis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_cyphesis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_cyphesis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_cyphesis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_cyphesis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_cyphesis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_cyphesis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_cyphesis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_cyphesis_port'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_port_t;
+	')
+
+	allow $1 cyphesis_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_cyphesis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_cyphesis_port'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_port_t;
+	')
+
+	allow $1 cyphesis_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_cyphesis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the cyphesis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_cyphesis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_cyphesis_port'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_port_t;
+	')
+
+	allow $1 cyphesis_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_cyphesis_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cyphesis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cyphesis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cyphesis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_client_packet_t;
+	')
+
+	allow $1 cyphesis_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cyphesis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cyphesis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cyphesis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cyphesis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_client_packet_t;
+	')
+
+	dontaudit $1 cyphesis_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cyphesis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cyphesis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cyphesis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cyphesis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_client_packet_t;
+	')
+
+	allow $1 cyphesis_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cyphesis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cyphesis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cyphesis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cyphesis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_client_packet_t;
+	')
+
+	dontaudit $1 cyphesis_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cyphesis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cyphesis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cyphesis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cyphesis_client_packets'($*)) dnl
+	
+	corenet_send_cyphesis_client_packets($1)
+	corenet_receive_cyphesis_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cyphesis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cyphesis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cyphesis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cyphesis_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cyphesis_client_packets($1)
+	corenet_dontaudit_receive_cyphesis_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cyphesis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cyphesis_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cyphesis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cyphesis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_client_packet_t;
+	')
+
+	allow $1 cyphesis_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cyphesis_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send cyphesis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_cyphesis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_cyphesis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_server_packet_t;
+	')
+
+	allow $1 cyphesis_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_cyphesis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send cyphesis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_cyphesis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_cyphesis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_server_packet_t;
+	')
+
+	dontaudit $1 cyphesis_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_cyphesis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive cyphesis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_cyphesis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_cyphesis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_server_packet_t;
+	')
+
+	allow $1 cyphesis_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_cyphesis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive cyphesis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_cyphesis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_cyphesis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_server_packet_t;
+	')
+
+	dontaudit $1 cyphesis_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_cyphesis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive cyphesis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_cyphesis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_cyphesis_server_packets'($*)) dnl
+	
+	corenet_send_cyphesis_server_packets($1)
+	corenet_receive_cyphesis_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_cyphesis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive cyphesis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_cyphesis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_cyphesis_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_cyphesis_server_packets($1)
+	corenet_dontaudit_receive_cyphesis_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_cyphesis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to cyphesis_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_cyphesis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_cyphesis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_server_packet_t;
+	')
+
+	allow $1 cyphesis_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_cyphesis_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_daap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_daap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_daap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_daap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_daap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_daap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_daap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_daap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_daap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_daap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_daap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_daap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_daap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_daap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_daap_port'($*)) dnl
+	
+	gen_require(`
+		type daap_port_t;
+	')
+
+	allow $1 daap_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_daap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_daap_port'($*)) dnl
+	
+	gen_require(`
+		type daap_port_t;
+	')
+
+	allow $1 daap_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_daap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the daap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_daap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_daap_port'($*)) dnl
+	
+	gen_require(`
+		type daap_port_t;
+	')
+
+	allow $1 daap_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_daap_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send daap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_daap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_daap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_client_packet_t;
+	')
+
+	allow $1 daap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_daap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send daap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_daap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_daap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_client_packet_t;
+	')
+
+	dontaudit $1 daap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_daap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive daap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_daap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_daap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_client_packet_t;
+	')
+
+	allow $1 daap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_daap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive daap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_daap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_daap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_client_packet_t;
+	')
+
+	dontaudit $1 daap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_daap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive daap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_daap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_daap_client_packets'($*)) dnl
+	
+	corenet_send_daap_client_packets($1)
+	corenet_receive_daap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_daap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive daap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_daap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_daap_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_daap_client_packets($1)
+	corenet_dontaudit_receive_daap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_daap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to daap_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_daap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_daap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_client_packet_t;
+	')
+
+	allow $1 daap_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_daap_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send daap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_daap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_daap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_server_packet_t;
+	')
+
+	allow $1 daap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_daap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send daap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_daap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_daap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_server_packet_t;
+	')
+
+	dontaudit $1 daap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_daap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive daap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_daap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_daap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_server_packet_t;
+	')
+
+	allow $1 daap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_daap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive daap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_daap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_daap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_server_packet_t;
+	')
+
+	dontaudit $1 daap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_daap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive daap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_daap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_daap_server_packets'($*)) dnl
+	
+	corenet_send_daap_server_packets($1)
+	corenet_receive_daap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_daap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive daap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_daap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_daap_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_daap_server_packets($1)
+	corenet_dontaudit_receive_daap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_daap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to daap_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_daap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_daap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type daap_server_packet_t;
+	')
+
+	allow $1 daap_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_daap_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_dbskkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_dbskkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_dbskkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_dbskkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_dbskkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_dbskkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_dbskkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_dbskkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_dbskkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_dbskkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_dbskkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_dbskkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_dbskkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_dbskkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_dbskkd_port'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_port_t;
+	')
+
+	allow $1 dbskkd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_dbskkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_dbskkd_port'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_port_t;
+	')
+
+	allow $1 dbskkd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_dbskkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the dbskkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_dbskkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_dbskkd_port'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_port_t;
+	')
+
+	allow $1 dbskkd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_dbskkd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dbskkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dbskkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dbskkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_client_packet_t;
+	')
+
+	allow $1 dbskkd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dbskkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dbskkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dbskkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dbskkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_client_packet_t;
+	')
+
+	dontaudit $1 dbskkd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dbskkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dbskkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dbskkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dbskkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_client_packet_t;
+	')
+
+	allow $1 dbskkd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dbskkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dbskkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dbskkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dbskkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_client_packet_t;
+	')
+
+	dontaudit $1 dbskkd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dbskkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dbskkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dbskkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dbskkd_client_packets'($*)) dnl
+	
+	corenet_send_dbskkd_client_packets($1)
+	corenet_receive_dbskkd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dbskkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dbskkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dbskkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dbskkd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dbskkd_client_packets($1)
+	corenet_dontaudit_receive_dbskkd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dbskkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dbskkd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dbskkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dbskkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_client_packet_t;
+	')
+
+	allow $1 dbskkd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dbskkd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dbskkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dbskkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dbskkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_server_packet_t;
+	')
+
+	allow $1 dbskkd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dbskkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dbskkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dbskkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dbskkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_server_packet_t;
+	')
+
+	dontaudit $1 dbskkd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dbskkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dbskkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dbskkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dbskkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_server_packet_t;
+	')
+
+	allow $1 dbskkd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dbskkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dbskkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dbskkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dbskkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_server_packet_t;
+	')
+
+	dontaudit $1 dbskkd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dbskkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dbskkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dbskkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dbskkd_server_packets'($*)) dnl
+	
+	corenet_send_dbskkd_server_packets($1)
+	corenet_receive_dbskkd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dbskkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dbskkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dbskkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dbskkd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dbskkd_server_packets($1)
+	corenet_dontaudit_receive_dbskkd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dbskkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dbskkd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dbskkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dbskkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dbskkd_server_packet_t;
+	')
+
+	allow $1 dbskkd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dbskkd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_dcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_dcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_dcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_dcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_dcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_dcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_dcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_dcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_dcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_dcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_dcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_dcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_dcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_dcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_dcc_port'($*)) dnl
+	
+	gen_require(`
+		type dcc_port_t;
+	')
+
+	allow $1 dcc_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_dcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_dcc_port'($*)) dnl
+	
+	gen_require(`
+		type dcc_port_t;
+	')
+
+	allow $1 dcc_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_dcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the dcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_dcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_dcc_port'($*)) dnl
+	
+	gen_require(`
+		type dcc_port_t;
+	')
+
+	allow $1 dcc_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_dcc_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_client_packet_t;
+	')
+
+	allow $1 dcc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_client_packet_t;
+	')
+
+	dontaudit $1 dcc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_client_packet_t;
+	')
+
+	allow $1 dcc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_client_packet_t;
+	')
+
+	dontaudit $1 dcc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dcc_client_packets'($*)) dnl
+	
+	corenet_send_dcc_client_packets($1)
+	corenet_receive_dcc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dcc_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dcc_client_packets($1)
+	corenet_dontaudit_receive_dcc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dcc_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_client_packet_t;
+	')
+
+	allow $1 dcc_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dcc_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_server_packet_t;
+	')
+
+	allow $1 dcc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_server_packet_t;
+	')
+
+	dontaudit $1 dcc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_server_packet_t;
+	')
+
+	allow $1 dcc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_server_packet_t;
+	')
+
+	dontaudit $1 dcc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dcc_server_packets'($*)) dnl
+	
+	corenet_send_dcc_server_packets($1)
+	corenet_receive_dcc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dcc_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dcc_server_packets($1)
+	corenet_dontaudit_receive_dcc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dcc_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dcc_server_packet_t;
+	')
+
+	allow $1 dcc_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dcc_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_dccm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_dccm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_dccm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_dccm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_dccm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_dccm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_dccm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_dccm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_dccm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_dccm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_dccm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_dccm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_dccm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_dccm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_dccm_port'($*)) dnl
+	
+	gen_require(`
+		type dccm_port_t;
+	')
+
+	allow $1 dccm_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_dccm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_dccm_port'($*)) dnl
+	
+	gen_require(`
+		type dccm_port_t;
+	')
+
+	allow $1 dccm_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_dccm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the dccm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_dccm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_dccm_port'($*)) dnl
+	
+	gen_require(`
+		type dccm_port_t;
+	')
+
+	allow $1 dccm_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_dccm_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dccm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dccm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dccm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_client_packet_t;
+	')
+
+	allow $1 dccm_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dccm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dccm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dccm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dccm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_client_packet_t;
+	')
+
+	dontaudit $1 dccm_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dccm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dccm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dccm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dccm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_client_packet_t;
+	')
+
+	allow $1 dccm_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dccm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dccm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dccm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dccm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_client_packet_t;
+	')
+
+	dontaudit $1 dccm_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dccm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dccm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dccm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dccm_client_packets'($*)) dnl
+	
+	corenet_send_dccm_client_packets($1)
+	corenet_receive_dccm_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dccm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dccm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dccm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dccm_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dccm_client_packets($1)
+	corenet_dontaudit_receive_dccm_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dccm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dccm_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dccm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dccm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_client_packet_t;
+	')
+
+	allow $1 dccm_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dccm_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dccm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dccm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dccm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_server_packet_t;
+	')
+
+	allow $1 dccm_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dccm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dccm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dccm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dccm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_server_packet_t;
+	')
+
+	dontaudit $1 dccm_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dccm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dccm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dccm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dccm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_server_packet_t;
+	')
+
+	allow $1 dccm_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dccm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dccm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dccm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dccm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_server_packet_t;
+	')
+
+	dontaudit $1 dccm_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dccm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dccm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dccm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dccm_server_packets'($*)) dnl
+	
+	corenet_send_dccm_server_packets($1)
+	corenet_receive_dccm_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dccm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dccm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dccm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dccm_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dccm_server_packets($1)
+	corenet_dontaudit_receive_dccm_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dccm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dccm_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dccm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dccm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dccm_server_packet_t;
+	')
+
+	allow $1 dccm_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dccm_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_dhcpc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_dhcpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_dhcpc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_dhcpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_dhcpc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_dhcpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_dhcpc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_dhcpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_dhcpc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_dhcpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_dhcpc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_dhcpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_dhcpc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_dhcpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_dhcpc_port'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_port_t;
+	')
+
+	allow $1 dhcpc_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_dhcpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_dhcpc_port'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_port_t;
+	')
+
+	allow $1 dhcpc_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_dhcpc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the dhcpc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_dhcpc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_dhcpc_port'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_port_t;
+	')
+
+	allow $1 dhcpc_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_dhcpc_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dhcpc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dhcpc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dhcpc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_client_packet_t;
+	')
+
+	allow $1 dhcpc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dhcpc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dhcpc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dhcpc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dhcpc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_client_packet_t;
+	')
+
+	dontaudit $1 dhcpc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dhcpc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dhcpc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dhcpc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dhcpc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_client_packet_t;
+	')
+
+	allow $1 dhcpc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dhcpc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dhcpc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dhcpc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dhcpc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_client_packet_t;
+	')
+
+	dontaudit $1 dhcpc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dhcpc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dhcpc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dhcpc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dhcpc_client_packets'($*)) dnl
+	
+	corenet_send_dhcpc_client_packets($1)
+	corenet_receive_dhcpc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dhcpc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dhcpc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dhcpc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dhcpc_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dhcpc_client_packets($1)
+	corenet_dontaudit_receive_dhcpc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dhcpc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dhcpc_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dhcpc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dhcpc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_client_packet_t;
+	')
+
+	allow $1 dhcpc_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dhcpc_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dhcpc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dhcpc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dhcpc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_server_packet_t;
+	')
+
+	allow $1 dhcpc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dhcpc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dhcpc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dhcpc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dhcpc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_server_packet_t;
+	')
+
+	dontaudit $1 dhcpc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dhcpc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dhcpc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dhcpc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dhcpc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_server_packet_t;
+	')
+
+	allow $1 dhcpc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dhcpc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dhcpc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dhcpc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dhcpc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_server_packet_t;
+	')
+
+	dontaudit $1 dhcpc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dhcpc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dhcpc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dhcpc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dhcpc_server_packets'($*)) dnl
+	
+	corenet_send_dhcpc_server_packets($1)
+	corenet_receive_dhcpc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dhcpc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dhcpc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dhcpc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dhcpc_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dhcpc_server_packets($1)
+	corenet_dontaudit_receive_dhcpc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dhcpc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dhcpc_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dhcpc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dhcpc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_server_packet_t;
+	')
+
+	allow $1 dhcpc_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dhcpc_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_dhcpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_dhcpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_dhcpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_dhcpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_dhcpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_dhcpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_dhcpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_dhcpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_dhcpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_dhcpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_dhcpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_dhcpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_dhcpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_dhcpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_dhcpd_port'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_port_t;
+	')
+
+	allow $1 dhcpd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_dhcpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_dhcpd_port'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_port_t;
+	')
+
+	allow $1 dhcpd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_dhcpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the dhcpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_dhcpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_dhcpd_port'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_port_t;
+	')
+
+	allow $1 dhcpd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_dhcpd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dhcpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dhcpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dhcpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_client_packet_t;
+	')
+
+	allow $1 dhcpd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dhcpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dhcpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dhcpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dhcpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_client_packet_t;
+	')
+
+	dontaudit $1 dhcpd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dhcpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dhcpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dhcpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dhcpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_client_packet_t;
+	')
+
+	allow $1 dhcpd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dhcpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dhcpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dhcpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dhcpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_client_packet_t;
+	')
+
+	dontaudit $1 dhcpd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dhcpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dhcpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dhcpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dhcpd_client_packets'($*)) dnl
+	
+	corenet_send_dhcpd_client_packets($1)
+	corenet_receive_dhcpd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dhcpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dhcpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dhcpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dhcpd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dhcpd_client_packets($1)
+	corenet_dontaudit_receive_dhcpd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dhcpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dhcpd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dhcpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dhcpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_client_packet_t;
+	')
+
+	allow $1 dhcpd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dhcpd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dhcpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dhcpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dhcpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_server_packet_t;
+	')
+
+	allow $1 dhcpd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dhcpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dhcpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dhcpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dhcpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_server_packet_t;
+	')
+
+	dontaudit $1 dhcpd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dhcpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dhcpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dhcpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dhcpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_server_packet_t;
+	')
+
+	allow $1 dhcpd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dhcpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dhcpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dhcpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dhcpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_server_packet_t;
+	')
+
+	dontaudit $1 dhcpd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dhcpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dhcpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dhcpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dhcpd_server_packets'($*)) dnl
+	
+	corenet_send_dhcpd_server_packets($1)
+	corenet_receive_dhcpd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dhcpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dhcpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dhcpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dhcpd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dhcpd_server_packets($1)
+	corenet_dontaudit_receive_dhcpd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dhcpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dhcpd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dhcpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dhcpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_server_packet_t;
+	')
+
+	allow $1 dhcpd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dhcpd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_dict_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_dict_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_dict_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_dict_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_dict_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_dict_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_dict_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_dict_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_dict_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_dict_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_dict_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_dict_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_dict_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_dict_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_dict_port'($*)) dnl
+	
+	gen_require(`
+		type dict_port_t;
+	')
+
+	allow $1 dict_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_dict_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_dict_port'($*)) dnl
+	
+	gen_require(`
+		type dict_port_t;
+	')
+
+	allow $1 dict_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_dict_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the dict port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_dict_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_dict_port'($*)) dnl
+	
+	gen_require(`
+		type dict_port_t;
+	')
+
+	allow $1 dict_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_dict_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dict_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dict_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dict_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_client_packet_t;
+	')
+
+	allow $1 dict_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dict_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dict_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dict_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dict_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_client_packet_t;
+	')
+
+	dontaudit $1 dict_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dict_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dict_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dict_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dict_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_client_packet_t;
+	')
+
+	allow $1 dict_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dict_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dict_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dict_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dict_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_client_packet_t;
+	')
+
+	dontaudit $1 dict_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dict_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dict_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dict_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dict_client_packets'($*)) dnl
+	
+	corenet_send_dict_client_packets($1)
+	corenet_receive_dict_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dict_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dict_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dict_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dict_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dict_client_packets($1)
+	corenet_dontaudit_receive_dict_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dict_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dict_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dict_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dict_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_client_packet_t;
+	')
+
+	allow $1 dict_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dict_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dict_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dict_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dict_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_server_packet_t;
+	')
+
+	allow $1 dict_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dict_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dict_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dict_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dict_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_server_packet_t;
+	')
+
+	dontaudit $1 dict_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dict_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dict_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dict_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dict_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_server_packet_t;
+	')
+
+	allow $1 dict_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dict_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dict_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dict_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dict_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_server_packet_t;
+	')
+
+	dontaudit $1 dict_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dict_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dict_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dict_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dict_server_packets'($*)) dnl
+	
+	corenet_send_dict_server_packets($1)
+	corenet_receive_dict_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dict_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dict_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dict_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dict_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dict_server_packets($1)
+	corenet_dontaudit_receive_dict_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dict_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dict_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dict_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dict_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dict_server_packet_t;
+	')
+
+	allow $1 dict_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dict_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_distccd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_distccd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_distccd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_distccd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_distccd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_distccd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_distccd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_distccd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_distccd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_distccd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_distccd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_distccd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_distccd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_distccd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_distccd_port'($*)) dnl
+	
+	gen_require(`
+		type distccd_port_t;
+	')
+
+	allow $1 distccd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_distccd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_distccd_port'($*)) dnl
+	
+	gen_require(`
+		type distccd_port_t;
+	')
+
+	allow $1 distccd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_distccd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the distccd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_distccd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_distccd_port'($*)) dnl
+	
+	gen_require(`
+		type distccd_port_t;
+	')
+
+	allow $1 distccd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_distccd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send distccd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_distccd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_distccd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_client_packet_t;
+	')
+
+	allow $1 distccd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_distccd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send distccd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_distccd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_distccd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_client_packet_t;
+	')
+
+	dontaudit $1 distccd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_distccd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive distccd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_distccd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_distccd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_client_packet_t;
+	')
+
+	allow $1 distccd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_distccd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive distccd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_distccd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_distccd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_client_packet_t;
+	')
+
+	dontaudit $1 distccd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_distccd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive distccd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_distccd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_distccd_client_packets'($*)) dnl
+	
+	corenet_send_distccd_client_packets($1)
+	corenet_receive_distccd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_distccd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive distccd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_distccd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_distccd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_distccd_client_packets($1)
+	corenet_dontaudit_receive_distccd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_distccd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to distccd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_distccd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_distccd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_client_packet_t;
+	')
+
+	allow $1 distccd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_distccd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send distccd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_distccd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_distccd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_server_packet_t;
+	')
+
+	allow $1 distccd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_distccd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send distccd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_distccd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_distccd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_server_packet_t;
+	')
+
+	dontaudit $1 distccd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_distccd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive distccd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_distccd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_distccd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_server_packet_t;
+	')
+
+	allow $1 distccd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_distccd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive distccd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_distccd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_distccd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_server_packet_t;
+	')
+
+	dontaudit $1 distccd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_distccd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive distccd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_distccd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_distccd_server_packets'($*)) dnl
+	
+	corenet_send_distccd_server_packets($1)
+	corenet_receive_distccd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_distccd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive distccd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_distccd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_distccd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_distccd_server_packets($1)
+	corenet_dontaudit_receive_distccd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_distccd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to distccd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_distccd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_distccd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type distccd_server_packet_t;
+	')
+
+	allow $1 distccd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_distccd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_dns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_dns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_dns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_dns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_dns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_dns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_dns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_dns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_dns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_dns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_dns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_dns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_dns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_dns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_dns_port'($*)) dnl
+	
+	gen_require(`
+		type dns_port_t;
+	')
+
+	allow $1 dns_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_dns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_dns_port'($*)) dnl
+	
+	gen_require(`
+		type dns_port_t;
+	')
+
+	allow $1 dns_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_dns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the dns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_dns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_dns_port'($*)) dnl
+	
+	gen_require(`
+		type dns_port_t;
+	')
+
+	allow $1 dns_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_dns_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_client_packet_t;
+	')
+
+	allow $1 dns_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_client_packet_t;
+	')
+
+	dontaudit $1 dns_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_client_packet_t;
+	')
+
+	allow $1 dns_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_client_packet_t;
+	')
+
+	dontaudit $1 dns_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dns_client_packets'($*)) dnl
+	
+	corenet_send_dns_client_packets($1)
+	corenet_receive_dns_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dns_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dns_client_packets($1)
+	corenet_dontaudit_receive_dns_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dns_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_client_packet_t;
+	')
+
+	allow $1 dns_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dns_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_server_packet_t;
+	')
+
+	allow $1 dns_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_server_packet_t;
+	')
+
+	dontaudit $1 dns_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_server_packet_t;
+	')
+
+	allow $1 dns_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_server_packet_t;
+	')
+
+	dontaudit $1 dns_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dns_server_packets'($*)) dnl
+	
+	corenet_send_dns_server_packets($1)
+	corenet_receive_dns_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dns_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dns_server_packets($1)
+	corenet_dontaudit_receive_dns_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dns_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dns_server_packet_t;
+	')
+
+	allow $1 dns_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dns_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_dropbox_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_dropbox_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_dropbox_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_dropbox_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_dropbox_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_dropbox_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_dropbox_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_dropbox_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_dropbox_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_dropbox_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_dropbox_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_dropbox_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_dropbox_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_dropbox_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_dropbox_port'($*)) dnl
+	
+	gen_require(`
+		type dropbox_port_t;
+	')
+
+	allow $1 dropbox_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_dropbox_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_dropbox_port'($*)) dnl
+	
+	gen_require(`
+		type dropbox_port_t;
+	')
+
+	allow $1 dropbox_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_dropbox_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the dropbox port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_dropbox_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_dropbox_port'($*)) dnl
+	
+	gen_require(`
+		type dropbox_port_t;
+	')
+
+	allow $1 dropbox_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_dropbox_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dropbox_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dropbox_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dropbox_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_client_packet_t;
+	')
+
+	allow $1 dropbox_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dropbox_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dropbox_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dropbox_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dropbox_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_client_packet_t;
+	')
+
+	dontaudit $1 dropbox_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dropbox_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dropbox_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dropbox_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dropbox_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_client_packet_t;
+	')
+
+	allow $1 dropbox_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dropbox_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dropbox_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dropbox_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dropbox_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_client_packet_t;
+	')
+
+	dontaudit $1 dropbox_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dropbox_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dropbox_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dropbox_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dropbox_client_packets'($*)) dnl
+	
+	corenet_send_dropbox_client_packets($1)
+	corenet_receive_dropbox_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dropbox_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dropbox_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dropbox_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dropbox_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dropbox_client_packets($1)
+	corenet_dontaudit_receive_dropbox_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dropbox_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dropbox_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dropbox_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dropbox_client_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_client_packet_t;
+	')
+
+	allow $1 dropbox_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dropbox_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send dropbox_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_dropbox_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_dropbox_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_server_packet_t;
+	')
+
+	allow $1 dropbox_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_dropbox_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send dropbox_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_dropbox_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_dropbox_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_server_packet_t;
+	')
+
+	dontaudit $1 dropbox_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_dropbox_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive dropbox_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_dropbox_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_dropbox_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_server_packet_t;
+	')
+
+	allow $1 dropbox_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_dropbox_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive dropbox_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_dropbox_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_dropbox_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_server_packet_t;
+	')
+
+	dontaudit $1 dropbox_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_dropbox_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive dropbox_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_dropbox_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_dropbox_server_packets'($*)) dnl
+	
+	corenet_send_dropbox_server_packets($1)
+	corenet_receive_dropbox_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_dropbox_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive dropbox_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_dropbox_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_dropbox_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_dropbox_server_packets($1)
+	corenet_dontaudit_receive_dropbox_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_dropbox_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to dropbox_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_dropbox_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_dropbox_server_packets'($*)) dnl
+	
+	gen_require(`
+		type dropbox_server_packet_t;
+	')
+
+	allow $1 dropbox_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_dropbox_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_efs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_efs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_efs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_efs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_efs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_efs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_efs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_efs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_efs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_efs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_efs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_efs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_efs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_efs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_efs_port'($*)) dnl
+	
+	gen_require(`
+		type efs_port_t;
+	')
+
+	allow $1 efs_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_efs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_efs_port'($*)) dnl
+	
+	gen_require(`
+		type efs_port_t;
+	')
+
+	allow $1 efs_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_efs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the efs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_efs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_efs_port'($*)) dnl
+	
+	gen_require(`
+		type efs_port_t;
+	')
+
+	allow $1 efs_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_efs_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send efs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_efs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_efs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_client_packet_t;
+	')
+
+	allow $1 efs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_efs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send efs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_efs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_efs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_client_packet_t;
+	')
+
+	dontaudit $1 efs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_efs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive efs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_efs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_efs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_client_packet_t;
+	')
+
+	allow $1 efs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_efs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive efs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_efs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_efs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_client_packet_t;
+	')
+
+	dontaudit $1 efs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_efs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive efs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_efs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_efs_client_packets'($*)) dnl
+	
+	corenet_send_efs_client_packets($1)
+	corenet_receive_efs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_efs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive efs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_efs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_efs_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_efs_client_packets($1)
+	corenet_dontaudit_receive_efs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_efs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to efs_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_efs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_efs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_client_packet_t;
+	')
+
+	allow $1 efs_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_efs_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send efs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_efs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_efs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_server_packet_t;
+	')
+
+	allow $1 efs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_efs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send efs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_efs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_efs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_server_packet_t;
+	')
+
+	dontaudit $1 efs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_efs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive efs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_efs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_efs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_server_packet_t;
+	')
+
+	allow $1 efs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_efs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive efs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_efs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_efs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_server_packet_t;
+	')
+
+	dontaudit $1 efs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_efs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive efs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_efs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_efs_server_packets'($*)) dnl
+	
+	corenet_send_efs_server_packets($1)
+	corenet_receive_efs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_efs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive efs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_efs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_efs_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_efs_server_packets($1)
+	corenet_dontaudit_receive_efs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_efs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to efs_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_efs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_efs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type efs_server_packet_t;
+	')
+
+	allow $1 efs_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_efs_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_embrace_dp_c_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_embrace_dp_c_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_embrace_dp_c_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_embrace_dp_c_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_embrace_dp_c_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_embrace_dp_c_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_embrace_dp_c_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_embrace_dp_c_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_embrace_dp_c_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_embrace_dp_c_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_embrace_dp_c_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_embrace_dp_c_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_embrace_dp_c_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_embrace_dp_c_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_embrace_dp_c_port'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_port_t;
+	')
+
+	allow $1 embrace_dp_c_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_embrace_dp_c_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_embrace_dp_c_port'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_port_t;
+	')
+
+	allow $1 embrace_dp_c_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_embrace_dp_c_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the embrace_dp_c port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_embrace_dp_c_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_embrace_dp_c_port'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_port_t;
+	')
+
+	allow $1 embrace_dp_c_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_embrace_dp_c_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send embrace_dp_c_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_embrace_dp_c_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_embrace_dp_c_client_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_client_packet_t;
+	')
+
+	allow $1 embrace_dp_c_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_embrace_dp_c_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send embrace_dp_c_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_embrace_dp_c_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_embrace_dp_c_client_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_client_packet_t;
+	')
+
+	dontaudit $1 embrace_dp_c_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_embrace_dp_c_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive embrace_dp_c_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_embrace_dp_c_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_embrace_dp_c_client_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_client_packet_t;
+	')
+
+	allow $1 embrace_dp_c_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_embrace_dp_c_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive embrace_dp_c_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_embrace_dp_c_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_embrace_dp_c_client_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_client_packet_t;
+	')
+
+	dontaudit $1 embrace_dp_c_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_embrace_dp_c_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive embrace_dp_c_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_embrace_dp_c_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_embrace_dp_c_client_packets'($*)) dnl
+	
+	corenet_send_embrace_dp_c_client_packets($1)
+	corenet_receive_embrace_dp_c_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_embrace_dp_c_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive embrace_dp_c_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_embrace_dp_c_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_embrace_dp_c_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_embrace_dp_c_client_packets($1)
+	corenet_dontaudit_receive_embrace_dp_c_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_embrace_dp_c_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to embrace_dp_c_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_embrace_dp_c_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_embrace_dp_c_client_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_client_packet_t;
+	')
+
+	allow $1 embrace_dp_c_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_embrace_dp_c_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send embrace_dp_c_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_embrace_dp_c_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_embrace_dp_c_server_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_server_packet_t;
+	')
+
+	allow $1 embrace_dp_c_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_embrace_dp_c_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send embrace_dp_c_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_embrace_dp_c_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_embrace_dp_c_server_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_server_packet_t;
+	')
+
+	dontaudit $1 embrace_dp_c_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_embrace_dp_c_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive embrace_dp_c_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_embrace_dp_c_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_embrace_dp_c_server_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_server_packet_t;
+	')
+
+	allow $1 embrace_dp_c_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_embrace_dp_c_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive embrace_dp_c_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_embrace_dp_c_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_embrace_dp_c_server_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_server_packet_t;
+	')
+
+	dontaudit $1 embrace_dp_c_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_embrace_dp_c_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive embrace_dp_c_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_embrace_dp_c_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_embrace_dp_c_server_packets'($*)) dnl
+	
+	corenet_send_embrace_dp_c_server_packets($1)
+	corenet_receive_embrace_dp_c_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_embrace_dp_c_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive embrace_dp_c_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_embrace_dp_c_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_embrace_dp_c_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_embrace_dp_c_server_packets($1)
+	corenet_dontaudit_receive_embrace_dp_c_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_embrace_dp_c_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to embrace_dp_c_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_embrace_dp_c_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_embrace_dp_c_server_packets'($*)) dnl
+	
+	gen_require(`
+		type embrace_dp_c_server_packet_t;
+	')
+
+	allow $1 embrace_dp_c_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_embrace_dp_c_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_epmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_epmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_epmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_epmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_epmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_epmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_epmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_epmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_epmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_epmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_epmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_epmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_epmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_epmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_epmap_port'($*)) dnl
+	
+	gen_require(`
+		type epmap_port_t;
+	')
+
+	allow $1 epmap_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_epmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_epmap_port'($*)) dnl
+	
+	gen_require(`
+		type epmap_port_t;
+	')
+
+	allow $1 epmap_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_epmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the epmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_epmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_epmap_port'($*)) dnl
+	
+	gen_require(`
+		type epmap_port_t;
+	')
+
+	allow $1 epmap_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_epmap_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send epmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_epmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_epmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_client_packet_t;
+	')
+
+	allow $1 epmap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_epmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send epmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_epmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_epmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_client_packet_t;
+	')
+
+	dontaudit $1 epmap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_epmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive epmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_epmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_epmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_client_packet_t;
+	')
+
+	allow $1 epmap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_epmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive epmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_epmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_epmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_client_packet_t;
+	')
+
+	dontaudit $1 epmap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_epmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive epmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_epmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_epmap_client_packets'($*)) dnl
+	
+	corenet_send_epmap_client_packets($1)
+	corenet_receive_epmap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_epmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive epmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_epmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_epmap_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_epmap_client_packets($1)
+	corenet_dontaudit_receive_epmap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_epmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to epmap_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_epmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_epmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_client_packet_t;
+	')
+
+	allow $1 epmap_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_epmap_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send epmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_epmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_epmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_server_packet_t;
+	')
+
+	allow $1 epmap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_epmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send epmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_epmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_epmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_server_packet_t;
+	')
+
+	dontaudit $1 epmap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_epmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive epmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_epmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_epmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_server_packet_t;
+	')
+
+	allow $1 epmap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_epmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive epmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_epmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_epmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_server_packet_t;
+	')
+
+	dontaudit $1 epmap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_epmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive epmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_epmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_epmap_server_packets'($*)) dnl
+	
+	corenet_send_epmap_server_packets($1)
+	corenet_receive_epmap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_epmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive epmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_epmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_epmap_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_epmap_server_packets($1)
+	corenet_dontaudit_receive_epmap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_epmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to epmap_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_epmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_epmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmap_server_packet_t;
+	')
+
+	allow $1 epmap_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_epmap_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_epmd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_epmd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_epmd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_epmd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_epmd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_epmd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_epmd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_epmd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_epmd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_epmd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_epmd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_epmd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_epmd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_epmd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_epmd_port'($*)) dnl
+	
+	gen_require(`
+		type epmd_port_t;
+	')
+
+	allow $1 epmd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_epmd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_epmd_port'($*)) dnl
+	
+	gen_require(`
+		type epmd_port_t;
+	')
+
+	allow $1 epmd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_epmd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the epmd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_epmd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_epmd_port'($*)) dnl
+	
+	gen_require(`
+		type epmd_port_t;
+	')
+
+	allow $1 epmd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_epmd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send epmd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_epmd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_epmd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_client_packet_t;
+	')
+
+	allow $1 epmd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_epmd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send epmd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_epmd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_epmd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_client_packet_t;
+	')
+
+	dontaudit $1 epmd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_epmd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive epmd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_epmd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_epmd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_client_packet_t;
+	')
+
+	allow $1 epmd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_epmd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive epmd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_epmd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_epmd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_client_packet_t;
+	')
+
+	dontaudit $1 epmd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_epmd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive epmd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_epmd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_epmd_client_packets'($*)) dnl
+	
+	corenet_send_epmd_client_packets($1)
+	corenet_receive_epmd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_epmd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive epmd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_epmd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_epmd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_epmd_client_packets($1)
+	corenet_dontaudit_receive_epmd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_epmd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to epmd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_epmd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_epmd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_client_packet_t;
+	')
+
+	allow $1 epmd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_epmd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send epmd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_epmd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_epmd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_server_packet_t;
+	')
+
+	allow $1 epmd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_epmd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send epmd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_epmd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_epmd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_server_packet_t;
+	')
+
+	dontaudit $1 epmd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_epmd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive epmd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_epmd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_epmd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_server_packet_t;
+	')
+
+	allow $1 epmd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_epmd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive epmd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_epmd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_epmd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_server_packet_t;
+	')
+
+	dontaudit $1 epmd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_epmd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive epmd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_epmd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_epmd_server_packets'($*)) dnl
+	
+	corenet_send_epmd_server_packets($1)
+	corenet_receive_epmd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_epmd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive epmd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_epmd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_epmd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_epmd_server_packets($1)
+	corenet_dontaudit_receive_epmd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_epmd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to epmd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_epmd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_epmd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type epmd_server_packet_t;
+	')
+
+	allow $1 epmd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_epmd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_fingerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_fingerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_fingerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_fingerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_fingerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_fingerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_fingerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_fingerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_fingerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_fingerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_fingerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_fingerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_fingerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_fingerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_fingerd_port'($*)) dnl
+	
+	gen_require(`
+		type fingerd_port_t;
+	')
+
+	allow $1 fingerd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_fingerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_fingerd_port'($*)) dnl
+	
+	gen_require(`
+		type fingerd_port_t;
+	')
+
+	allow $1 fingerd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_fingerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the fingerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_fingerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_fingerd_port'($*)) dnl
+	
+	gen_require(`
+		type fingerd_port_t;
+	')
+
+	allow $1 fingerd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_fingerd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send fingerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_fingerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_fingerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_client_packet_t;
+	')
+
+	allow $1 fingerd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_fingerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send fingerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_fingerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_fingerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_client_packet_t;
+	')
+
+	dontaudit $1 fingerd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_fingerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive fingerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_fingerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_fingerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_client_packet_t;
+	')
+
+	allow $1 fingerd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_fingerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive fingerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_fingerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_fingerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_client_packet_t;
+	')
+
+	dontaudit $1 fingerd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_fingerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive fingerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_fingerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_fingerd_client_packets'($*)) dnl
+	
+	corenet_send_fingerd_client_packets($1)
+	corenet_receive_fingerd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_fingerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive fingerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_fingerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_fingerd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_fingerd_client_packets($1)
+	corenet_dontaudit_receive_fingerd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_fingerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to fingerd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_fingerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_fingerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_client_packet_t;
+	')
+
+	allow $1 fingerd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_fingerd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send fingerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_fingerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_fingerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_server_packet_t;
+	')
+
+	allow $1 fingerd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_fingerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send fingerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_fingerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_fingerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_server_packet_t;
+	')
+
+	dontaudit $1 fingerd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_fingerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive fingerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_fingerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_fingerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_server_packet_t;
+	')
+
+	allow $1 fingerd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_fingerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive fingerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_fingerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_fingerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_server_packet_t;
+	')
+
+	dontaudit $1 fingerd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_fingerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive fingerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_fingerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_fingerd_server_packets'($*)) dnl
+	
+	corenet_send_fingerd_server_packets($1)
+	corenet_receive_fingerd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_fingerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive fingerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_fingerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_fingerd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_fingerd_server_packets($1)
+	corenet_dontaudit_receive_fingerd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_fingerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to fingerd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_fingerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_fingerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type fingerd_server_packet_t;
+	')
+
+	allow $1 fingerd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_fingerd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ftp_port'($*)) dnl
+	
+	gen_require(`
+		type ftp_port_t;
+	')
+
+	allow $1 ftp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ftp_port'($*)) dnl
+	
+	gen_require(`
+		type ftp_port_t;
+	')
+
+	allow $1 ftp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ftp_port'($*)) dnl
+	
+	gen_require(`
+		type ftp_port_t;
+	')
+
+	allow $1 ftp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ftp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_client_packet_t;
+	')
+
+	allow $1 ftp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_client_packet_t;
+	')
+
+	dontaudit $1 ftp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_client_packet_t;
+	')
+
+	allow $1 ftp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_client_packet_t;
+	')
+
+	dontaudit $1 ftp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ftp_client_packets'($*)) dnl
+	
+	corenet_send_ftp_client_packets($1)
+	corenet_receive_ftp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ftp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ftp_client_packets($1)
+	corenet_dontaudit_receive_ftp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ftp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_client_packet_t;
+	')
+
+	allow $1 ftp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ftp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_server_packet_t;
+	')
+
+	allow $1 ftp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_server_packet_t;
+	')
+
+	dontaudit $1 ftp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_server_packet_t;
+	')
+
+	allow $1 ftp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_server_packet_t;
+	')
+
+	dontaudit $1 ftp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ftp_server_packets'($*)) dnl
+	
+	corenet_send_ftp_server_packets($1)
+	corenet_receive_ftp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ftp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ftp_server_packets($1)
+	corenet_dontaudit_receive_ftp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ftp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_server_packet_t;
+	')
+
+	allow $1 ftp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ftp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ftp_data_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ftp_data_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ftp_data_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ftp_data_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ftp_data_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ftp_data_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ftp_data_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ftp_data_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ftp_data_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ftp_data_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ftp_data_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ftp_data_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ftp_data_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ftp_data_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ftp_data_port'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_port_t;
+	')
+
+	allow $1 ftp_data_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ftp_data_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ftp_data_port'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_port_t;
+	')
+
+	allow $1 ftp_data_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ftp_data_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ftp_data port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ftp_data_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ftp_data_port'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_port_t;
+	')
+
+	allow $1 ftp_data_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ftp_data_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ftp_data_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ftp_data_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ftp_data_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_client_packet_t;
+	')
+
+	allow $1 ftp_data_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ftp_data_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ftp_data_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ftp_data_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ftp_data_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_client_packet_t;
+	')
+
+	dontaudit $1 ftp_data_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ftp_data_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ftp_data_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ftp_data_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ftp_data_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_client_packet_t;
+	')
+
+	allow $1 ftp_data_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ftp_data_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ftp_data_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ftp_data_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ftp_data_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_client_packet_t;
+	')
+
+	dontaudit $1 ftp_data_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ftp_data_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ftp_data_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ftp_data_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ftp_data_client_packets'($*)) dnl
+	
+	corenet_send_ftp_data_client_packets($1)
+	corenet_receive_ftp_data_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ftp_data_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ftp_data_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ftp_data_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ftp_data_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ftp_data_client_packets($1)
+	corenet_dontaudit_receive_ftp_data_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ftp_data_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ftp_data_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ftp_data_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ftp_data_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_client_packet_t;
+	')
+
+	allow $1 ftp_data_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ftp_data_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ftp_data_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ftp_data_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ftp_data_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_server_packet_t;
+	')
+
+	allow $1 ftp_data_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ftp_data_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ftp_data_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ftp_data_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ftp_data_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_server_packet_t;
+	')
+
+	dontaudit $1 ftp_data_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ftp_data_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ftp_data_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ftp_data_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ftp_data_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_server_packet_t;
+	')
+
+	allow $1 ftp_data_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ftp_data_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ftp_data_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ftp_data_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ftp_data_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_server_packet_t;
+	')
+
+	dontaudit $1 ftp_data_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ftp_data_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ftp_data_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ftp_data_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ftp_data_server_packets'($*)) dnl
+	
+	corenet_send_ftp_data_server_packets($1)
+	corenet_receive_ftp_data_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ftp_data_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ftp_data_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ftp_data_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ftp_data_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ftp_data_server_packets($1)
+	corenet_dontaudit_receive_ftp_data_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ftp_data_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ftp_data_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ftp_data_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ftp_data_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ftp_data_server_packet_t;
+	')
+
+	allow $1 ftp_data_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ftp_data_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_gatekeeper_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_gatekeeper_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_gatekeeper_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_gatekeeper_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_gatekeeper_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_gatekeeper_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_gatekeeper_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_gatekeeper_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_gatekeeper_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_gatekeeper_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_gatekeeper_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_gatekeeper_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_gatekeeper_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_gatekeeper_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_gatekeeper_port'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_port_t;
+	')
+
+	allow $1 gatekeeper_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_gatekeeper_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_gatekeeper_port'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_port_t;
+	')
+
+	allow $1 gatekeeper_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_gatekeeper_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the gatekeeper port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_gatekeeper_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_gatekeeper_port'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_port_t;
+	')
+
+	allow $1 gatekeeper_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_gatekeeper_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gatekeeper_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gatekeeper_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gatekeeper_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_client_packet_t;
+	')
+
+	allow $1 gatekeeper_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gatekeeper_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gatekeeper_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gatekeeper_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gatekeeper_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_client_packet_t;
+	')
+
+	dontaudit $1 gatekeeper_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gatekeeper_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gatekeeper_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gatekeeper_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gatekeeper_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_client_packet_t;
+	')
+
+	allow $1 gatekeeper_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gatekeeper_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gatekeeper_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gatekeeper_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gatekeeper_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_client_packet_t;
+	')
+
+	dontaudit $1 gatekeeper_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gatekeeper_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gatekeeper_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gatekeeper_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gatekeeper_client_packets'($*)) dnl
+	
+	corenet_send_gatekeeper_client_packets($1)
+	corenet_receive_gatekeeper_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gatekeeper_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gatekeeper_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gatekeeper_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gatekeeper_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gatekeeper_client_packets($1)
+	corenet_dontaudit_receive_gatekeeper_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gatekeeper_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gatekeeper_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gatekeeper_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gatekeeper_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_client_packet_t;
+	')
+
+	allow $1 gatekeeper_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gatekeeper_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gatekeeper_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gatekeeper_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gatekeeper_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_server_packet_t;
+	')
+
+	allow $1 gatekeeper_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gatekeeper_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gatekeeper_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gatekeeper_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gatekeeper_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_server_packet_t;
+	')
+
+	dontaudit $1 gatekeeper_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gatekeeper_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gatekeeper_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gatekeeper_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gatekeeper_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_server_packet_t;
+	')
+
+	allow $1 gatekeeper_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gatekeeper_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gatekeeper_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gatekeeper_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gatekeeper_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_server_packet_t;
+	')
+
+	dontaudit $1 gatekeeper_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gatekeeper_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gatekeeper_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gatekeeper_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gatekeeper_server_packets'($*)) dnl
+	
+	corenet_send_gatekeeper_server_packets($1)
+	corenet_receive_gatekeeper_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gatekeeper_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gatekeeper_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gatekeeper_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gatekeeper_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gatekeeper_server_packets($1)
+	corenet_dontaudit_receive_gatekeeper_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gatekeeper_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gatekeeper_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gatekeeper_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gatekeeper_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_server_packet_t;
+	')
+
+	allow $1 gatekeeper_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gatekeeper_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_gdomap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_gdomap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_gdomap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_gdomap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_gdomap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_gdomap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_gdomap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_gdomap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_gdomap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_gdomap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_gdomap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_gdomap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_gdomap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_gdomap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_gdomap_port'($*)) dnl
+	
+	gen_require(`
+		type gdomap_port_t;
+	')
+
+	allow $1 gdomap_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_gdomap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_gdomap_port'($*)) dnl
+	
+	gen_require(`
+		type gdomap_port_t;
+	')
+
+	allow $1 gdomap_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_gdomap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the gdomap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_gdomap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_gdomap_port'($*)) dnl
+	
+	gen_require(`
+		type gdomap_port_t;
+	')
+
+	allow $1 gdomap_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_gdomap_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gdomap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gdomap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gdomap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_client_packet_t;
+	')
+
+	allow $1 gdomap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gdomap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gdomap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gdomap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gdomap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_client_packet_t;
+	')
+
+	dontaudit $1 gdomap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gdomap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gdomap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gdomap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gdomap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_client_packet_t;
+	')
+
+	allow $1 gdomap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gdomap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gdomap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gdomap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gdomap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_client_packet_t;
+	')
+
+	dontaudit $1 gdomap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gdomap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gdomap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gdomap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gdomap_client_packets'($*)) dnl
+	
+	corenet_send_gdomap_client_packets($1)
+	corenet_receive_gdomap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gdomap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gdomap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gdomap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gdomap_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gdomap_client_packets($1)
+	corenet_dontaudit_receive_gdomap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gdomap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gdomap_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gdomap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gdomap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_client_packet_t;
+	')
+
+	allow $1 gdomap_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gdomap_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gdomap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gdomap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gdomap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_server_packet_t;
+	')
+
+	allow $1 gdomap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gdomap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gdomap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gdomap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gdomap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_server_packet_t;
+	')
+
+	dontaudit $1 gdomap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gdomap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gdomap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gdomap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gdomap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_server_packet_t;
+	')
+
+	allow $1 gdomap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gdomap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gdomap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gdomap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gdomap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_server_packet_t;
+	')
+
+	dontaudit $1 gdomap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gdomap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gdomap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gdomap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gdomap_server_packets'($*)) dnl
+	
+	corenet_send_gdomap_server_packets($1)
+	corenet_receive_gdomap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gdomap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gdomap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gdomap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gdomap_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gdomap_server_packets($1)
+	corenet_dontaudit_receive_gdomap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gdomap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gdomap_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gdomap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gdomap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gdomap_server_packet_t;
+	')
+
+	allow $1 gdomap_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gdomap_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_gds_db_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_gds_db_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_gds_db_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_gds_db_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_gds_db_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_gds_db_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_gds_db_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_gds_db_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_gds_db_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_gds_db_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_gds_db_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_gds_db_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_gds_db_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_gds_db_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_gds_db_port'($*)) dnl
+	
+	gen_require(`
+		type gds_db_port_t;
+	')
+
+	allow $1 gds_db_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_gds_db_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_gds_db_port'($*)) dnl
+	
+	gen_require(`
+		type gds_db_port_t;
+	')
+
+	allow $1 gds_db_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_gds_db_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the gds_db port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_gds_db_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_gds_db_port'($*)) dnl
+	
+	gen_require(`
+		type gds_db_port_t;
+	')
+
+	allow $1 gds_db_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_gds_db_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gds_db_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gds_db_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gds_db_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_client_packet_t;
+	')
+
+	allow $1 gds_db_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gds_db_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gds_db_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gds_db_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gds_db_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_client_packet_t;
+	')
+
+	dontaudit $1 gds_db_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gds_db_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gds_db_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gds_db_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gds_db_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_client_packet_t;
+	')
+
+	allow $1 gds_db_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gds_db_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gds_db_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gds_db_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gds_db_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_client_packet_t;
+	')
+
+	dontaudit $1 gds_db_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gds_db_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gds_db_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gds_db_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gds_db_client_packets'($*)) dnl
+	
+	corenet_send_gds_db_client_packets($1)
+	corenet_receive_gds_db_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gds_db_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gds_db_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gds_db_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gds_db_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gds_db_client_packets($1)
+	corenet_dontaudit_receive_gds_db_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gds_db_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gds_db_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gds_db_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gds_db_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_client_packet_t;
+	')
+
+	allow $1 gds_db_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gds_db_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gds_db_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gds_db_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gds_db_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_server_packet_t;
+	')
+
+	allow $1 gds_db_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gds_db_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gds_db_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gds_db_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gds_db_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_server_packet_t;
+	')
+
+	dontaudit $1 gds_db_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gds_db_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gds_db_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gds_db_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gds_db_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_server_packet_t;
+	')
+
+	allow $1 gds_db_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gds_db_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gds_db_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gds_db_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gds_db_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_server_packet_t;
+	')
+
+	dontaudit $1 gds_db_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gds_db_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gds_db_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gds_db_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gds_db_server_packets'($*)) dnl
+	
+	corenet_send_gds_db_server_packets($1)
+	corenet_receive_gds_db_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gds_db_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gds_db_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gds_db_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gds_db_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gds_db_server_packets($1)
+	corenet_dontaudit_receive_gds_db_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gds_db_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gds_db_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gds_db_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gds_db_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gds_db_server_packet_t;
+	')
+
+	allow $1 gds_db_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gds_db_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_giftd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_giftd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_giftd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_giftd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_giftd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_giftd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_giftd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_giftd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_giftd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_giftd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_giftd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_giftd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_giftd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_giftd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_giftd_port'($*)) dnl
+	
+	gen_require(`
+		type giftd_port_t;
+	')
+
+	allow $1 giftd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_giftd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_giftd_port'($*)) dnl
+	
+	gen_require(`
+		type giftd_port_t;
+	')
+
+	allow $1 giftd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_giftd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the giftd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_giftd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_giftd_port'($*)) dnl
+	
+	gen_require(`
+		type giftd_port_t;
+	')
+
+	allow $1 giftd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_giftd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send giftd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_giftd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_giftd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_client_packet_t;
+	')
+
+	allow $1 giftd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_giftd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send giftd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_giftd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_giftd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_client_packet_t;
+	')
+
+	dontaudit $1 giftd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_giftd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive giftd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_giftd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_giftd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_client_packet_t;
+	')
+
+	allow $1 giftd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_giftd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive giftd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_giftd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_giftd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_client_packet_t;
+	')
+
+	dontaudit $1 giftd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_giftd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive giftd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_giftd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_giftd_client_packets'($*)) dnl
+	
+	corenet_send_giftd_client_packets($1)
+	corenet_receive_giftd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_giftd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive giftd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_giftd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_giftd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_giftd_client_packets($1)
+	corenet_dontaudit_receive_giftd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_giftd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to giftd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_giftd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_giftd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_client_packet_t;
+	')
+
+	allow $1 giftd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_giftd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send giftd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_giftd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_giftd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_server_packet_t;
+	')
+
+	allow $1 giftd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_giftd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send giftd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_giftd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_giftd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_server_packet_t;
+	')
+
+	dontaudit $1 giftd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_giftd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive giftd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_giftd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_giftd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_server_packet_t;
+	')
+
+	allow $1 giftd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_giftd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive giftd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_giftd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_giftd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_server_packet_t;
+	')
+
+	dontaudit $1 giftd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_giftd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive giftd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_giftd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_giftd_server_packets'($*)) dnl
+	
+	corenet_send_giftd_server_packets($1)
+	corenet_receive_giftd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_giftd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive giftd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_giftd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_giftd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_giftd_server_packets($1)
+	corenet_dontaudit_receive_giftd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_giftd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to giftd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_giftd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_giftd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type giftd_server_packet_t;
+	')
+
+	allow $1 giftd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_giftd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_git_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_git_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_git_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_git_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_git_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_git_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_git_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_git_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_git_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_git_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_git_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_git_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_git_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_git_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_git_port'($*)) dnl
+	
+	gen_require(`
+		type git_port_t;
+	')
+
+	allow $1 git_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_git_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_git_port'($*)) dnl
+	
+	gen_require(`
+		type git_port_t;
+	')
+
+	allow $1 git_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_git_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the git port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_git_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_git_port'($*)) dnl
+	
+	gen_require(`
+		type git_port_t;
+	')
+
+	allow $1 git_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_git_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send git_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_git_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_git_client_packets'($*)) dnl
+	
+	gen_require(`
+		type git_client_packet_t;
+	')
+
+	allow $1 git_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_git_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send git_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_git_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_git_client_packets'($*)) dnl
+	
+	gen_require(`
+		type git_client_packet_t;
+	')
+
+	dontaudit $1 git_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_git_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive git_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_git_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_git_client_packets'($*)) dnl
+	
+	gen_require(`
+		type git_client_packet_t;
+	')
+
+	allow $1 git_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_git_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive git_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_git_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_git_client_packets'($*)) dnl
+	
+	gen_require(`
+		type git_client_packet_t;
+	')
+
+	dontaudit $1 git_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_git_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive git_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_git_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_git_client_packets'($*)) dnl
+	
+	corenet_send_git_client_packets($1)
+	corenet_receive_git_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_git_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive git_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_git_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_git_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_git_client_packets($1)
+	corenet_dontaudit_receive_git_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_git_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to git_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_git_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_git_client_packets'($*)) dnl
+	
+	gen_require(`
+		type git_client_packet_t;
+	')
+
+	allow $1 git_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_git_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send git_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_git_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_git_server_packets'($*)) dnl
+	
+	gen_require(`
+		type git_server_packet_t;
+	')
+
+	allow $1 git_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_git_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send git_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_git_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_git_server_packets'($*)) dnl
+	
+	gen_require(`
+		type git_server_packet_t;
+	')
+
+	dontaudit $1 git_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_git_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive git_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_git_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_git_server_packets'($*)) dnl
+	
+	gen_require(`
+		type git_server_packet_t;
+	')
+
+	allow $1 git_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_git_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive git_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_git_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_git_server_packets'($*)) dnl
+	
+	gen_require(`
+		type git_server_packet_t;
+	')
+
+	dontaudit $1 git_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_git_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive git_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_git_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_git_server_packets'($*)) dnl
+	
+	corenet_send_git_server_packets($1)
+	corenet_receive_git_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_git_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive git_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_git_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_git_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_git_server_packets($1)
+	corenet_dontaudit_receive_git_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_git_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to git_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_git_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_git_server_packets'($*)) dnl
+	
+	gen_require(`
+		type git_server_packet_t;
+	')
+
+	allow $1 git_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_git_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_glance_registry_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_glance_registry_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_glance_registry_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_glance_registry_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_glance_registry_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_glance_registry_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_glance_registry_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_glance_registry_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_glance_registry_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_glance_registry_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_glance_registry_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_glance_registry_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_glance_registry_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_glance_registry_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_glance_registry_port'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_port_t;
+	')
+
+	allow $1 glance_registry_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_glance_registry_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_glance_registry_port'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_port_t;
+	')
+
+	allow $1 glance_registry_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_glance_registry_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the glance_registry port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_glance_registry_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_glance_registry_port'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_port_t;
+	')
+
+	allow $1 glance_registry_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_glance_registry_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send glance_registry_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_glance_registry_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_glance_registry_client_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_client_packet_t;
+	')
+
+	allow $1 glance_registry_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_glance_registry_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send glance_registry_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_glance_registry_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_glance_registry_client_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_client_packet_t;
+	')
+
+	dontaudit $1 glance_registry_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_glance_registry_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive glance_registry_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_glance_registry_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_glance_registry_client_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_client_packet_t;
+	')
+
+	allow $1 glance_registry_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_glance_registry_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive glance_registry_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_glance_registry_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_glance_registry_client_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_client_packet_t;
+	')
+
+	dontaudit $1 glance_registry_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_glance_registry_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive glance_registry_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_glance_registry_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_glance_registry_client_packets'($*)) dnl
+	
+	corenet_send_glance_registry_client_packets($1)
+	corenet_receive_glance_registry_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_glance_registry_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive glance_registry_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_glance_registry_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_glance_registry_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_glance_registry_client_packets($1)
+	corenet_dontaudit_receive_glance_registry_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_glance_registry_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to glance_registry_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_glance_registry_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_glance_registry_client_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_client_packet_t;
+	')
+
+	allow $1 glance_registry_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_glance_registry_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send glance_registry_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_glance_registry_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_glance_registry_server_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_server_packet_t;
+	')
+
+	allow $1 glance_registry_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_glance_registry_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send glance_registry_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_glance_registry_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_glance_registry_server_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_server_packet_t;
+	')
+
+	dontaudit $1 glance_registry_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_glance_registry_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive glance_registry_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_glance_registry_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_glance_registry_server_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_server_packet_t;
+	')
+
+	allow $1 glance_registry_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_glance_registry_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive glance_registry_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_glance_registry_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_glance_registry_server_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_server_packet_t;
+	')
+
+	dontaudit $1 glance_registry_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_glance_registry_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive glance_registry_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_glance_registry_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_glance_registry_server_packets'($*)) dnl
+	
+	corenet_send_glance_registry_server_packets($1)
+	corenet_receive_glance_registry_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_glance_registry_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive glance_registry_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_glance_registry_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_glance_registry_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_glance_registry_server_packets($1)
+	corenet_dontaudit_receive_glance_registry_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_glance_registry_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to glance_registry_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_glance_registry_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_glance_registry_server_packets'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_server_packet_t;
+	')
+
+	allow $1 glance_registry_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_glance_registry_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_gopher_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_gopher_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_gopher_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_gopher_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_gopher_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_gopher_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_gopher_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_gopher_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_gopher_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_gopher_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_gopher_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_gopher_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_gopher_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_gopher_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_gopher_port'($*)) dnl
+	
+	gen_require(`
+		type gopher_port_t;
+	')
+
+	allow $1 gopher_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_gopher_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_gopher_port'($*)) dnl
+	
+	gen_require(`
+		type gopher_port_t;
+	')
+
+	allow $1 gopher_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_gopher_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the gopher port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_gopher_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_gopher_port'($*)) dnl
+	
+	gen_require(`
+		type gopher_port_t;
+	')
+
+	allow $1 gopher_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_gopher_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gopher_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gopher_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gopher_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_client_packet_t;
+	')
+
+	allow $1 gopher_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gopher_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gopher_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gopher_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gopher_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_client_packet_t;
+	')
+
+	dontaudit $1 gopher_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gopher_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gopher_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gopher_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gopher_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_client_packet_t;
+	')
+
+	allow $1 gopher_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gopher_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gopher_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gopher_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gopher_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_client_packet_t;
+	')
+
+	dontaudit $1 gopher_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gopher_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gopher_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gopher_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gopher_client_packets'($*)) dnl
+	
+	corenet_send_gopher_client_packets($1)
+	corenet_receive_gopher_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gopher_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gopher_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gopher_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gopher_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gopher_client_packets($1)
+	corenet_dontaudit_receive_gopher_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gopher_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gopher_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gopher_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gopher_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_client_packet_t;
+	')
+
+	allow $1 gopher_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gopher_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gopher_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gopher_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gopher_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_server_packet_t;
+	')
+
+	allow $1 gopher_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gopher_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gopher_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gopher_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gopher_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_server_packet_t;
+	')
+
+	dontaudit $1 gopher_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gopher_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gopher_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gopher_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gopher_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_server_packet_t;
+	')
+
+	allow $1 gopher_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gopher_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gopher_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gopher_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gopher_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_server_packet_t;
+	')
+
+	dontaudit $1 gopher_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gopher_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gopher_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gopher_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gopher_server_packets'($*)) dnl
+	
+	corenet_send_gopher_server_packets($1)
+	corenet_receive_gopher_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gopher_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gopher_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gopher_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gopher_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gopher_server_packets($1)
+	corenet_dontaudit_receive_gopher_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gopher_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gopher_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gopher_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gopher_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gopher_server_packet_t;
+	')
+
+	allow $1 gopher_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gopher_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_gpsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_gpsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_gpsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_gpsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_gpsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_gpsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_gpsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_gpsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_gpsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_gpsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_gpsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_gpsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_gpsd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_gpsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_gpsd_port'($*)) dnl
+	
+	gen_require(`
+		type gpsd_port_t;
+	')
+
+	allow $1 gpsd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_gpsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_gpsd_port'($*)) dnl
+	
+	gen_require(`
+		type gpsd_port_t;
+	')
+
+	allow $1 gpsd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_gpsd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the gpsd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_gpsd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_gpsd_port'($*)) dnl
+	
+	gen_require(`
+		type gpsd_port_t;
+	')
+
+	allow $1 gpsd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_gpsd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gpsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gpsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gpsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_client_packet_t;
+	')
+
+	allow $1 gpsd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gpsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gpsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gpsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gpsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_client_packet_t;
+	')
+
+	dontaudit $1 gpsd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gpsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gpsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gpsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gpsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_client_packet_t;
+	')
+
+	allow $1 gpsd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gpsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gpsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gpsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gpsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_client_packet_t;
+	')
+
+	dontaudit $1 gpsd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gpsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gpsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gpsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gpsd_client_packets'($*)) dnl
+	
+	corenet_send_gpsd_client_packets($1)
+	corenet_receive_gpsd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gpsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gpsd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gpsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gpsd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gpsd_client_packets($1)
+	corenet_dontaudit_receive_gpsd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gpsd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gpsd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gpsd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gpsd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_client_packet_t;
+	')
+
+	allow $1 gpsd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gpsd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send gpsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_gpsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_gpsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_server_packet_t;
+	')
+
+	allow $1 gpsd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_gpsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send gpsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_gpsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_gpsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_server_packet_t;
+	')
+
+	dontaudit $1 gpsd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_gpsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive gpsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_gpsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_gpsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_server_packet_t;
+	')
+
+	allow $1 gpsd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_gpsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive gpsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_gpsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_gpsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_server_packet_t;
+	')
+
+	dontaudit $1 gpsd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_gpsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive gpsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_gpsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_gpsd_server_packets'($*)) dnl
+	
+	corenet_send_gpsd_server_packets($1)
+	corenet_receive_gpsd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_gpsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive gpsd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_gpsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_gpsd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_gpsd_server_packets($1)
+	corenet_dontaudit_receive_gpsd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_gpsd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to gpsd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_gpsd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_gpsd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type gpsd_server_packet_t;
+	')
+
+	allow $1 gpsd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_gpsd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_hadoop_datanode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_hadoop_datanode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_hadoop_datanode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_hadoop_datanode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_hadoop_datanode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_hadoop_datanode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_hadoop_datanode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_hadoop_datanode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_hadoop_datanode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_hadoop_datanode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_hadoop_datanode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_hadoop_datanode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_hadoop_datanode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_hadoop_datanode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_hadoop_datanode_port'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_port_t;
+	')
+
+	allow $1 hadoop_datanode_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_hadoop_datanode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_hadoop_datanode_port'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_port_t;
+	')
+
+	allow $1 hadoop_datanode_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_hadoop_datanode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the hadoop_datanode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_hadoop_datanode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_hadoop_datanode_port'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_port_t;
+	')
+
+	allow $1 hadoop_datanode_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_hadoop_datanode_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send hadoop_datanode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_hadoop_datanode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_hadoop_datanode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_client_packet_t;
+	')
+
+	allow $1 hadoop_datanode_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_hadoop_datanode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send hadoop_datanode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_hadoop_datanode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_hadoop_datanode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_client_packet_t;
+	')
+
+	dontaudit $1 hadoop_datanode_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_hadoop_datanode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive hadoop_datanode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_hadoop_datanode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_hadoop_datanode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_client_packet_t;
+	')
+
+	allow $1 hadoop_datanode_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_hadoop_datanode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive hadoop_datanode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_hadoop_datanode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_hadoop_datanode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_client_packet_t;
+	')
+
+	dontaudit $1 hadoop_datanode_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_hadoop_datanode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive hadoop_datanode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_hadoop_datanode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_hadoop_datanode_client_packets'($*)) dnl
+	
+	corenet_send_hadoop_datanode_client_packets($1)
+	corenet_receive_hadoop_datanode_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_hadoop_datanode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive hadoop_datanode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_hadoop_datanode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_hadoop_datanode_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_hadoop_datanode_client_packets($1)
+	corenet_dontaudit_receive_hadoop_datanode_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_hadoop_datanode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to hadoop_datanode_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_hadoop_datanode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_hadoop_datanode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_client_packet_t;
+	')
+
+	allow $1 hadoop_datanode_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_hadoop_datanode_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send hadoop_datanode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_hadoop_datanode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_hadoop_datanode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_server_packet_t;
+	')
+
+	allow $1 hadoop_datanode_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_hadoop_datanode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send hadoop_datanode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_hadoop_datanode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_hadoop_datanode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_server_packet_t;
+	')
+
+	dontaudit $1 hadoop_datanode_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_hadoop_datanode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive hadoop_datanode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_hadoop_datanode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_hadoop_datanode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_server_packet_t;
+	')
+
+	allow $1 hadoop_datanode_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_hadoop_datanode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive hadoop_datanode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_hadoop_datanode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_hadoop_datanode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_server_packet_t;
+	')
+
+	dontaudit $1 hadoop_datanode_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_hadoop_datanode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive hadoop_datanode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_hadoop_datanode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_hadoop_datanode_server_packets'($*)) dnl
+	
+	corenet_send_hadoop_datanode_server_packets($1)
+	corenet_receive_hadoop_datanode_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_hadoop_datanode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive hadoop_datanode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_hadoop_datanode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_hadoop_datanode_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_hadoop_datanode_server_packets($1)
+	corenet_dontaudit_receive_hadoop_datanode_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_hadoop_datanode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to hadoop_datanode_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_hadoop_datanode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_hadoop_datanode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_server_packet_t;
+	')
+
+	allow $1 hadoop_datanode_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_hadoop_datanode_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_hadoop_namenode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_hadoop_namenode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_hadoop_namenode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_hadoop_namenode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_hadoop_namenode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_hadoop_namenode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_hadoop_namenode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_hadoop_namenode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_hadoop_namenode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_hadoop_namenode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_hadoop_namenode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_hadoop_namenode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_hadoop_namenode_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_hadoop_namenode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_hadoop_namenode_port'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_port_t;
+	')
+
+	allow $1 hadoop_namenode_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_hadoop_namenode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_hadoop_namenode_port'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_port_t;
+	')
+
+	allow $1 hadoop_namenode_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_hadoop_namenode_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the hadoop_namenode port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_hadoop_namenode_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_hadoop_namenode_port'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_port_t;
+	')
+
+	allow $1 hadoop_namenode_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_hadoop_namenode_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send hadoop_namenode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_hadoop_namenode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_hadoop_namenode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_client_packet_t;
+	')
+
+	allow $1 hadoop_namenode_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_hadoop_namenode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send hadoop_namenode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_hadoop_namenode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_hadoop_namenode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_client_packet_t;
+	')
+
+	dontaudit $1 hadoop_namenode_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_hadoop_namenode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive hadoop_namenode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_hadoop_namenode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_hadoop_namenode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_client_packet_t;
+	')
+
+	allow $1 hadoop_namenode_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_hadoop_namenode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive hadoop_namenode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_hadoop_namenode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_hadoop_namenode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_client_packet_t;
+	')
+
+	dontaudit $1 hadoop_namenode_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_hadoop_namenode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive hadoop_namenode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_hadoop_namenode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_hadoop_namenode_client_packets'($*)) dnl
+	
+	corenet_send_hadoop_namenode_client_packets($1)
+	corenet_receive_hadoop_namenode_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_hadoop_namenode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive hadoop_namenode_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_hadoop_namenode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_hadoop_namenode_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_hadoop_namenode_client_packets($1)
+	corenet_dontaudit_receive_hadoop_namenode_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_hadoop_namenode_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to hadoop_namenode_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_hadoop_namenode_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_hadoop_namenode_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_client_packet_t;
+	')
+
+	allow $1 hadoop_namenode_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_hadoop_namenode_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send hadoop_namenode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_hadoop_namenode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_hadoop_namenode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_server_packet_t;
+	')
+
+	allow $1 hadoop_namenode_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_hadoop_namenode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send hadoop_namenode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_hadoop_namenode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_hadoop_namenode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_server_packet_t;
+	')
+
+	dontaudit $1 hadoop_namenode_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_hadoop_namenode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive hadoop_namenode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_hadoop_namenode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_hadoop_namenode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_server_packet_t;
+	')
+
+	allow $1 hadoop_namenode_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_hadoop_namenode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive hadoop_namenode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_hadoop_namenode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_hadoop_namenode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_server_packet_t;
+	')
+
+	dontaudit $1 hadoop_namenode_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_hadoop_namenode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive hadoop_namenode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_hadoop_namenode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_hadoop_namenode_server_packets'($*)) dnl
+	
+	corenet_send_hadoop_namenode_server_packets($1)
+	corenet_receive_hadoop_namenode_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_hadoop_namenode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive hadoop_namenode_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_hadoop_namenode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_hadoop_namenode_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_hadoop_namenode_server_packets($1)
+	corenet_dontaudit_receive_hadoop_namenode_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_hadoop_namenode_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to hadoop_namenode_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_hadoop_namenode_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_hadoop_namenode_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_server_packet_t;
+	')
+
+	allow $1 hadoop_namenode_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_hadoop_namenode_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_hddtemp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_hddtemp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_hddtemp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_hddtemp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_hddtemp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_hddtemp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_hddtemp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_hddtemp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_hddtemp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_hddtemp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_hddtemp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_hddtemp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_hddtemp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_hddtemp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_hddtemp_port'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_port_t;
+	')
+
+	allow $1 hddtemp_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_hddtemp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_hddtemp_port'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_port_t;
+	')
+
+	allow $1 hddtemp_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_hddtemp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the hddtemp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_hddtemp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_hddtemp_port'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_port_t;
+	')
+
+	allow $1 hddtemp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_hddtemp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send hddtemp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_hddtemp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_hddtemp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_client_packet_t;
+	')
+
+	allow $1 hddtemp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_hddtemp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send hddtemp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_hddtemp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_hddtemp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_client_packet_t;
+	')
+
+	dontaudit $1 hddtemp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_hddtemp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive hddtemp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_hddtemp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_hddtemp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_client_packet_t;
+	')
+
+	allow $1 hddtemp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_hddtemp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive hddtemp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_hddtemp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_hddtemp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_client_packet_t;
+	')
+
+	dontaudit $1 hddtemp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_hddtemp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive hddtemp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_hddtemp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_hddtemp_client_packets'($*)) dnl
+	
+	corenet_send_hddtemp_client_packets($1)
+	corenet_receive_hddtemp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_hddtemp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive hddtemp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_hddtemp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_hddtemp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_hddtemp_client_packets($1)
+	corenet_dontaudit_receive_hddtemp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_hddtemp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to hddtemp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_hddtemp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_hddtemp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_client_packet_t;
+	')
+
+	allow $1 hddtemp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_hddtemp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send hddtemp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_hddtemp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_hddtemp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_server_packet_t;
+	')
+
+	allow $1 hddtemp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_hddtemp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send hddtemp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_hddtemp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_hddtemp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_server_packet_t;
+	')
+
+	dontaudit $1 hddtemp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_hddtemp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive hddtemp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_hddtemp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_hddtemp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_server_packet_t;
+	')
+
+	allow $1 hddtemp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_hddtemp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive hddtemp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_hddtemp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_hddtemp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_server_packet_t;
+	')
+
+	dontaudit $1 hddtemp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_hddtemp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive hddtemp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_hddtemp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_hddtemp_server_packets'($*)) dnl
+	
+	corenet_send_hddtemp_server_packets($1)
+	corenet_receive_hddtemp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_hddtemp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive hddtemp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_hddtemp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_hddtemp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_hddtemp_server_packets($1)
+	corenet_dontaudit_receive_hddtemp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_hddtemp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to hddtemp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_hddtemp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_hddtemp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_server_packet_t;
+	')
+
+	allow $1 hddtemp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_hddtemp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_howl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_howl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_howl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_howl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_howl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_howl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_howl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_howl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_howl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_howl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_howl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_howl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_howl_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_howl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_howl_port'($*)) dnl
+	
+	gen_require(`
+		type howl_port_t;
+	')
+
+	allow $1 howl_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_howl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_howl_port'($*)) dnl
+	
+	gen_require(`
+		type howl_port_t;
+	')
+
+	allow $1 howl_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_howl_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the howl port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_howl_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_howl_port'($*)) dnl
+	
+	gen_require(`
+		type howl_port_t;
+	')
+
+	allow $1 howl_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_howl_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send howl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_howl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_howl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_client_packet_t;
+	')
+
+	allow $1 howl_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_howl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send howl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_howl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_howl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_client_packet_t;
+	')
+
+	dontaudit $1 howl_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_howl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive howl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_howl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_howl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_client_packet_t;
+	')
+
+	allow $1 howl_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_howl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive howl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_howl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_howl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_client_packet_t;
+	')
+
+	dontaudit $1 howl_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_howl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive howl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_howl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_howl_client_packets'($*)) dnl
+	
+	corenet_send_howl_client_packets($1)
+	corenet_receive_howl_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_howl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive howl_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_howl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_howl_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_howl_client_packets($1)
+	corenet_dontaudit_receive_howl_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_howl_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to howl_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_howl_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_howl_client_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_client_packet_t;
+	')
+
+	allow $1 howl_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_howl_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send howl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_howl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_howl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_server_packet_t;
+	')
+
+	allow $1 howl_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_howl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send howl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_howl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_howl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_server_packet_t;
+	')
+
+	dontaudit $1 howl_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_howl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive howl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_howl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_howl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_server_packet_t;
+	')
+
+	allow $1 howl_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_howl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive howl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_howl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_howl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_server_packet_t;
+	')
+
+	dontaudit $1 howl_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_howl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive howl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_howl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_howl_server_packets'($*)) dnl
+	
+	corenet_send_howl_server_packets($1)
+	corenet_receive_howl_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_howl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive howl_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_howl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_howl_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_howl_server_packets($1)
+	corenet_dontaudit_receive_howl_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_howl_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to howl_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_howl_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_howl_server_packets'($*)) dnl
+	
+	gen_require(`
+		type howl_server_packet_t;
+	')
+
+	allow $1 howl_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_howl_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_hplip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_hplip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_hplip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_hplip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_hplip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_hplip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_hplip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_hplip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_hplip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_hplip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_hplip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_hplip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_hplip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_hplip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_hplip_port'($*)) dnl
+	
+	gen_require(`
+		type hplip_port_t;
+	')
+
+	allow $1 hplip_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_hplip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_hplip_port'($*)) dnl
+	
+	gen_require(`
+		type hplip_port_t;
+	')
+
+	allow $1 hplip_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_hplip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the hplip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_hplip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_hplip_port'($*)) dnl
+	
+	gen_require(`
+		type hplip_port_t;
+	')
+
+	allow $1 hplip_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_hplip_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send hplip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_hplip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_hplip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_client_packet_t;
+	')
+
+	allow $1 hplip_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_hplip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send hplip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_hplip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_hplip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_client_packet_t;
+	')
+
+	dontaudit $1 hplip_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_hplip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive hplip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_hplip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_hplip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_client_packet_t;
+	')
+
+	allow $1 hplip_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_hplip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive hplip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_hplip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_hplip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_client_packet_t;
+	')
+
+	dontaudit $1 hplip_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_hplip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive hplip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_hplip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_hplip_client_packets'($*)) dnl
+	
+	corenet_send_hplip_client_packets($1)
+	corenet_receive_hplip_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_hplip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive hplip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_hplip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_hplip_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_hplip_client_packets($1)
+	corenet_dontaudit_receive_hplip_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_hplip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to hplip_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_hplip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_hplip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_client_packet_t;
+	')
+
+	allow $1 hplip_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_hplip_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send hplip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_hplip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_hplip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_server_packet_t;
+	')
+
+	allow $1 hplip_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_hplip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send hplip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_hplip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_hplip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_server_packet_t;
+	')
+
+	dontaudit $1 hplip_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_hplip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive hplip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_hplip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_hplip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_server_packet_t;
+	')
+
+	allow $1 hplip_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_hplip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive hplip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_hplip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_hplip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_server_packet_t;
+	')
+
+	dontaudit $1 hplip_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_hplip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive hplip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_hplip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_hplip_server_packets'($*)) dnl
+	
+	corenet_send_hplip_server_packets($1)
+	corenet_receive_hplip_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_hplip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive hplip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_hplip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_hplip_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_hplip_server_packets($1)
+	corenet_dontaudit_receive_hplip_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_hplip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to hplip_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_hplip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_hplip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type hplip_server_packet_t;
+	')
+
+	allow $1 hplip_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_hplip_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_http_port'($*)) dnl
+	
+	gen_require(`
+		type http_port_t;
+	')
+
+	allow $1 http_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_http_port'($*)) dnl
+	
+	gen_require(`
+		type http_port_t;
+	')
+
+	allow $1 http_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_http_port'($*)) dnl
+	
+	gen_require(`
+		type http_port_t;
+	')
+
+	allow $1 http_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_http_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_client_packet_t;
+	')
+
+	allow $1 http_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_client_packet_t;
+	')
+
+	dontaudit $1 http_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_client_packet_t;
+	')
+
+	allow $1 http_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_client_packet_t;
+	')
+
+	dontaudit $1 http_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_http_client_packets'($*)) dnl
+	
+	corenet_send_http_client_packets($1)
+	corenet_receive_http_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_http_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_http_client_packets($1)
+	corenet_dontaudit_receive_http_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to http_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_client_packet_t;
+	')
+
+	allow $1 http_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_http_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_server_packet_t;
+	')
+
+	allow $1 http_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_server_packet_t;
+	')
+
+	dontaudit $1 http_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_server_packet_t;
+	')
+
+	allow $1 http_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_server_packet_t;
+	')
+
+	dontaudit $1 http_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_http_server_packets'($*)) dnl
+	
+	corenet_send_http_server_packets($1)
+	corenet_receive_http_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_http_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_http_server_packets($1)
+	corenet_dontaudit_receive_http_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to http_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_server_packet_t;
+	')
+
+	allow $1 http_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_http_server_packets'($*)) dnl
+	')
+
+
+ #8443 is mod_nss default port
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_http_cache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_http_cache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_http_cache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_http_cache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_http_cache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_http_cache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_http_cache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_http_cache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_http_cache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_http_cache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_http_cache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_http_cache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_http_cache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_http_cache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_http_cache_port'($*)) dnl
+	
+	gen_require(`
+		type http_cache_port_t;
+	')
+
+	allow $1 http_cache_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_http_cache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_http_cache_port'($*)) dnl
+	
+	gen_require(`
+		type http_cache_port_t;
+	')
+
+	allow $1 http_cache_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_http_cache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the http_cache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_http_cache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_http_cache_port'($*)) dnl
+	
+	gen_require(`
+		type http_cache_port_t;
+	')
+
+	allow $1 http_cache_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_http_cache_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send http_cache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_http_cache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_http_cache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_client_packet_t;
+	')
+
+	allow $1 http_cache_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_http_cache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send http_cache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_http_cache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_http_cache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_client_packet_t;
+	')
+
+	dontaudit $1 http_cache_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_http_cache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive http_cache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_http_cache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_http_cache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_client_packet_t;
+	')
+
+	allow $1 http_cache_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_http_cache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive http_cache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_http_cache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_http_cache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_client_packet_t;
+	')
+
+	dontaudit $1 http_cache_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_http_cache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive http_cache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_http_cache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_http_cache_client_packets'($*)) dnl
+	
+	corenet_send_http_cache_client_packets($1)
+	corenet_receive_http_cache_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_http_cache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive http_cache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_http_cache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_http_cache_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_http_cache_client_packets($1)
+	corenet_dontaudit_receive_http_cache_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_http_cache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to http_cache_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_http_cache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_http_cache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_client_packet_t;
+	')
+
+	allow $1 http_cache_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_http_cache_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send http_cache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_http_cache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_http_cache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_server_packet_t;
+	')
+
+	allow $1 http_cache_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_http_cache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send http_cache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_http_cache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_http_cache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_server_packet_t;
+	')
+
+	dontaudit $1 http_cache_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_http_cache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive http_cache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_http_cache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_http_cache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_server_packet_t;
+	')
+
+	allow $1 http_cache_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_http_cache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive http_cache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_http_cache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_http_cache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_server_packet_t;
+	')
+
+	dontaudit $1 http_cache_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_http_cache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive http_cache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_http_cache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_http_cache_server_packets'($*)) dnl
+	
+	corenet_send_http_cache_server_packets($1)
+	corenet_receive_http_cache_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_http_cache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive http_cache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_http_cache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_http_cache_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_http_cache_server_packets($1)
+	corenet_dontaudit_receive_http_cache_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_http_cache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to http_cache_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_http_cache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_http_cache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type http_cache_server_packet_t;
+	')
+
+	allow $1 http_cache_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_http_cache_server_packets'($*)) dnl
+	')
+
+
+ # 8118 is for privoxy
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_i18n_input_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_i18n_input_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_i18n_input_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_i18n_input_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_i18n_input_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_i18n_input_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_i18n_input_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_i18n_input_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_i18n_input_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_i18n_input_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_i18n_input_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_i18n_input_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_i18n_input_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_i18n_input_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_i18n_input_port'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_port_t;
+	')
+
+	allow $1 i18n_input_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_i18n_input_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_i18n_input_port'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_port_t;
+	')
+
+	allow $1 i18n_input_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_i18n_input_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the i18n_input port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_i18n_input_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_i18n_input_port'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_port_t;
+	')
+
+	allow $1 i18n_input_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_i18n_input_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send i18n_input_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_i18n_input_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_i18n_input_client_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_client_packet_t;
+	')
+
+	allow $1 i18n_input_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_i18n_input_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send i18n_input_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_i18n_input_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_i18n_input_client_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_client_packet_t;
+	')
+
+	dontaudit $1 i18n_input_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_i18n_input_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive i18n_input_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_i18n_input_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_i18n_input_client_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_client_packet_t;
+	')
+
+	allow $1 i18n_input_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_i18n_input_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive i18n_input_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_i18n_input_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_i18n_input_client_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_client_packet_t;
+	')
+
+	dontaudit $1 i18n_input_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_i18n_input_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive i18n_input_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_i18n_input_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_i18n_input_client_packets'($*)) dnl
+	
+	corenet_send_i18n_input_client_packets($1)
+	corenet_receive_i18n_input_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_i18n_input_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive i18n_input_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_i18n_input_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_i18n_input_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_i18n_input_client_packets($1)
+	corenet_dontaudit_receive_i18n_input_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_i18n_input_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to i18n_input_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_i18n_input_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_i18n_input_client_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_client_packet_t;
+	')
+
+	allow $1 i18n_input_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_i18n_input_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send i18n_input_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_i18n_input_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_i18n_input_server_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_server_packet_t;
+	')
+
+	allow $1 i18n_input_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_i18n_input_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send i18n_input_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_i18n_input_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_i18n_input_server_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_server_packet_t;
+	')
+
+	dontaudit $1 i18n_input_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_i18n_input_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive i18n_input_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_i18n_input_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_i18n_input_server_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_server_packet_t;
+	')
+
+	allow $1 i18n_input_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_i18n_input_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive i18n_input_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_i18n_input_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_i18n_input_server_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_server_packet_t;
+	')
+
+	dontaudit $1 i18n_input_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_i18n_input_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive i18n_input_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_i18n_input_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_i18n_input_server_packets'($*)) dnl
+	
+	corenet_send_i18n_input_server_packets($1)
+	corenet_receive_i18n_input_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_i18n_input_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive i18n_input_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_i18n_input_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_i18n_input_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_i18n_input_server_packets($1)
+	corenet_dontaudit_receive_i18n_input_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_i18n_input_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to i18n_input_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_i18n_input_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_i18n_input_server_packets'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_server_packet_t;
+	')
+
+	allow $1 i18n_input_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_i18n_input_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_imaze_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_imaze_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_imaze_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_imaze_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_imaze_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_imaze_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_imaze_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_imaze_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_imaze_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_imaze_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_imaze_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_imaze_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_imaze_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_imaze_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_imaze_port'($*)) dnl
+	
+	gen_require(`
+		type imaze_port_t;
+	')
+
+	allow $1 imaze_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_imaze_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_imaze_port'($*)) dnl
+	
+	gen_require(`
+		type imaze_port_t;
+	')
+
+	allow $1 imaze_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_imaze_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the imaze port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_imaze_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_imaze_port'($*)) dnl
+	
+	gen_require(`
+		type imaze_port_t;
+	')
+
+	allow $1 imaze_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_imaze_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send imaze_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_imaze_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_imaze_client_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_client_packet_t;
+	')
+
+	allow $1 imaze_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_imaze_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send imaze_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_imaze_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_imaze_client_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_client_packet_t;
+	')
+
+	dontaudit $1 imaze_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_imaze_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive imaze_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_imaze_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_imaze_client_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_client_packet_t;
+	')
+
+	allow $1 imaze_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_imaze_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive imaze_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_imaze_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_imaze_client_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_client_packet_t;
+	')
+
+	dontaudit $1 imaze_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_imaze_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive imaze_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_imaze_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_imaze_client_packets'($*)) dnl
+	
+	corenet_send_imaze_client_packets($1)
+	corenet_receive_imaze_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_imaze_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive imaze_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_imaze_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_imaze_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_imaze_client_packets($1)
+	corenet_dontaudit_receive_imaze_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_imaze_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to imaze_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_imaze_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_imaze_client_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_client_packet_t;
+	')
+
+	allow $1 imaze_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_imaze_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send imaze_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_imaze_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_imaze_server_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_server_packet_t;
+	')
+
+	allow $1 imaze_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_imaze_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send imaze_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_imaze_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_imaze_server_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_server_packet_t;
+	')
+
+	dontaudit $1 imaze_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_imaze_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive imaze_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_imaze_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_imaze_server_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_server_packet_t;
+	')
+
+	allow $1 imaze_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_imaze_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive imaze_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_imaze_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_imaze_server_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_server_packet_t;
+	')
+
+	dontaudit $1 imaze_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_imaze_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive imaze_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_imaze_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_imaze_server_packets'($*)) dnl
+	
+	corenet_send_imaze_server_packets($1)
+	corenet_receive_imaze_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_imaze_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive imaze_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_imaze_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_imaze_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_imaze_server_packets($1)
+	corenet_dontaudit_receive_imaze_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_imaze_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to imaze_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_imaze_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_imaze_server_packets'($*)) dnl
+	
+	gen_require(`
+		type imaze_server_packet_t;
+	')
+
+	allow $1 imaze_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_imaze_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_inetd_child_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_inetd_child_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_inetd_child_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_inetd_child_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_inetd_child_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_inetd_child_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_inetd_child_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_inetd_child_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_inetd_child_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_inetd_child_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_inetd_child_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_inetd_child_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_inetd_child_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_inetd_child_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_inetd_child_port'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_port_t;
+	')
+
+	allow $1 inetd_child_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_inetd_child_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_inetd_child_port'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_port_t;
+	')
+
+	allow $1 inetd_child_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_inetd_child_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the inetd_child port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_inetd_child_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_inetd_child_port'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_port_t;
+	')
+
+	allow $1 inetd_child_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_inetd_child_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send inetd_child_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_inetd_child_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_inetd_child_client_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_client_packet_t;
+	')
+
+	allow $1 inetd_child_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_inetd_child_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send inetd_child_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_inetd_child_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_inetd_child_client_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_client_packet_t;
+	')
+
+	dontaudit $1 inetd_child_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_inetd_child_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive inetd_child_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_inetd_child_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_inetd_child_client_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_client_packet_t;
+	')
+
+	allow $1 inetd_child_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_inetd_child_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive inetd_child_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_inetd_child_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_inetd_child_client_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_client_packet_t;
+	')
+
+	dontaudit $1 inetd_child_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_inetd_child_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive inetd_child_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_inetd_child_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_inetd_child_client_packets'($*)) dnl
+	
+	corenet_send_inetd_child_client_packets($1)
+	corenet_receive_inetd_child_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_inetd_child_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive inetd_child_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_inetd_child_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_inetd_child_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_inetd_child_client_packets($1)
+	corenet_dontaudit_receive_inetd_child_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_inetd_child_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to inetd_child_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_inetd_child_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_inetd_child_client_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_client_packet_t;
+	')
+
+	allow $1 inetd_child_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_inetd_child_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send inetd_child_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_inetd_child_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_inetd_child_server_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_server_packet_t;
+	')
+
+	allow $1 inetd_child_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_inetd_child_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send inetd_child_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_inetd_child_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_inetd_child_server_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_server_packet_t;
+	')
+
+	dontaudit $1 inetd_child_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_inetd_child_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive inetd_child_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_inetd_child_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_inetd_child_server_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_server_packet_t;
+	')
+
+	allow $1 inetd_child_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_inetd_child_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive inetd_child_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_inetd_child_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_inetd_child_server_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_server_packet_t;
+	')
+
+	dontaudit $1 inetd_child_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_inetd_child_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive inetd_child_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_inetd_child_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_inetd_child_server_packets'($*)) dnl
+	
+	corenet_send_inetd_child_server_packets($1)
+	corenet_receive_inetd_child_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_inetd_child_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive inetd_child_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_inetd_child_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_inetd_child_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_inetd_child_server_packets($1)
+	corenet_dontaudit_receive_inetd_child_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_inetd_child_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to inetd_child_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_inetd_child_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_inetd_child_server_packets'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_server_packet_t;
+	')
+
+	allow $1 inetd_child_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_inetd_child_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_innd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_innd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_innd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_innd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_innd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_innd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_innd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_innd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_innd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_innd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_innd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_innd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_innd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_innd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_innd_port'($*)) dnl
+	
+	gen_require(`
+		type innd_port_t;
+	')
+
+	allow $1 innd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_innd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_innd_port'($*)) dnl
+	
+	gen_require(`
+		type innd_port_t;
+	')
+
+	allow $1 innd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_innd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the innd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_innd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_innd_port'($*)) dnl
+	
+	gen_require(`
+		type innd_port_t;
+	')
+
+	allow $1 innd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_innd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send innd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_innd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_innd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_client_packet_t;
+	')
+
+	allow $1 innd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_innd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send innd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_innd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_innd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_client_packet_t;
+	')
+
+	dontaudit $1 innd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_innd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive innd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_innd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_innd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_client_packet_t;
+	')
+
+	allow $1 innd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_innd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive innd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_innd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_innd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_client_packet_t;
+	')
+
+	dontaudit $1 innd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_innd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive innd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_innd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_innd_client_packets'($*)) dnl
+	
+	corenet_send_innd_client_packets($1)
+	corenet_receive_innd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_innd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive innd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_innd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_innd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_innd_client_packets($1)
+	corenet_dontaudit_receive_innd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_innd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to innd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_innd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_innd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_client_packet_t;
+	')
+
+	allow $1 innd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_innd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send innd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_innd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_innd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_server_packet_t;
+	')
+
+	allow $1 innd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_innd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send innd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_innd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_innd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_server_packet_t;
+	')
+
+	dontaudit $1 innd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_innd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive innd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_innd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_innd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_server_packet_t;
+	')
+
+	allow $1 innd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_innd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive innd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_innd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_innd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_server_packet_t;
+	')
+
+	dontaudit $1 innd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_innd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive innd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_innd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_innd_server_packets'($*)) dnl
+	
+	corenet_send_innd_server_packets($1)
+	corenet_receive_innd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_innd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive innd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_innd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_innd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_innd_server_packets($1)
+	corenet_dontaudit_receive_innd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_innd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to innd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_innd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_innd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type innd_server_packet_t;
+	')
+
+	allow $1 innd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_innd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_interwise_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_interwise_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_interwise_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_interwise_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_interwise_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_interwise_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_interwise_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_interwise_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_interwise_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_interwise_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_interwise_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_interwise_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_interwise_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_interwise_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_interwise_port'($*)) dnl
+	
+	gen_require(`
+		type interwise_port_t;
+	')
+
+	allow $1 interwise_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_interwise_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_interwise_port'($*)) dnl
+	
+	gen_require(`
+		type interwise_port_t;
+	')
+
+	allow $1 interwise_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_interwise_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the interwise port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_interwise_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_interwise_port'($*)) dnl
+	
+	gen_require(`
+		type interwise_port_t;
+	')
+
+	allow $1 interwise_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_interwise_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send interwise_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_interwise_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_interwise_client_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_client_packet_t;
+	')
+
+	allow $1 interwise_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_interwise_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send interwise_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_interwise_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_interwise_client_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_client_packet_t;
+	')
+
+	dontaudit $1 interwise_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_interwise_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive interwise_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_interwise_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_interwise_client_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_client_packet_t;
+	')
+
+	allow $1 interwise_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_interwise_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive interwise_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_interwise_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_interwise_client_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_client_packet_t;
+	')
+
+	dontaudit $1 interwise_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_interwise_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive interwise_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_interwise_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_interwise_client_packets'($*)) dnl
+	
+	corenet_send_interwise_client_packets($1)
+	corenet_receive_interwise_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_interwise_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive interwise_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_interwise_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_interwise_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_interwise_client_packets($1)
+	corenet_dontaudit_receive_interwise_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_interwise_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to interwise_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_interwise_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_interwise_client_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_client_packet_t;
+	')
+
+	allow $1 interwise_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_interwise_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send interwise_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_interwise_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_interwise_server_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_server_packet_t;
+	')
+
+	allow $1 interwise_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_interwise_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send interwise_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_interwise_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_interwise_server_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_server_packet_t;
+	')
+
+	dontaudit $1 interwise_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_interwise_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive interwise_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_interwise_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_interwise_server_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_server_packet_t;
+	')
+
+	allow $1 interwise_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_interwise_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive interwise_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_interwise_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_interwise_server_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_server_packet_t;
+	')
+
+	dontaudit $1 interwise_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_interwise_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive interwise_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_interwise_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_interwise_server_packets'($*)) dnl
+	
+	corenet_send_interwise_server_packets($1)
+	corenet_receive_interwise_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_interwise_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive interwise_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_interwise_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_interwise_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_interwise_server_packets($1)
+	corenet_dontaudit_receive_interwise_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_interwise_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to interwise_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_interwise_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_interwise_server_packets'($*)) dnl
+	
+	gen_require(`
+		type interwise_server_packet_t;
+	')
+
+	allow $1 interwise_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_interwise_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ionixnetmon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ionixnetmon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ionixnetmon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ionixnetmon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ionixnetmon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ionixnetmon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ionixnetmon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ionixnetmon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ionixnetmon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ionixnetmon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ionixnetmon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ionixnetmon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ionixnetmon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ionixnetmon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ionixnetmon_port'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_port_t;
+	')
+
+	allow $1 ionixnetmon_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ionixnetmon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ionixnetmon_port'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_port_t;
+	')
+
+	allow $1 ionixnetmon_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ionixnetmon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ionixnetmon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ionixnetmon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ionixnetmon_port'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_port_t;
+	')
+
+	allow $1 ionixnetmon_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ionixnetmon_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ionixnetmon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ionixnetmon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ionixnetmon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_client_packet_t;
+	')
+
+	allow $1 ionixnetmon_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ionixnetmon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ionixnetmon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ionixnetmon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ionixnetmon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_client_packet_t;
+	')
+
+	dontaudit $1 ionixnetmon_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ionixnetmon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ionixnetmon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ionixnetmon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ionixnetmon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_client_packet_t;
+	')
+
+	allow $1 ionixnetmon_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ionixnetmon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ionixnetmon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ionixnetmon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ionixnetmon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_client_packet_t;
+	')
+
+	dontaudit $1 ionixnetmon_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ionixnetmon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ionixnetmon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ionixnetmon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ionixnetmon_client_packets'($*)) dnl
+	
+	corenet_send_ionixnetmon_client_packets($1)
+	corenet_receive_ionixnetmon_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ionixnetmon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ionixnetmon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ionixnetmon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ionixnetmon_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ionixnetmon_client_packets($1)
+	corenet_dontaudit_receive_ionixnetmon_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ionixnetmon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ionixnetmon_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ionixnetmon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ionixnetmon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_client_packet_t;
+	')
+
+	allow $1 ionixnetmon_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ionixnetmon_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ionixnetmon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ionixnetmon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ionixnetmon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_server_packet_t;
+	')
+
+	allow $1 ionixnetmon_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ionixnetmon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ionixnetmon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ionixnetmon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ionixnetmon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_server_packet_t;
+	')
+
+	dontaudit $1 ionixnetmon_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ionixnetmon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ionixnetmon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ionixnetmon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ionixnetmon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_server_packet_t;
+	')
+
+	allow $1 ionixnetmon_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ionixnetmon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ionixnetmon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ionixnetmon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ionixnetmon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_server_packet_t;
+	')
+
+	dontaudit $1 ionixnetmon_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ionixnetmon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ionixnetmon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ionixnetmon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ionixnetmon_server_packets'($*)) dnl
+	
+	corenet_send_ionixnetmon_server_packets($1)
+	corenet_receive_ionixnetmon_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ionixnetmon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ionixnetmon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ionixnetmon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ionixnetmon_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ionixnetmon_server_packets($1)
+	corenet_dontaudit_receive_ionixnetmon_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ionixnetmon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ionixnetmon_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ionixnetmon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ionixnetmon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ionixnetmon_server_packet_t;
+	')
+
+	allow $1 ionixnetmon_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ionixnetmon_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ipmi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ipmi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ipmi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ipmi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ipmi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ipmi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ipmi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ipmi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ipmi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ipmi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ipmi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ipmi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ipmi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ipmi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ipmi_port'($*)) dnl
+	
+	gen_require(`
+		type ipmi_port_t;
+	')
+
+	allow $1 ipmi_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ipmi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ipmi_port'($*)) dnl
+	
+	gen_require(`
+		type ipmi_port_t;
+	')
+
+	allow $1 ipmi_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ipmi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ipmi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ipmi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ipmi_port'($*)) dnl
+	
+	gen_require(`
+		type ipmi_port_t;
+	')
+
+	allow $1 ipmi_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ipmi_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ipmi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ipmi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ipmi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_client_packet_t;
+	')
+
+	allow $1 ipmi_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ipmi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ipmi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ipmi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ipmi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_client_packet_t;
+	')
+
+	dontaudit $1 ipmi_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ipmi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ipmi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ipmi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ipmi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_client_packet_t;
+	')
+
+	allow $1 ipmi_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ipmi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ipmi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ipmi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ipmi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_client_packet_t;
+	')
+
+	dontaudit $1 ipmi_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ipmi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ipmi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ipmi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ipmi_client_packets'($*)) dnl
+	
+	corenet_send_ipmi_client_packets($1)
+	corenet_receive_ipmi_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ipmi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ipmi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ipmi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ipmi_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ipmi_client_packets($1)
+	corenet_dontaudit_receive_ipmi_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ipmi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ipmi_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ipmi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ipmi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_client_packet_t;
+	')
+
+	allow $1 ipmi_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ipmi_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ipmi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ipmi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ipmi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_server_packet_t;
+	')
+
+	allow $1 ipmi_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ipmi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ipmi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ipmi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ipmi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_server_packet_t;
+	')
+
+	dontaudit $1 ipmi_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ipmi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ipmi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ipmi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ipmi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_server_packet_t;
+	')
+
+	allow $1 ipmi_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ipmi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ipmi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ipmi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ipmi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_server_packet_t;
+	')
+
+	dontaudit $1 ipmi_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ipmi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ipmi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ipmi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ipmi_server_packets'($*)) dnl
+	
+	corenet_send_ipmi_server_packets($1)
+	corenet_receive_ipmi_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ipmi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ipmi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ipmi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ipmi_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ipmi_server_packets($1)
+	corenet_dontaudit_receive_ipmi_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ipmi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ipmi_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ipmi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ipmi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipmi_server_packet_t;
+	')
+
+	allow $1 ipmi_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ipmi_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ipp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ipp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ipp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ipp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ipp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ipp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ipp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ipp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ipp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ipp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ipp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ipp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ipp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ipp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ipp_port'($*)) dnl
+	
+	gen_require(`
+		type ipp_port_t;
+	')
+
+	allow $1 ipp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ipp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ipp_port'($*)) dnl
+	
+	gen_require(`
+		type ipp_port_t;
+	')
+
+	allow $1 ipp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ipp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ipp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ipp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ipp_port'($*)) dnl
+	
+	gen_require(`
+		type ipp_port_t;
+	')
+
+	allow $1 ipp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ipp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ipp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ipp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ipp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_client_packet_t;
+	')
+
+	allow $1 ipp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ipp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ipp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ipp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ipp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_client_packet_t;
+	')
+
+	dontaudit $1 ipp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ipp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ipp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ipp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ipp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_client_packet_t;
+	')
+
+	allow $1 ipp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ipp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ipp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ipp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ipp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_client_packet_t;
+	')
+
+	dontaudit $1 ipp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ipp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ipp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ipp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ipp_client_packets'($*)) dnl
+	
+	corenet_send_ipp_client_packets($1)
+	corenet_receive_ipp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ipp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ipp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ipp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ipp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ipp_client_packets($1)
+	corenet_dontaudit_receive_ipp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ipp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ipp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ipp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ipp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_client_packet_t;
+	')
+
+	allow $1 ipp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ipp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ipp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ipp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ipp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_server_packet_t;
+	')
+
+	allow $1 ipp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ipp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ipp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ipp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ipp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_server_packet_t;
+	')
+
+	dontaudit $1 ipp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ipp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ipp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ipp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ipp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_server_packet_t;
+	')
+
+	allow $1 ipp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ipp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ipp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ipp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ipp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_server_packet_t;
+	')
+
+	dontaudit $1 ipp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ipp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ipp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ipp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ipp_server_packets'($*)) dnl
+	
+	corenet_send_ipp_server_packets($1)
+	corenet_receive_ipp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ipp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ipp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ipp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ipp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ipp_server_packets($1)
+	corenet_dontaudit_receive_ipp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ipp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ipp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ipp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ipp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipp_server_packet_t;
+	')
+
+	allow $1 ipp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ipp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ipsecnat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ipsecnat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ipsecnat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ipsecnat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ipsecnat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ipsecnat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ipsecnat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ipsecnat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ipsecnat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ipsecnat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ipsecnat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ipsecnat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ipsecnat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ipsecnat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ipsecnat_port'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_port_t;
+	')
+
+	allow $1 ipsecnat_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ipsecnat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ipsecnat_port'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_port_t;
+	')
+
+	allow $1 ipsecnat_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ipsecnat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ipsecnat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ipsecnat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ipsecnat_port'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_port_t;
+	')
+
+	allow $1 ipsecnat_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ipsecnat_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ipsecnat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ipsecnat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ipsecnat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_client_packet_t;
+	')
+
+	allow $1 ipsecnat_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ipsecnat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ipsecnat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ipsecnat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ipsecnat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_client_packet_t;
+	')
+
+	dontaudit $1 ipsecnat_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ipsecnat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ipsecnat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ipsecnat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ipsecnat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_client_packet_t;
+	')
+
+	allow $1 ipsecnat_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ipsecnat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ipsecnat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ipsecnat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ipsecnat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_client_packet_t;
+	')
+
+	dontaudit $1 ipsecnat_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ipsecnat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ipsecnat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ipsecnat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ipsecnat_client_packets'($*)) dnl
+	
+	corenet_send_ipsecnat_client_packets($1)
+	corenet_receive_ipsecnat_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ipsecnat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ipsecnat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ipsecnat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ipsecnat_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ipsecnat_client_packets($1)
+	corenet_dontaudit_receive_ipsecnat_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ipsecnat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ipsecnat_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ipsecnat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ipsecnat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_client_packet_t;
+	')
+
+	allow $1 ipsecnat_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ipsecnat_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ipsecnat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ipsecnat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ipsecnat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_server_packet_t;
+	')
+
+	allow $1 ipsecnat_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ipsecnat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ipsecnat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ipsecnat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ipsecnat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_server_packet_t;
+	')
+
+	dontaudit $1 ipsecnat_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ipsecnat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ipsecnat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ipsecnat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ipsecnat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_server_packet_t;
+	')
+
+	allow $1 ipsecnat_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ipsecnat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ipsecnat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ipsecnat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ipsecnat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_server_packet_t;
+	')
+
+	dontaudit $1 ipsecnat_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ipsecnat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ipsecnat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ipsecnat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ipsecnat_server_packets'($*)) dnl
+	
+	corenet_send_ipsecnat_server_packets($1)
+	corenet_receive_ipsecnat_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ipsecnat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ipsecnat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ipsecnat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ipsecnat_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ipsecnat_server_packets($1)
+	corenet_dontaudit_receive_ipsecnat_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ipsecnat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ipsecnat_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ipsecnat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ipsecnat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ipsecnat_server_packet_t;
+	')
+
+	allow $1 ipsecnat_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ipsecnat_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ircd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ircd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ircd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ircd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ircd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ircd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ircd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ircd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ircd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ircd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ircd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ircd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ircd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ircd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ircd_port'($*)) dnl
+	
+	gen_require(`
+		type ircd_port_t;
+	')
+
+	allow $1 ircd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ircd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ircd_port'($*)) dnl
+	
+	gen_require(`
+		type ircd_port_t;
+	')
+
+	allow $1 ircd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ircd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ircd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ircd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ircd_port'($*)) dnl
+	
+	gen_require(`
+		type ircd_port_t;
+	')
+
+	allow $1 ircd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ircd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ircd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ircd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ircd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_client_packet_t;
+	')
+
+	allow $1 ircd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ircd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ircd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ircd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ircd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_client_packet_t;
+	')
+
+	dontaudit $1 ircd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ircd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ircd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ircd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ircd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_client_packet_t;
+	')
+
+	allow $1 ircd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ircd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ircd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ircd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ircd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_client_packet_t;
+	')
+
+	dontaudit $1 ircd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ircd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ircd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ircd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ircd_client_packets'($*)) dnl
+	
+	corenet_send_ircd_client_packets($1)
+	corenet_receive_ircd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ircd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ircd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ircd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ircd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ircd_client_packets($1)
+	corenet_dontaudit_receive_ircd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ircd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ircd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ircd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ircd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_client_packet_t;
+	')
+
+	allow $1 ircd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ircd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ircd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ircd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ircd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_server_packet_t;
+	')
+
+	allow $1 ircd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ircd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ircd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ircd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ircd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_server_packet_t;
+	')
+
+	dontaudit $1 ircd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ircd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ircd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ircd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ircd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_server_packet_t;
+	')
+
+	allow $1 ircd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ircd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ircd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ircd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ircd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_server_packet_t;
+	')
+
+	dontaudit $1 ircd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ircd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ircd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ircd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ircd_server_packets'($*)) dnl
+	
+	corenet_send_ircd_server_packets($1)
+	corenet_receive_ircd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ircd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ircd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ircd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ircd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ircd_server_packets($1)
+	corenet_dontaudit_receive_ircd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ircd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ircd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ircd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ircd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ircd_server_packet_t;
+	')
+
+	allow $1 ircd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ircd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_isakmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_isakmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_isakmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_isakmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_isakmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_isakmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_isakmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_isakmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_isakmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_isakmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_isakmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_isakmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_isakmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_isakmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_isakmp_port'($*)) dnl
+	
+	gen_require(`
+		type isakmp_port_t;
+	')
+
+	allow $1 isakmp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_isakmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_isakmp_port'($*)) dnl
+	
+	gen_require(`
+		type isakmp_port_t;
+	')
+
+	allow $1 isakmp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_isakmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the isakmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_isakmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_isakmp_port'($*)) dnl
+	
+	gen_require(`
+		type isakmp_port_t;
+	')
+
+	allow $1 isakmp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_isakmp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send isakmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_isakmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_isakmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_client_packet_t;
+	')
+
+	allow $1 isakmp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_isakmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send isakmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_isakmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_isakmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_client_packet_t;
+	')
+
+	dontaudit $1 isakmp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_isakmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive isakmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_isakmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_isakmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_client_packet_t;
+	')
+
+	allow $1 isakmp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_isakmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive isakmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_isakmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_isakmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_client_packet_t;
+	')
+
+	dontaudit $1 isakmp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_isakmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive isakmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_isakmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_isakmp_client_packets'($*)) dnl
+	
+	corenet_send_isakmp_client_packets($1)
+	corenet_receive_isakmp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_isakmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive isakmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_isakmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_isakmp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_isakmp_client_packets($1)
+	corenet_dontaudit_receive_isakmp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_isakmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to isakmp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_isakmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_isakmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_client_packet_t;
+	')
+
+	allow $1 isakmp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_isakmp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send isakmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_isakmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_isakmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_server_packet_t;
+	')
+
+	allow $1 isakmp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_isakmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send isakmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_isakmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_isakmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_server_packet_t;
+	')
+
+	dontaudit $1 isakmp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_isakmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive isakmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_isakmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_isakmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_server_packet_t;
+	')
+
+	allow $1 isakmp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_isakmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive isakmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_isakmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_isakmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_server_packet_t;
+	')
+
+	dontaudit $1 isakmp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_isakmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive isakmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_isakmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_isakmp_server_packets'($*)) dnl
+	
+	corenet_send_isakmp_server_packets($1)
+	corenet_receive_isakmp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_isakmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive isakmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_isakmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_isakmp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_isakmp_server_packets($1)
+	corenet_dontaudit_receive_isakmp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_isakmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to isakmp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_isakmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_isakmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isakmp_server_packet_t;
+	')
+
+	allow $1 isakmp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_isakmp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_iscsi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_iscsi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_iscsi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_iscsi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_iscsi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_iscsi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_iscsi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_iscsi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_iscsi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_iscsi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_iscsi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_iscsi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_iscsi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_iscsi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_iscsi_port'($*)) dnl
+	
+	gen_require(`
+		type iscsi_port_t;
+	')
+
+	allow $1 iscsi_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_iscsi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_iscsi_port'($*)) dnl
+	
+	gen_require(`
+		type iscsi_port_t;
+	')
+
+	allow $1 iscsi_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_iscsi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the iscsi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_iscsi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_iscsi_port'($*)) dnl
+	
+	gen_require(`
+		type iscsi_port_t;
+	')
+
+	allow $1 iscsi_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_iscsi_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send iscsi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_iscsi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_iscsi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_client_packet_t;
+	')
+
+	allow $1 iscsi_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_iscsi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send iscsi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_iscsi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_iscsi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_client_packet_t;
+	')
+
+	dontaudit $1 iscsi_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_iscsi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive iscsi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_iscsi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_iscsi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_client_packet_t;
+	')
+
+	allow $1 iscsi_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_iscsi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive iscsi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_iscsi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_iscsi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_client_packet_t;
+	')
+
+	dontaudit $1 iscsi_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_iscsi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive iscsi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_iscsi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_iscsi_client_packets'($*)) dnl
+	
+	corenet_send_iscsi_client_packets($1)
+	corenet_receive_iscsi_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_iscsi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive iscsi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_iscsi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_iscsi_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_iscsi_client_packets($1)
+	corenet_dontaudit_receive_iscsi_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_iscsi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to iscsi_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_iscsi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_iscsi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_client_packet_t;
+	')
+
+	allow $1 iscsi_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_iscsi_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send iscsi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_iscsi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_iscsi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_server_packet_t;
+	')
+
+	allow $1 iscsi_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_iscsi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send iscsi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_iscsi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_iscsi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_server_packet_t;
+	')
+
+	dontaudit $1 iscsi_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_iscsi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive iscsi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_iscsi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_iscsi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_server_packet_t;
+	')
+
+	allow $1 iscsi_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_iscsi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive iscsi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_iscsi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_iscsi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_server_packet_t;
+	')
+
+	dontaudit $1 iscsi_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_iscsi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive iscsi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_iscsi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_iscsi_server_packets'($*)) dnl
+	
+	corenet_send_iscsi_server_packets($1)
+	corenet_receive_iscsi_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_iscsi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive iscsi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_iscsi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_iscsi_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_iscsi_server_packets($1)
+	corenet_dontaudit_receive_iscsi_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_iscsi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to iscsi_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_iscsi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_iscsi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type iscsi_server_packet_t;
+	')
+
+	allow $1 iscsi_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_iscsi_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_isns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_isns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_isns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_isns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_isns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_isns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_isns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_isns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_isns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_isns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_isns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_isns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_isns_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_isns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_isns_port'($*)) dnl
+	
+	gen_require(`
+		type isns_port_t;
+	')
+
+	allow $1 isns_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_isns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_isns_port'($*)) dnl
+	
+	gen_require(`
+		type isns_port_t;
+	')
+
+	allow $1 isns_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_isns_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the isns port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_isns_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_isns_port'($*)) dnl
+	
+	gen_require(`
+		type isns_port_t;
+	')
+
+	allow $1 isns_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_isns_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send isns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_isns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_isns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_client_packet_t;
+	')
+
+	allow $1 isns_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_isns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send isns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_isns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_isns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_client_packet_t;
+	')
+
+	dontaudit $1 isns_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_isns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive isns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_isns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_isns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_client_packet_t;
+	')
+
+	allow $1 isns_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_isns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive isns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_isns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_isns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_client_packet_t;
+	')
+
+	dontaudit $1 isns_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_isns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive isns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_isns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_isns_client_packets'($*)) dnl
+	
+	corenet_send_isns_client_packets($1)
+	corenet_receive_isns_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_isns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive isns_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_isns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_isns_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_isns_client_packets($1)
+	corenet_dontaudit_receive_isns_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_isns_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to isns_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_isns_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_isns_client_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_client_packet_t;
+	')
+
+	allow $1 isns_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_isns_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send isns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_isns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_isns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_server_packet_t;
+	')
+
+	allow $1 isns_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_isns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send isns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_isns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_isns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_server_packet_t;
+	')
+
+	dontaudit $1 isns_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_isns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive isns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_isns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_isns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_server_packet_t;
+	')
+
+	allow $1 isns_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_isns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive isns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_isns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_isns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_server_packet_t;
+	')
+
+	dontaudit $1 isns_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_isns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive isns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_isns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_isns_server_packets'($*)) dnl
+	
+	corenet_send_isns_server_packets($1)
+	corenet_receive_isns_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_isns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive isns_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_isns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_isns_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_isns_server_packets($1)
+	corenet_dontaudit_receive_isns_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_isns_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to isns_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_isns_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_isns_server_packets'($*)) dnl
+	
+	gen_require(`
+		type isns_server_packet_t;
+	')
+
+	allow $1 isns_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_isns_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_jabber_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_jabber_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_jabber_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_jabber_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_jabber_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_jabber_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_jabber_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_jabber_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_jabber_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_jabber_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_jabber_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_jabber_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_jabber_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_jabber_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_jabber_client_port'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_port_t;
+	')
+
+	allow $1 jabber_client_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_jabber_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_jabber_client_port'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_port_t;
+	')
+
+	allow $1 jabber_client_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_jabber_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the jabber_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_jabber_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_jabber_client_port'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_port_t;
+	')
+
+	allow $1 jabber_client_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_jabber_client_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send jabber_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_jabber_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_jabber_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_client_packet_t;
+	')
+
+	allow $1 jabber_client_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_jabber_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send jabber_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_jabber_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_jabber_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_client_packet_t;
+	')
+
+	dontaudit $1 jabber_client_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_jabber_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive jabber_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_jabber_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_jabber_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_client_packet_t;
+	')
+
+	allow $1 jabber_client_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_jabber_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive jabber_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_jabber_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_jabber_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_client_packet_t;
+	')
+
+	dontaudit $1 jabber_client_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_jabber_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive jabber_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_jabber_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_jabber_client_client_packets'($*)) dnl
+	
+	corenet_send_jabber_client_client_packets($1)
+	corenet_receive_jabber_client_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_jabber_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive jabber_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_jabber_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_jabber_client_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_jabber_client_client_packets($1)
+	corenet_dontaudit_receive_jabber_client_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_jabber_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to jabber_client_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_jabber_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_jabber_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_client_packet_t;
+	')
+
+	allow $1 jabber_client_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_jabber_client_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send jabber_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_jabber_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_jabber_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_server_packet_t;
+	')
+
+	allow $1 jabber_client_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_jabber_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send jabber_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_jabber_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_jabber_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_server_packet_t;
+	')
+
+	dontaudit $1 jabber_client_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_jabber_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive jabber_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_jabber_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_jabber_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_server_packet_t;
+	')
+
+	allow $1 jabber_client_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_jabber_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive jabber_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_jabber_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_jabber_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_server_packet_t;
+	')
+
+	dontaudit $1 jabber_client_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_jabber_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive jabber_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_jabber_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_jabber_client_server_packets'($*)) dnl
+	
+	corenet_send_jabber_client_server_packets($1)
+	corenet_receive_jabber_client_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_jabber_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive jabber_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_jabber_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_jabber_client_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_jabber_client_server_packets($1)
+	corenet_dontaudit_receive_jabber_client_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_jabber_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to jabber_client_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_jabber_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_jabber_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_client_server_packet_t;
+	')
+
+	allow $1 jabber_client_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_jabber_client_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_jabber_interserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_jabber_interserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_jabber_interserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_jabber_interserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_jabber_interserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_jabber_interserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_jabber_interserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_jabber_interserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_jabber_interserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_jabber_interserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_jabber_interserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_jabber_interserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_jabber_interserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_jabber_interserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_jabber_interserver_port'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_port_t;
+	')
+
+	allow $1 jabber_interserver_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_jabber_interserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_jabber_interserver_port'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_port_t;
+	')
+
+	allow $1 jabber_interserver_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_jabber_interserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the jabber_interserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_jabber_interserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_jabber_interserver_port'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_port_t;
+	')
+
+	allow $1 jabber_interserver_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_jabber_interserver_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send jabber_interserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_jabber_interserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_jabber_interserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_client_packet_t;
+	')
+
+	allow $1 jabber_interserver_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_jabber_interserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send jabber_interserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_jabber_interserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_jabber_interserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_client_packet_t;
+	')
+
+	dontaudit $1 jabber_interserver_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_jabber_interserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive jabber_interserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_jabber_interserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_jabber_interserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_client_packet_t;
+	')
+
+	allow $1 jabber_interserver_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_jabber_interserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive jabber_interserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_jabber_interserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_jabber_interserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_client_packet_t;
+	')
+
+	dontaudit $1 jabber_interserver_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_jabber_interserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive jabber_interserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_jabber_interserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_jabber_interserver_client_packets'($*)) dnl
+	
+	corenet_send_jabber_interserver_client_packets($1)
+	corenet_receive_jabber_interserver_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_jabber_interserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive jabber_interserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_jabber_interserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_jabber_interserver_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_jabber_interserver_client_packets($1)
+	corenet_dontaudit_receive_jabber_interserver_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_jabber_interserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to jabber_interserver_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_jabber_interserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_jabber_interserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_client_packet_t;
+	')
+
+	allow $1 jabber_interserver_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_jabber_interserver_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send jabber_interserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_jabber_interserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_jabber_interserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_server_packet_t;
+	')
+
+	allow $1 jabber_interserver_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_jabber_interserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send jabber_interserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_jabber_interserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_jabber_interserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_server_packet_t;
+	')
+
+	dontaudit $1 jabber_interserver_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_jabber_interserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive jabber_interserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_jabber_interserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_jabber_interserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_server_packet_t;
+	')
+
+	allow $1 jabber_interserver_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_jabber_interserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive jabber_interserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_jabber_interserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_jabber_interserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_server_packet_t;
+	')
+
+	dontaudit $1 jabber_interserver_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_jabber_interserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive jabber_interserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_jabber_interserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_jabber_interserver_server_packets'($*)) dnl
+	
+	corenet_send_jabber_interserver_server_packets($1)
+	corenet_receive_jabber_interserver_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_jabber_interserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive jabber_interserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_jabber_interserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_jabber_interserver_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_jabber_interserver_server_packets($1)
+	corenet_dontaudit_receive_jabber_interserver_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_jabber_interserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to jabber_interserver_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_jabber_interserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_jabber_interserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jabber_interserver_server_packet_t;
+	')
+
+	allow $1 jabber_interserver_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_jabber_interserver_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_jboss_iiop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_jboss_iiop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_jboss_iiop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_jboss_iiop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_jboss_iiop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_jboss_iiop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_jboss_iiop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_jboss_iiop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_jboss_iiop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_jboss_iiop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_jboss_iiop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_jboss_iiop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_jboss_iiop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_jboss_iiop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_jboss_iiop_port'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_port_t;
+	')
+
+	allow $1 jboss_iiop_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_jboss_iiop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_jboss_iiop_port'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_port_t;
+	')
+
+	allow $1 jboss_iiop_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_jboss_iiop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the jboss_iiop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_jboss_iiop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_jboss_iiop_port'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_port_t;
+	')
+
+	allow $1 jboss_iiop_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_jboss_iiop_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send jboss_iiop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_jboss_iiop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_jboss_iiop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_client_packet_t;
+	')
+
+	allow $1 jboss_iiop_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_jboss_iiop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send jboss_iiop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_jboss_iiop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_jboss_iiop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_client_packet_t;
+	')
+
+	dontaudit $1 jboss_iiop_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_jboss_iiop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive jboss_iiop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_jboss_iiop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_jboss_iiop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_client_packet_t;
+	')
+
+	allow $1 jboss_iiop_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_jboss_iiop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive jboss_iiop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_jboss_iiop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_jboss_iiop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_client_packet_t;
+	')
+
+	dontaudit $1 jboss_iiop_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_jboss_iiop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive jboss_iiop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_jboss_iiop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_jboss_iiop_client_packets'($*)) dnl
+	
+	corenet_send_jboss_iiop_client_packets($1)
+	corenet_receive_jboss_iiop_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_jboss_iiop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive jboss_iiop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_jboss_iiop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_jboss_iiop_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_jboss_iiop_client_packets($1)
+	corenet_dontaudit_receive_jboss_iiop_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_jboss_iiop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to jboss_iiop_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_jboss_iiop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_jboss_iiop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_client_packet_t;
+	')
+
+	allow $1 jboss_iiop_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_jboss_iiop_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send jboss_iiop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_jboss_iiop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_jboss_iiop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_server_packet_t;
+	')
+
+	allow $1 jboss_iiop_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_jboss_iiop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send jboss_iiop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_jboss_iiop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_jboss_iiop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_server_packet_t;
+	')
+
+	dontaudit $1 jboss_iiop_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_jboss_iiop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive jboss_iiop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_jboss_iiop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_jboss_iiop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_server_packet_t;
+	')
+
+	allow $1 jboss_iiop_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_jboss_iiop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive jboss_iiop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_jboss_iiop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_jboss_iiop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_server_packet_t;
+	')
+
+	dontaudit $1 jboss_iiop_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_jboss_iiop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive jboss_iiop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_jboss_iiop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_jboss_iiop_server_packets'($*)) dnl
+	
+	corenet_send_jboss_iiop_server_packets($1)
+	corenet_receive_jboss_iiop_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_jboss_iiop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive jboss_iiop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_jboss_iiop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_jboss_iiop_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_jboss_iiop_server_packets($1)
+	corenet_dontaudit_receive_jboss_iiop_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_jboss_iiop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to jboss_iiop_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_jboss_iiop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_jboss_iiop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type jboss_iiop_server_packet_t;
+	')
+
+	allow $1 jboss_iiop_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_jboss_iiop_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_kerberos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_kerberos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_kerberos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_kerberos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_kerberos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_kerberos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_kerberos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_kerberos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_kerberos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_kerberos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_kerberos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_kerberos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_kerberos_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_kerberos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_kerberos_port'($*)) dnl
+	
+	gen_require(`
+		type kerberos_port_t;
+	')
+
+	allow $1 kerberos_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_kerberos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_kerberos_port'($*)) dnl
+	
+	gen_require(`
+		type kerberos_port_t;
+	')
+
+	allow $1 kerberos_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_kerberos_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the kerberos port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_kerberos_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_kerberos_port'($*)) dnl
+	
+	gen_require(`
+		type kerberos_port_t;
+	')
+
+	allow $1 kerberos_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_kerberos_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kerberos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kerberos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kerberos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_client_packet_t;
+	')
+
+	allow $1 kerberos_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kerberos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kerberos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kerberos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kerberos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_client_packet_t;
+	')
+
+	dontaudit $1 kerberos_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kerberos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kerberos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kerberos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kerberos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_client_packet_t;
+	')
+
+	allow $1 kerberos_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kerberos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kerberos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kerberos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kerberos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_client_packet_t;
+	')
+
+	dontaudit $1 kerberos_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kerberos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kerberos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kerberos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kerberos_client_packets'($*)) dnl
+	
+	corenet_send_kerberos_client_packets($1)
+	corenet_receive_kerberos_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kerberos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kerberos_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kerberos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kerberos_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kerberos_client_packets($1)
+	corenet_dontaudit_receive_kerberos_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kerberos_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kerberos_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kerberos_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kerberos_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_client_packet_t;
+	')
+
+	allow $1 kerberos_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kerberos_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kerberos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kerberos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kerberos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_server_packet_t;
+	')
+
+	allow $1 kerberos_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kerberos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kerberos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kerberos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kerberos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_server_packet_t;
+	')
+
+	dontaudit $1 kerberos_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kerberos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kerberos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kerberos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kerberos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_server_packet_t;
+	')
+
+	allow $1 kerberos_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kerberos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kerberos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kerberos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kerberos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_server_packet_t;
+	')
+
+	dontaudit $1 kerberos_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kerberos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kerberos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kerberos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kerberos_server_packets'($*)) dnl
+	
+	corenet_send_kerberos_server_packets($1)
+	corenet_receive_kerberos_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kerberos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kerberos_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kerberos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kerberos_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kerberos_server_packets($1)
+	corenet_dontaudit_receive_kerberos_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kerberos_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kerberos_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kerberos_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kerberos_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_server_packet_t;
+	')
+
+	allow $1 kerberos_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kerberos_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_kerberos_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_kerberos_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_kerberos_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_kerberos_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_kerberos_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_kerberos_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_kerberos_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_kerberos_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_kerberos_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_kerberos_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_kerberos_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_kerberos_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_kerberos_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_kerberos_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_kerberos_admin_port'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_port_t;
+	')
+
+	allow $1 kerberos_admin_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_kerberos_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_kerberos_admin_port'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_port_t;
+	')
+
+	allow $1 kerberos_admin_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_kerberos_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the kerberos_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_kerberos_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_kerberos_admin_port'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_port_t;
+	')
+
+	allow $1 kerberos_admin_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_kerberos_admin_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kerberos_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kerberos_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kerberos_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_client_packet_t;
+	')
+
+	allow $1 kerberos_admin_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kerberos_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kerberos_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kerberos_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kerberos_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_client_packet_t;
+	')
+
+	dontaudit $1 kerberos_admin_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kerberos_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kerberos_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kerberos_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kerberos_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_client_packet_t;
+	')
+
+	allow $1 kerberos_admin_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kerberos_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kerberos_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kerberos_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kerberos_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_client_packet_t;
+	')
+
+	dontaudit $1 kerberos_admin_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kerberos_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kerberos_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kerberos_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kerberos_admin_client_packets'($*)) dnl
+	
+	corenet_send_kerberos_admin_client_packets($1)
+	corenet_receive_kerberos_admin_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kerberos_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kerberos_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kerberos_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kerberos_admin_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kerberos_admin_client_packets($1)
+	corenet_dontaudit_receive_kerberos_admin_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kerberos_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kerberos_admin_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kerberos_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kerberos_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_client_packet_t;
+	')
+
+	allow $1 kerberos_admin_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kerberos_admin_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kerberos_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kerberos_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kerberos_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_server_packet_t;
+	')
+
+	allow $1 kerberos_admin_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kerberos_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kerberos_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kerberos_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kerberos_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_server_packet_t;
+	')
+
+	dontaudit $1 kerberos_admin_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kerberos_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kerberos_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kerberos_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kerberos_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_server_packet_t;
+	')
+
+	allow $1 kerberos_admin_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kerberos_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kerberos_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kerberos_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kerberos_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_server_packet_t;
+	')
+
+	dontaudit $1 kerberos_admin_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kerberos_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kerberos_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kerberos_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kerberos_admin_server_packets'($*)) dnl
+	
+	corenet_send_kerberos_admin_server_packets($1)
+	corenet_receive_kerberos_admin_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kerberos_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kerberos_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kerberos_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kerberos_admin_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kerberos_admin_server_packets($1)
+	corenet_dontaudit_receive_kerberos_admin_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kerberos_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kerberos_admin_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kerberos_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kerberos_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_admin_server_packet_t;
+	')
+
+	allow $1 kerberos_admin_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kerberos_admin_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_kerberos_master_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_kerberos_master_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_kerberos_master_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_kerberos_master_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_kerberos_master_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_kerberos_master_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_kerberos_master_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_kerberos_master_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_kerberos_master_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_kerberos_master_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_kerberos_master_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_kerberos_master_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_kerberos_master_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_kerberos_master_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_kerberos_master_port'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_port_t;
+	')
+
+	allow $1 kerberos_master_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_kerberos_master_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_kerberos_master_port'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_port_t;
+	')
+
+	allow $1 kerberos_master_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_kerberos_master_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the kerberos_master port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_kerberos_master_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_kerberos_master_port'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_port_t;
+	')
+
+	allow $1 kerberos_master_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_kerberos_master_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kerberos_master_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kerberos_master_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kerberos_master_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_client_packet_t;
+	')
+
+	allow $1 kerberos_master_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kerberos_master_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kerberos_master_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kerberos_master_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kerberos_master_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_client_packet_t;
+	')
+
+	dontaudit $1 kerberos_master_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kerberos_master_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kerberos_master_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kerberos_master_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kerberos_master_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_client_packet_t;
+	')
+
+	allow $1 kerberos_master_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kerberos_master_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kerberos_master_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kerberos_master_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kerberos_master_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_client_packet_t;
+	')
+
+	dontaudit $1 kerberos_master_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kerberos_master_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kerberos_master_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kerberos_master_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kerberos_master_client_packets'($*)) dnl
+	
+	corenet_send_kerberos_master_client_packets($1)
+	corenet_receive_kerberos_master_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kerberos_master_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kerberos_master_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kerberos_master_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kerberos_master_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kerberos_master_client_packets($1)
+	corenet_dontaudit_receive_kerberos_master_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kerberos_master_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kerberos_master_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kerberos_master_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kerberos_master_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_client_packet_t;
+	')
+
+	allow $1 kerberos_master_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kerberos_master_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kerberos_master_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kerberos_master_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kerberos_master_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_server_packet_t;
+	')
+
+	allow $1 kerberos_master_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kerberos_master_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kerberos_master_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kerberos_master_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kerberos_master_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_server_packet_t;
+	')
+
+	dontaudit $1 kerberos_master_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kerberos_master_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kerberos_master_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kerberos_master_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kerberos_master_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_server_packet_t;
+	')
+
+	allow $1 kerberos_master_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kerberos_master_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kerberos_master_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kerberos_master_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kerberos_master_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_server_packet_t;
+	')
+
+	dontaudit $1 kerberos_master_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kerberos_master_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kerberos_master_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kerberos_master_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kerberos_master_server_packets'($*)) dnl
+	
+	corenet_send_kerberos_master_server_packets($1)
+	corenet_receive_kerberos_master_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kerberos_master_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kerberos_master_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kerberos_master_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kerberos_master_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kerberos_master_server_packets($1)
+	corenet_dontaudit_receive_kerberos_master_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kerberos_master_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kerberos_master_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kerberos_master_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kerberos_master_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kerberos_master_server_packet_t;
+	')
+
+	allow $1 kerberos_master_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kerberos_master_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_kismet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_kismet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_kismet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_kismet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_kismet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_kismet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_kismet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_kismet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_kismet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_kismet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_kismet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_kismet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_kismet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_kismet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_kismet_port'($*)) dnl
+	
+	gen_require(`
+		type kismet_port_t;
+	')
+
+	allow $1 kismet_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_kismet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_kismet_port'($*)) dnl
+	
+	gen_require(`
+		type kismet_port_t;
+	')
+
+	allow $1 kismet_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_kismet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the kismet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_kismet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_kismet_port'($*)) dnl
+	
+	gen_require(`
+		type kismet_port_t;
+	')
+
+	allow $1 kismet_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_kismet_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kismet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kismet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kismet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_client_packet_t;
+	')
+
+	allow $1 kismet_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kismet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kismet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kismet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kismet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_client_packet_t;
+	')
+
+	dontaudit $1 kismet_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kismet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kismet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kismet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kismet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_client_packet_t;
+	')
+
+	allow $1 kismet_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kismet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kismet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kismet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kismet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_client_packet_t;
+	')
+
+	dontaudit $1 kismet_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kismet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kismet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kismet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kismet_client_packets'($*)) dnl
+	
+	corenet_send_kismet_client_packets($1)
+	corenet_receive_kismet_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kismet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kismet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kismet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kismet_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kismet_client_packets($1)
+	corenet_dontaudit_receive_kismet_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kismet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kismet_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kismet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kismet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_client_packet_t;
+	')
+
+	allow $1 kismet_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kismet_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kismet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kismet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kismet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_server_packet_t;
+	')
+
+	allow $1 kismet_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kismet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kismet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kismet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kismet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_server_packet_t;
+	')
+
+	dontaudit $1 kismet_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kismet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kismet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kismet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kismet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_server_packet_t;
+	')
+
+	allow $1 kismet_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kismet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kismet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kismet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kismet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_server_packet_t;
+	')
+
+	dontaudit $1 kismet_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kismet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kismet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kismet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kismet_server_packets'($*)) dnl
+	
+	corenet_send_kismet_server_packets($1)
+	corenet_receive_kismet_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kismet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kismet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kismet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kismet_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kismet_server_packets($1)
+	corenet_dontaudit_receive_kismet_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kismet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kismet_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kismet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kismet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kismet_server_packet_t;
+	')
+
+	allow $1 kismet_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kismet_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_kdeconnect_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_kdeconnect_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_kdeconnect_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_kdeconnect_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_kdeconnect_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_kdeconnect_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_kdeconnect_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_kdeconnect_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_kdeconnect_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_kdeconnect_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_kdeconnect_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_kdeconnect_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_kdeconnect_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_kdeconnect_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_kdeconnect_port'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_port_t;
+	')
+
+	allow $1 kdeconnect_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_kdeconnect_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_kdeconnect_port'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_port_t;
+	')
+
+	allow $1 kdeconnect_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_kdeconnect_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the kdeconnect port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_kdeconnect_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_kdeconnect_port'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_port_t;
+	')
+
+	allow $1 kdeconnect_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_kdeconnect_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kdeconnect_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kdeconnect_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kdeconnect_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_client_packet_t;
+	')
+
+	allow $1 kdeconnect_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kdeconnect_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kdeconnect_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kdeconnect_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kdeconnect_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_client_packet_t;
+	')
+
+	dontaudit $1 kdeconnect_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kdeconnect_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kdeconnect_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kdeconnect_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kdeconnect_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_client_packet_t;
+	')
+
+	allow $1 kdeconnect_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kdeconnect_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kdeconnect_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kdeconnect_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kdeconnect_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_client_packet_t;
+	')
+
+	dontaudit $1 kdeconnect_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kdeconnect_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kdeconnect_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kdeconnect_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kdeconnect_client_packets'($*)) dnl
+	
+	corenet_send_kdeconnect_client_packets($1)
+	corenet_receive_kdeconnect_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kdeconnect_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kdeconnect_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kdeconnect_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kdeconnect_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kdeconnect_client_packets($1)
+	corenet_dontaudit_receive_kdeconnect_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kdeconnect_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kdeconnect_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kdeconnect_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kdeconnect_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_client_packet_t;
+	')
+
+	allow $1 kdeconnect_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kdeconnect_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kdeconnect_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kdeconnect_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kdeconnect_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_server_packet_t;
+	')
+
+	allow $1 kdeconnect_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kdeconnect_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kdeconnect_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kdeconnect_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kdeconnect_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_server_packet_t;
+	')
+
+	dontaudit $1 kdeconnect_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kdeconnect_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kdeconnect_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kdeconnect_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kdeconnect_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_server_packet_t;
+	')
+
+	allow $1 kdeconnect_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kdeconnect_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kdeconnect_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kdeconnect_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kdeconnect_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_server_packet_t;
+	')
+
+	dontaudit $1 kdeconnect_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kdeconnect_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kdeconnect_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kdeconnect_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kdeconnect_server_packets'($*)) dnl
+	
+	corenet_send_kdeconnect_server_packets($1)
+	corenet_receive_kdeconnect_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kdeconnect_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kdeconnect_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kdeconnect_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kdeconnect_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kdeconnect_server_packets($1)
+	corenet_dontaudit_receive_kdeconnect_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kdeconnect_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kdeconnect_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kdeconnect_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kdeconnect_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kdeconnect_server_packet_t;
+	')
+
+	allow $1 kdeconnect_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kdeconnect_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_kprop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_kprop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_kprop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_kprop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_kprop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_kprop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_kprop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_kprop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_kprop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_kprop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_kprop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_kprop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_kprop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_kprop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_kprop_port'($*)) dnl
+	
+	gen_require(`
+		type kprop_port_t;
+	')
+
+	allow $1 kprop_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_kprop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_kprop_port'($*)) dnl
+	
+	gen_require(`
+		type kprop_port_t;
+	')
+
+	allow $1 kprop_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_kprop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the kprop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_kprop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_kprop_port'($*)) dnl
+	
+	gen_require(`
+		type kprop_port_t;
+	')
+
+	allow $1 kprop_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_kprop_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kprop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kprop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kprop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_client_packet_t;
+	')
+
+	allow $1 kprop_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kprop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kprop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kprop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kprop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_client_packet_t;
+	')
+
+	dontaudit $1 kprop_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kprop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kprop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kprop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kprop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_client_packet_t;
+	')
+
+	allow $1 kprop_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kprop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kprop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kprop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kprop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_client_packet_t;
+	')
+
+	dontaudit $1 kprop_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kprop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kprop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kprop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kprop_client_packets'($*)) dnl
+	
+	corenet_send_kprop_client_packets($1)
+	corenet_receive_kprop_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kprop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kprop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kprop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kprop_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kprop_client_packets($1)
+	corenet_dontaudit_receive_kprop_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kprop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kprop_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kprop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kprop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_client_packet_t;
+	')
+
+	allow $1 kprop_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kprop_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send kprop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_kprop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_kprop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_server_packet_t;
+	')
+
+	allow $1 kprop_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_kprop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kprop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_kprop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_kprop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_server_packet_t;
+	')
+
+	dontaudit $1 kprop_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_kprop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive kprop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_kprop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_kprop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_server_packet_t;
+	')
+
+	allow $1 kprop_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_kprop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive kprop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_kprop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_kprop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_server_packet_t;
+	')
+
+	dontaudit $1 kprop_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_kprop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive kprop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_kprop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_kprop_server_packets'($*)) dnl
+	
+	corenet_send_kprop_server_packets($1)
+	corenet_receive_kprop_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_kprop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive kprop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_kprop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_kprop_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_kprop_server_packets($1)
+	corenet_dontaudit_receive_kprop_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_kprop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to kprop_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_kprop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_kprop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type kprop_server_packet_t;
+	')
+
+	allow $1 kprop_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_kprop_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ktalkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ktalkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ktalkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ktalkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ktalkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ktalkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ktalkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ktalkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ktalkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ktalkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ktalkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ktalkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ktalkd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ktalkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ktalkd_port'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_port_t;
+	')
+
+	allow $1 ktalkd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ktalkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ktalkd_port'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_port_t;
+	')
+
+	allow $1 ktalkd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ktalkd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ktalkd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ktalkd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ktalkd_port'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_port_t;
+	')
+
+	allow $1 ktalkd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ktalkd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ktalkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ktalkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ktalkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_client_packet_t;
+	')
+
+	allow $1 ktalkd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ktalkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ktalkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ktalkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ktalkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_client_packet_t;
+	')
+
+	dontaudit $1 ktalkd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ktalkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ktalkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ktalkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ktalkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_client_packet_t;
+	')
+
+	allow $1 ktalkd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ktalkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ktalkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ktalkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ktalkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_client_packet_t;
+	')
+
+	dontaudit $1 ktalkd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ktalkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ktalkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ktalkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ktalkd_client_packets'($*)) dnl
+	
+	corenet_send_ktalkd_client_packets($1)
+	corenet_receive_ktalkd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ktalkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ktalkd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ktalkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ktalkd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ktalkd_client_packets($1)
+	corenet_dontaudit_receive_ktalkd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ktalkd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ktalkd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ktalkd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ktalkd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_client_packet_t;
+	')
+
+	allow $1 ktalkd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ktalkd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ktalkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ktalkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ktalkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_server_packet_t;
+	')
+
+	allow $1 ktalkd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ktalkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ktalkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ktalkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ktalkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_server_packet_t;
+	')
+
+	dontaudit $1 ktalkd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ktalkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ktalkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ktalkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ktalkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_server_packet_t;
+	')
+
+	allow $1 ktalkd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ktalkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ktalkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ktalkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ktalkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_server_packet_t;
+	')
+
+	dontaudit $1 ktalkd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ktalkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ktalkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ktalkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ktalkd_server_packets'($*)) dnl
+	
+	corenet_send_ktalkd_server_packets($1)
+	corenet_receive_ktalkd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ktalkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ktalkd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ktalkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ktalkd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ktalkd_server_packets($1)
+	corenet_dontaudit_receive_ktalkd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ktalkd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ktalkd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ktalkd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ktalkd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ktalkd_server_packet_t;
+	')
+
+	allow $1 ktalkd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ktalkd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_l2tp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_l2tp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_l2tp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_l2tp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_l2tp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_l2tp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_l2tp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_l2tp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_l2tp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_l2tp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_l2tp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_l2tp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_l2tp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_l2tp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_l2tp_port'($*)) dnl
+	
+	gen_require(`
+		type l2tp_port_t;
+	')
+
+	allow $1 l2tp_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_l2tp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_l2tp_port'($*)) dnl
+	
+	gen_require(`
+		type l2tp_port_t;
+	')
+
+	allow $1 l2tp_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_l2tp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the l2tp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_l2tp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_l2tp_port'($*)) dnl
+	
+	gen_require(`
+		type l2tp_port_t;
+	')
+
+	allow $1 l2tp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_l2tp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send l2tp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_l2tp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_l2tp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_client_packet_t;
+	')
+
+	allow $1 l2tp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_l2tp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send l2tp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_l2tp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_l2tp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_client_packet_t;
+	')
+
+	dontaudit $1 l2tp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_l2tp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive l2tp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_l2tp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_l2tp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_client_packet_t;
+	')
+
+	allow $1 l2tp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_l2tp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive l2tp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_l2tp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_l2tp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_client_packet_t;
+	')
+
+	dontaudit $1 l2tp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_l2tp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive l2tp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_l2tp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_l2tp_client_packets'($*)) dnl
+	
+	corenet_send_l2tp_client_packets($1)
+	corenet_receive_l2tp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_l2tp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive l2tp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_l2tp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_l2tp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_l2tp_client_packets($1)
+	corenet_dontaudit_receive_l2tp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_l2tp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to l2tp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_l2tp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_l2tp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_client_packet_t;
+	')
+
+	allow $1 l2tp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_l2tp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send l2tp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_l2tp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_l2tp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_server_packet_t;
+	')
+
+	allow $1 l2tp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_l2tp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send l2tp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_l2tp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_l2tp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_server_packet_t;
+	')
+
+	dontaudit $1 l2tp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_l2tp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive l2tp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_l2tp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_l2tp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_server_packet_t;
+	')
+
+	allow $1 l2tp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_l2tp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive l2tp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_l2tp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_l2tp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_server_packet_t;
+	')
+
+	dontaudit $1 l2tp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_l2tp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive l2tp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_l2tp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_l2tp_server_packets'($*)) dnl
+	
+	corenet_send_l2tp_server_packets($1)
+	corenet_receive_l2tp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_l2tp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive l2tp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_l2tp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_l2tp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_l2tp_server_packets($1)
+	corenet_dontaudit_receive_l2tp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_l2tp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to l2tp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_l2tp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_l2tp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type l2tp_server_packet_t;
+	')
+
+	allow $1 l2tp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_l2tp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ldap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ldap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ldap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ldap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ldap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ldap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ldap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ldap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ldap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ldap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ldap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ldap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ldap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ldap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ldap_port'($*)) dnl
+	
+	gen_require(`
+		type ldap_port_t;
+	')
+
+	allow $1 ldap_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ldap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ldap_port'($*)) dnl
+	
+	gen_require(`
+		type ldap_port_t;
+	')
+
+	allow $1 ldap_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ldap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ldap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ldap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ldap_port'($*)) dnl
+	
+	gen_require(`
+		type ldap_port_t;
+	')
+
+	allow $1 ldap_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ldap_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ldap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ldap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ldap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_client_packet_t;
+	')
+
+	allow $1 ldap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ldap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ldap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ldap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ldap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_client_packet_t;
+	')
+
+	dontaudit $1 ldap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ldap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ldap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ldap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ldap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_client_packet_t;
+	')
+
+	allow $1 ldap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ldap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ldap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ldap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ldap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_client_packet_t;
+	')
+
+	dontaudit $1 ldap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ldap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ldap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ldap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ldap_client_packets'($*)) dnl
+	
+	corenet_send_ldap_client_packets($1)
+	corenet_receive_ldap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ldap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ldap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ldap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ldap_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ldap_client_packets($1)
+	corenet_dontaudit_receive_ldap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ldap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ldap_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ldap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ldap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_client_packet_t;
+	')
+
+	allow $1 ldap_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ldap_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ldap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ldap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ldap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_server_packet_t;
+	')
+
+	allow $1 ldap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ldap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ldap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ldap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ldap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_server_packet_t;
+	')
+
+	dontaudit $1 ldap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ldap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ldap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ldap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ldap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_server_packet_t;
+	')
+
+	allow $1 ldap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ldap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ldap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ldap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ldap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_server_packet_t;
+	')
+
+	dontaudit $1 ldap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ldap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ldap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ldap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ldap_server_packets'($*)) dnl
+	
+	corenet_send_ldap_server_packets($1)
+	corenet_receive_ldap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ldap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ldap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ldap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ldap_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ldap_server_packets($1)
+	corenet_dontaudit_receive_ldap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ldap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ldap_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ldap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ldap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ldap_server_packet_t;
+	')
+
+	allow $1 ldap_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ldap_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_lirc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_lirc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_lirc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_lirc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_lirc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_lirc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_lirc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_lirc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_lirc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_lirc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_lirc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_lirc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_lirc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_lirc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_lirc_port'($*)) dnl
+	
+	gen_require(`
+		type lirc_port_t;
+	')
+
+	allow $1 lirc_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_lirc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_lirc_port'($*)) dnl
+	
+	gen_require(`
+		type lirc_port_t;
+	')
+
+	allow $1 lirc_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_lirc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the lirc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_lirc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_lirc_port'($*)) dnl
+	
+	gen_require(`
+		type lirc_port_t;
+	')
+
+	allow $1 lirc_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_lirc_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send lirc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_lirc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_lirc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_client_packet_t;
+	')
+
+	allow $1 lirc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_lirc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send lirc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_lirc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_lirc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_client_packet_t;
+	')
+
+	dontaudit $1 lirc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_lirc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive lirc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_lirc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_lirc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_client_packet_t;
+	')
+
+	allow $1 lirc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_lirc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive lirc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_lirc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_lirc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_client_packet_t;
+	')
+
+	dontaudit $1 lirc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_lirc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive lirc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_lirc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_lirc_client_packets'($*)) dnl
+	
+	corenet_send_lirc_client_packets($1)
+	corenet_receive_lirc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_lirc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive lirc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_lirc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_lirc_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_lirc_client_packets($1)
+	corenet_dontaudit_receive_lirc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_lirc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to lirc_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_lirc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_lirc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_client_packet_t;
+	')
+
+	allow $1 lirc_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_lirc_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send lirc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_lirc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_lirc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_server_packet_t;
+	')
+
+	allow $1 lirc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_lirc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send lirc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_lirc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_lirc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_server_packet_t;
+	')
+
+	dontaudit $1 lirc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_lirc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive lirc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_lirc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_lirc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_server_packet_t;
+	')
+
+	allow $1 lirc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_lirc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive lirc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_lirc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_lirc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_server_packet_t;
+	')
+
+	dontaudit $1 lirc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_lirc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive lirc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_lirc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_lirc_server_packets'($*)) dnl
+	
+	corenet_send_lirc_server_packets($1)
+	corenet_receive_lirc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_lirc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive lirc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_lirc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_lirc_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_lirc_server_packets($1)
+	corenet_dontaudit_receive_lirc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_lirc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to lirc_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_lirc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_lirc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lirc_server_packet_t;
+	')
+
+	allow $1 lirc_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_lirc_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_llmnr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_llmnr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_llmnr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_llmnr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_llmnr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_llmnr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_llmnr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_llmnr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_llmnr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_llmnr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_llmnr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_llmnr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_llmnr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_llmnr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_llmnr_port'($*)) dnl
+	
+	gen_require(`
+		type llmnr_port_t;
+	')
+
+	allow $1 llmnr_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_llmnr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_llmnr_port'($*)) dnl
+	
+	gen_require(`
+		type llmnr_port_t;
+	')
+
+	allow $1 llmnr_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_llmnr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the llmnr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_llmnr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_llmnr_port'($*)) dnl
+	
+	gen_require(`
+		type llmnr_port_t;
+	')
+
+	allow $1 llmnr_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_llmnr_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send llmnr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_llmnr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_llmnr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_client_packet_t;
+	')
+
+	allow $1 llmnr_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_llmnr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send llmnr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_llmnr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_llmnr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_client_packet_t;
+	')
+
+	dontaudit $1 llmnr_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_llmnr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive llmnr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_llmnr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_llmnr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_client_packet_t;
+	')
+
+	allow $1 llmnr_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_llmnr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive llmnr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_llmnr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_llmnr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_client_packet_t;
+	')
+
+	dontaudit $1 llmnr_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_llmnr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive llmnr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_llmnr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_llmnr_client_packets'($*)) dnl
+	
+	corenet_send_llmnr_client_packets($1)
+	corenet_receive_llmnr_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_llmnr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive llmnr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_llmnr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_llmnr_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_llmnr_client_packets($1)
+	corenet_dontaudit_receive_llmnr_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_llmnr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to llmnr_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_llmnr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_llmnr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_client_packet_t;
+	')
+
+	allow $1 llmnr_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_llmnr_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send llmnr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_llmnr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_llmnr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_server_packet_t;
+	')
+
+	allow $1 llmnr_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_llmnr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send llmnr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_llmnr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_llmnr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_server_packet_t;
+	')
+
+	dontaudit $1 llmnr_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_llmnr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive llmnr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_llmnr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_llmnr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_server_packet_t;
+	')
+
+	allow $1 llmnr_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_llmnr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive llmnr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_llmnr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_llmnr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_server_packet_t;
+	')
+
+	dontaudit $1 llmnr_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_llmnr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive llmnr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_llmnr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_llmnr_server_packets'($*)) dnl
+	
+	corenet_send_llmnr_server_packets($1)
+	corenet_receive_llmnr_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_llmnr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive llmnr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_llmnr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_llmnr_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_llmnr_server_packets($1)
+	corenet_dontaudit_receive_llmnr_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_llmnr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to llmnr_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_llmnr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_llmnr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type llmnr_server_packet_t;
+	')
+
+	allow $1 llmnr_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_llmnr_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_lmtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_lmtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_lmtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_lmtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_lmtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_lmtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_lmtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_lmtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_lmtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_lmtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_lmtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_lmtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_lmtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_lmtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_lmtp_port'($*)) dnl
+	
+	gen_require(`
+		type lmtp_port_t;
+	')
+
+	allow $1 lmtp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_lmtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_lmtp_port'($*)) dnl
+	
+	gen_require(`
+		type lmtp_port_t;
+	')
+
+	allow $1 lmtp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_lmtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the lmtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_lmtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_lmtp_port'($*)) dnl
+	
+	gen_require(`
+		type lmtp_port_t;
+	')
+
+	allow $1 lmtp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_lmtp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send lmtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_lmtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_lmtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_client_packet_t;
+	')
+
+	allow $1 lmtp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_lmtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send lmtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_lmtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_lmtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_client_packet_t;
+	')
+
+	dontaudit $1 lmtp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_lmtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive lmtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_lmtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_lmtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_client_packet_t;
+	')
+
+	allow $1 lmtp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_lmtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive lmtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_lmtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_lmtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_client_packet_t;
+	')
+
+	dontaudit $1 lmtp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_lmtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive lmtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_lmtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_lmtp_client_packets'($*)) dnl
+	
+	corenet_send_lmtp_client_packets($1)
+	corenet_receive_lmtp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_lmtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive lmtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_lmtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_lmtp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_lmtp_client_packets($1)
+	corenet_dontaudit_receive_lmtp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_lmtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to lmtp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_lmtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_lmtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_client_packet_t;
+	')
+
+	allow $1 lmtp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_lmtp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send lmtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_lmtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_lmtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_server_packet_t;
+	')
+
+	allow $1 lmtp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_lmtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send lmtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_lmtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_lmtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_server_packet_t;
+	')
+
+	dontaudit $1 lmtp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_lmtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive lmtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_lmtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_lmtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_server_packet_t;
+	')
+
+	allow $1 lmtp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_lmtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive lmtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_lmtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_lmtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_server_packet_t;
+	')
+
+	dontaudit $1 lmtp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_lmtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive lmtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_lmtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_lmtp_server_packets'($*)) dnl
+	
+	corenet_send_lmtp_server_packets($1)
+	corenet_receive_lmtp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_lmtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive lmtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_lmtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_lmtp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_lmtp_server_packets($1)
+	corenet_dontaudit_receive_lmtp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_lmtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to lmtp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_lmtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_lmtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lmtp_server_packet_t;
+	')
+
+	allow $1 lmtp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_lmtp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_lrrd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_lrrd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_lrrd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_lrrd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_lrrd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_lrrd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_lrrd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_lrrd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_lrrd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_lrrd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_lrrd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_lrrd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_lrrd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_lrrd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_lrrd_port'($*)) dnl
+	
+	gen_require(`
+		type lrrd_port_t;
+	')
+
+	allow $1 lrrd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_lrrd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_lrrd_port'($*)) dnl
+	
+	gen_require(`
+		type lrrd_port_t;
+	')
+
+	allow $1 lrrd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_lrrd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the lrrd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_lrrd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_lrrd_port'($*)) dnl
+	
+	gen_require(`
+		type lrrd_port_t;
+	')
+
+	allow $1 lrrd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_lrrd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send lrrd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_lrrd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_lrrd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_client_packet_t;
+	')
+
+	allow $1 lrrd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_lrrd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send lrrd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_lrrd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_lrrd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_client_packet_t;
+	')
+
+	dontaudit $1 lrrd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_lrrd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive lrrd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_lrrd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_lrrd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_client_packet_t;
+	')
+
+	allow $1 lrrd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_lrrd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive lrrd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_lrrd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_lrrd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_client_packet_t;
+	')
+
+	dontaudit $1 lrrd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_lrrd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive lrrd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_lrrd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_lrrd_client_packets'($*)) dnl
+	
+	corenet_send_lrrd_client_packets($1)
+	corenet_receive_lrrd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_lrrd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive lrrd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_lrrd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_lrrd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_lrrd_client_packets($1)
+	corenet_dontaudit_receive_lrrd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_lrrd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to lrrd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_lrrd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_lrrd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_client_packet_t;
+	')
+
+	allow $1 lrrd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_lrrd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send lrrd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_lrrd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_lrrd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_server_packet_t;
+	')
+
+	allow $1 lrrd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_lrrd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send lrrd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_lrrd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_lrrd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_server_packet_t;
+	')
+
+	dontaudit $1 lrrd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_lrrd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive lrrd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_lrrd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_lrrd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_server_packet_t;
+	')
+
+	allow $1 lrrd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_lrrd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive lrrd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_lrrd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_lrrd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_server_packet_t;
+	')
+
+	dontaudit $1 lrrd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_lrrd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive lrrd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_lrrd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_lrrd_server_packets'($*)) dnl
+	
+	corenet_send_lrrd_server_packets($1)
+	corenet_receive_lrrd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_lrrd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive lrrd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_lrrd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_lrrd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_lrrd_server_packets($1)
+	corenet_dontaudit_receive_lrrd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_lrrd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to lrrd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_lrrd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_lrrd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type lrrd_server_packet_t;
+	')
+
+	allow $1 lrrd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_lrrd_server_packets'($*)) dnl
+	')
+
+
+ # no defined portcon
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_mail_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_mail_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_mail_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_mail_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_mail_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_mail_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_mail_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_mail_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_mail_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_mail_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_mail_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_mail_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_mail_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_mail_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_mail_port'($*)) dnl
+	
+	gen_require(`
+		type mail_port_t;
+	')
+
+	allow $1 mail_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_mail_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_mail_port'($*)) dnl
+	
+	gen_require(`
+		type mail_port_t;
+	')
+
+	allow $1 mail_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_mail_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the mail port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_mail_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_mail_port'($*)) dnl
+	
+	gen_require(`
+		type mail_port_t;
+	')
+
+	allow $1 mail_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_mail_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mail_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mail_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mail_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_client_packet_t;
+	')
+
+	allow $1 mail_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mail_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mail_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mail_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mail_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_client_packet_t;
+	')
+
+	dontaudit $1 mail_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mail_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mail_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mail_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mail_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_client_packet_t;
+	')
+
+	allow $1 mail_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mail_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mail_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mail_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mail_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_client_packet_t;
+	')
+
+	dontaudit $1 mail_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mail_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mail_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mail_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mail_client_packets'($*)) dnl
+	
+	corenet_send_mail_client_packets($1)
+	corenet_receive_mail_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mail_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mail_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mail_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mail_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mail_client_packets($1)
+	corenet_dontaudit_receive_mail_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mail_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mail_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mail_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mail_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_client_packet_t;
+	')
+
+	allow $1 mail_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mail_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mail_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mail_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mail_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_server_packet_t;
+	')
+
+	allow $1 mail_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mail_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mail_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mail_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mail_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_server_packet_t;
+	')
+
+	dontaudit $1 mail_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mail_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mail_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mail_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mail_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_server_packet_t;
+	')
+
+	allow $1 mail_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mail_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mail_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mail_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mail_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_server_packet_t;
+	')
+
+	dontaudit $1 mail_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mail_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mail_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mail_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mail_server_packets'($*)) dnl
+	
+	corenet_send_mail_server_packets($1)
+	corenet_receive_mail_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mail_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mail_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mail_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mail_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mail_server_packets($1)
+	corenet_dontaudit_receive_mail_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mail_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mail_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mail_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mail_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mail_server_packet_t;
+	')
+
+	allow $1 mail_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mail_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_matahari_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_matahari_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_matahari_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_matahari_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_matahari_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_matahari_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_matahari_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_matahari_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_matahari_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_matahari_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_matahari_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_matahari_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_matahari_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_matahari_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_matahari_port'($*)) dnl
+	
+	gen_require(`
+		type matahari_port_t;
+	')
+
+	allow $1 matahari_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_matahari_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_matahari_port'($*)) dnl
+	
+	gen_require(`
+		type matahari_port_t;
+	')
+
+	allow $1 matahari_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_matahari_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the matahari port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_matahari_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_matahari_port'($*)) dnl
+	
+	gen_require(`
+		type matahari_port_t;
+	')
+
+	allow $1 matahari_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_matahari_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send matahari_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_matahari_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_matahari_client_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_client_packet_t;
+	')
+
+	allow $1 matahari_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_matahari_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send matahari_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_matahari_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_matahari_client_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_client_packet_t;
+	')
+
+	dontaudit $1 matahari_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_matahari_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive matahari_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_matahari_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_matahari_client_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_client_packet_t;
+	')
+
+	allow $1 matahari_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_matahari_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive matahari_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_matahari_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_matahari_client_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_client_packet_t;
+	')
+
+	dontaudit $1 matahari_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_matahari_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive matahari_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_matahari_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_matahari_client_packets'($*)) dnl
+	
+	corenet_send_matahari_client_packets($1)
+	corenet_receive_matahari_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_matahari_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive matahari_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_matahari_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_matahari_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_matahari_client_packets($1)
+	corenet_dontaudit_receive_matahari_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_matahari_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to matahari_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_matahari_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_matahari_client_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_client_packet_t;
+	')
+
+	allow $1 matahari_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_matahari_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send matahari_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_matahari_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_matahari_server_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_server_packet_t;
+	')
+
+	allow $1 matahari_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_matahari_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send matahari_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_matahari_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_matahari_server_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_server_packet_t;
+	')
+
+	dontaudit $1 matahari_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_matahari_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive matahari_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_matahari_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_matahari_server_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_server_packet_t;
+	')
+
+	allow $1 matahari_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_matahari_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive matahari_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_matahari_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_matahari_server_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_server_packet_t;
+	')
+
+	dontaudit $1 matahari_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_matahari_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive matahari_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_matahari_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_matahari_server_packets'($*)) dnl
+	
+	corenet_send_matahari_server_packets($1)
+	corenet_receive_matahari_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_matahari_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive matahari_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_matahari_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_matahari_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_matahari_server_packets($1)
+	corenet_dontaudit_receive_matahari_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_matahari_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to matahari_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_matahari_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_matahari_server_packets'($*)) dnl
+	
+	gen_require(`
+		type matahari_server_packet_t;
+	')
+
+	allow $1 matahari_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_matahari_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_memcache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_memcache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_memcache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_memcache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_memcache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_memcache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_memcache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_memcache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_memcache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_memcache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_memcache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_memcache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_memcache_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_memcache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_memcache_port'($*)) dnl
+	
+	gen_require(`
+		type memcache_port_t;
+	')
+
+	allow $1 memcache_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_memcache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_memcache_port'($*)) dnl
+	
+	gen_require(`
+		type memcache_port_t;
+	')
+
+	allow $1 memcache_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_memcache_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the memcache port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_memcache_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_memcache_port'($*)) dnl
+	
+	gen_require(`
+		type memcache_port_t;
+	')
+
+	allow $1 memcache_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_memcache_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send memcache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_memcache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_memcache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_client_packet_t;
+	')
+
+	allow $1 memcache_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_memcache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send memcache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_memcache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_memcache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_client_packet_t;
+	')
+
+	dontaudit $1 memcache_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_memcache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive memcache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_memcache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_memcache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_client_packet_t;
+	')
+
+	allow $1 memcache_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_memcache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive memcache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_memcache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_memcache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_client_packet_t;
+	')
+
+	dontaudit $1 memcache_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_memcache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive memcache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_memcache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_memcache_client_packets'($*)) dnl
+	
+	corenet_send_memcache_client_packets($1)
+	corenet_receive_memcache_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_memcache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive memcache_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_memcache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_memcache_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_memcache_client_packets($1)
+	corenet_dontaudit_receive_memcache_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_memcache_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to memcache_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_memcache_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_memcache_client_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_client_packet_t;
+	')
+
+	allow $1 memcache_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_memcache_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send memcache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_memcache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_memcache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_server_packet_t;
+	')
+
+	allow $1 memcache_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_memcache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send memcache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_memcache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_memcache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_server_packet_t;
+	')
+
+	dontaudit $1 memcache_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_memcache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive memcache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_memcache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_memcache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_server_packet_t;
+	')
+
+	allow $1 memcache_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_memcache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive memcache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_memcache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_memcache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_server_packet_t;
+	')
+
+	dontaudit $1 memcache_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_memcache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive memcache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_memcache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_memcache_server_packets'($*)) dnl
+	
+	corenet_send_memcache_server_packets($1)
+	corenet_receive_memcache_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_memcache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive memcache_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_memcache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_memcache_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_memcache_server_packets($1)
+	corenet_dontaudit_receive_memcache_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_memcache_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to memcache_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_memcache_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_memcache_server_packets'($*)) dnl
+	
+	gen_require(`
+		type memcache_server_packet_t;
+	')
+
+	allow $1 memcache_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_memcache_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_milter_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_milter_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_milter_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_milter_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_milter_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_milter_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_milter_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_milter_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_milter_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_milter_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_milter_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_milter_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_milter_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_milter_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_milter_port'($*)) dnl
+	
+	gen_require(`
+		type milter_port_t;
+	')
+
+	allow $1 milter_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_milter_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_milter_port'($*)) dnl
+	
+	gen_require(`
+		type milter_port_t;
+	')
+
+	allow $1 milter_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_milter_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the milter port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_milter_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_milter_port'($*)) dnl
+	
+	gen_require(`
+		type milter_port_t;
+	')
+
+	allow $1 milter_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_milter_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send milter_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_milter_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_milter_client_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_client_packet_t;
+	')
+
+	allow $1 milter_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_milter_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send milter_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_milter_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_milter_client_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_client_packet_t;
+	')
+
+	dontaudit $1 milter_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_milter_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive milter_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_milter_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_milter_client_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_client_packet_t;
+	')
+
+	allow $1 milter_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_milter_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive milter_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_milter_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_milter_client_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_client_packet_t;
+	')
+
+	dontaudit $1 milter_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_milter_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive milter_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_milter_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_milter_client_packets'($*)) dnl
+	
+	corenet_send_milter_client_packets($1)
+	corenet_receive_milter_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_milter_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive milter_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_milter_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_milter_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_milter_client_packets($1)
+	corenet_dontaudit_receive_milter_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_milter_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to milter_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_milter_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_milter_client_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_client_packet_t;
+	')
+
+	allow $1 milter_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_milter_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send milter_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_milter_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_milter_server_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_server_packet_t;
+	')
+
+	allow $1 milter_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_milter_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send milter_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_milter_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_milter_server_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_server_packet_t;
+	')
+
+	dontaudit $1 milter_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_milter_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive milter_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_milter_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_milter_server_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_server_packet_t;
+	')
+
+	allow $1 milter_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_milter_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive milter_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_milter_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_milter_server_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_server_packet_t;
+	')
+
+	dontaudit $1 milter_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_milter_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive milter_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_milter_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_milter_server_packets'($*)) dnl
+	
+	corenet_send_milter_server_packets($1)
+	corenet_receive_milter_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_milter_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive milter_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_milter_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_milter_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_milter_server_packets($1)
+	corenet_dontaudit_receive_milter_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_milter_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to milter_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_milter_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_milter_server_packets'($*)) dnl
+	
+	gen_require(`
+		type milter_server_packet_t;
+	')
+
+	allow $1 milter_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_milter_server_packets'($*)) dnl
+	')
+
+
+ # no defined portcon
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_mmcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_mmcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_mmcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_mmcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_mmcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_mmcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_mmcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_mmcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_mmcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_mmcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_mmcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_mmcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_mmcc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_mmcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_mmcc_port'($*)) dnl
+	
+	gen_require(`
+		type mmcc_port_t;
+	')
+
+	allow $1 mmcc_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_mmcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_mmcc_port'($*)) dnl
+	
+	gen_require(`
+		type mmcc_port_t;
+	')
+
+	allow $1 mmcc_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_mmcc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the mmcc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_mmcc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_mmcc_port'($*)) dnl
+	
+	gen_require(`
+		type mmcc_port_t;
+	')
+
+	allow $1 mmcc_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_mmcc_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mmcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mmcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mmcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_client_packet_t;
+	')
+
+	allow $1 mmcc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mmcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mmcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mmcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mmcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_client_packet_t;
+	')
+
+	dontaudit $1 mmcc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mmcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mmcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mmcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mmcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_client_packet_t;
+	')
+
+	allow $1 mmcc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mmcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mmcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mmcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mmcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_client_packet_t;
+	')
+
+	dontaudit $1 mmcc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mmcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mmcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mmcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mmcc_client_packets'($*)) dnl
+	
+	corenet_send_mmcc_client_packets($1)
+	corenet_receive_mmcc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mmcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mmcc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mmcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mmcc_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mmcc_client_packets($1)
+	corenet_dontaudit_receive_mmcc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mmcc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mmcc_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mmcc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mmcc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_client_packet_t;
+	')
+
+	allow $1 mmcc_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mmcc_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mmcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mmcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mmcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_server_packet_t;
+	')
+
+	allow $1 mmcc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mmcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mmcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mmcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mmcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_server_packet_t;
+	')
+
+	dontaudit $1 mmcc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mmcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mmcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mmcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mmcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_server_packet_t;
+	')
+
+	allow $1 mmcc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mmcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mmcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mmcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mmcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_server_packet_t;
+	')
+
+	dontaudit $1 mmcc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mmcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mmcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mmcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mmcc_server_packets'($*)) dnl
+	
+	corenet_send_mmcc_server_packets($1)
+	corenet_receive_mmcc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mmcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mmcc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mmcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mmcc_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mmcc_server_packets($1)
+	corenet_dontaudit_receive_mmcc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mmcc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mmcc_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mmcc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mmcc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mmcc_server_packet_t;
+	')
+
+	allow $1 mmcc_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mmcc_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_mon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_mon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_mon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_mon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_mon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_mon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_mon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_mon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_mon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_mon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_mon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_mon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_mon_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_mon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_mon_port'($*)) dnl
+	
+	gen_require(`
+		type mon_port_t;
+	')
+
+	allow $1 mon_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_mon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_mon_port'($*)) dnl
+	
+	gen_require(`
+		type mon_port_t;
+	')
+
+	allow $1 mon_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_mon_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the mon port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_mon_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_mon_port'($*)) dnl
+	
+	gen_require(`
+		type mon_port_t;
+	')
+
+	allow $1 mon_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_mon_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_client_packet_t;
+	')
+
+	allow $1 mon_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_client_packet_t;
+	')
+
+	dontaudit $1 mon_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_client_packet_t;
+	')
+
+	allow $1 mon_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_client_packet_t;
+	')
+
+	dontaudit $1 mon_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mon_client_packets'($*)) dnl
+	
+	corenet_send_mon_client_packets($1)
+	corenet_receive_mon_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mon_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mon_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mon_client_packets($1)
+	corenet_dontaudit_receive_mon_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mon_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mon_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mon_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mon_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_client_packet_t;
+	')
+
+	allow $1 mon_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mon_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_server_packet_t;
+	')
+
+	allow $1 mon_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_server_packet_t;
+	')
+
+	dontaudit $1 mon_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_server_packet_t;
+	')
+
+	allow $1 mon_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_server_packet_t;
+	')
+
+	dontaudit $1 mon_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mon_server_packets'($*)) dnl
+	
+	corenet_send_mon_server_packets($1)
+	corenet_receive_mon_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mon_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mon_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mon_server_packets($1)
+	corenet_dontaudit_receive_mon_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mon_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mon_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mon_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mon_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mon_server_packet_t;
+	')
+
+	allow $1 mon_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mon_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_monit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_monit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_monit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_monit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_monit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_monit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_monit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_monit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_monit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_monit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_monit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_monit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_monit_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_monit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_monit_port'($*)) dnl
+	
+	gen_require(`
+		type monit_port_t;
+	')
+
+	allow $1 monit_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_monit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_monit_port'($*)) dnl
+	
+	gen_require(`
+		type monit_port_t;
+	')
+
+	allow $1 monit_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_monit_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the monit port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_monit_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_monit_port'($*)) dnl
+	
+	gen_require(`
+		type monit_port_t;
+	')
+
+	allow $1 monit_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_monit_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send monit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_monit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_monit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_client_packet_t;
+	')
+
+	allow $1 monit_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_monit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send monit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_monit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_monit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_client_packet_t;
+	')
+
+	dontaudit $1 monit_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_monit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive monit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_monit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_monit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_client_packet_t;
+	')
+
+	allow $1 monit_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_monit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive monit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_monit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_monit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_client_packet_t;
+	')
+
+	dontaudit $1 monit_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_monit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive monit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_monit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_monit_client_packets'($*)) dnl
+	
+	corenet_send_monit_client_packets($1)
+	corenet_receive_monit_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_monit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive monit_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_monit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_monit_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_monit_client_packets($1)
+	corenet_dontaudit_receive_monit_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_monit_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to monit_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_monit_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_monit_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_client_packet_t;
+	')
+
+	allow $1 monit_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_monit_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send monit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_monit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_monit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_server_packet_t;
+	')
+
+	allow $1 monit_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_monit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send monit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_monit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_monit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_server_packet_t;
+	')
+
+	dontaudit $1 monit_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_monit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive monit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_monit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_monit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_server_packet_t;
+	')
+
+	allow $1 monit_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_monit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive monit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_monit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_monit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_server_packet_t;
+	')
+
+	dontaudit $1 monit_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_monit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive monit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_monit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_monit_server_packets'($*)) dnl
+	
+	corenet_send_monit_server_packets($1)
+	corenet_receive_monit_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_monit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive monit_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_monit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_monit_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_monit_server_packets($1)
+	corenet_dontaudit_receive_monit_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_monit_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to monit_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_monit_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_monit_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monit_server_packet_t;
+	')
+
+	allow $1 monit_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_monit_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_monopd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_monopd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_monopd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_monopd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_monopd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_monopd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_monopd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_monopd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_monopd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_monopd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_monopd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_monopd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_monopd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_monopd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_monopd_port'($*)) dnl
+	
+	gen_require(`
+		type monopd_port_t;
+	')
+
+	allow $1 monopd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_monopd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_monopd_port'($*)) dnl
+	
+	gen_require(`
+		type monopd_port_t;
+	')
+
+	allow $1 monopd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_monopd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the monopd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_monopd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_monopd_port'($*)) dnl
+	
+	gen_require(`
+		type monopd_port_t;
+	')
+
+	allow $1 monopd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_monopd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send monopd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_monopd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_monopd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_client_packet_t;
+	')
+
+	allow $1 monopd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_monopd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send monopd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_monopd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_monopd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_client_packet_t;
+	')
+
+	dontaudit $1 monopd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_monopd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive monopd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_monopd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_monopd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_client_packet_t;
+	')
+
+	allow $1 monopd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_monopd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive monopd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_monopd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_monopd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_client_packet_t;
+	')
+
+	dontaudit $1 monopd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_monopd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive monopd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_monopd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_monopd_client_packets'($*)) dnl
+	
+	corenet_send_monopd_client_packets($1)
+	corenet_receive_monopd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_monopd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive monopd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_monopd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_monopd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_monopd_client_packets($1)
+	corenet_dontaudit_receive_monopd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_monopd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to monopd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_monopd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_monopd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_client_packet_t;
+	')
+
+	allow $1 monopd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_monopd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send monopd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_monopd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_monopd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_server_packet_t;
+	')
+
+	allow $1 monopd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_monopd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send monopd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_monopd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_monopd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_server_packet_t;
+	')
+
+	dontaudit $1 monopd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_monopd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive monopd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_monopd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_monopd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_server_packet_t;
+	')
+
+	allow $1 monopd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_monopd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive monopd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_monopd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_monopd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_server_packet_t;
+	')
+
+	dontaudit $1 monopd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_monopd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive monopd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_monopd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_monopd_server_packets'($*)) dnl
+	
+	corenet_send_monopd_server_packets($1)
+	corenet_receive_monopd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_monopd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive monopd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_monopd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_monopd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_monopd_server_packets($1)
+	corenet_dontaudit_receive_monopd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_monopd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to monopd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_monopd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_monopd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type monopd_server_packet_t;
+	')
+
+	allow $1 monopd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_monopd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_mountd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_mountd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_mountd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_mountd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_mountd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_mountd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_mountd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_mountd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_mountd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_mountd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_mountd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_mountd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_mountd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_mountd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_mountd_port'($*)) dnl
+	
+	gen_require(`
+		type mountd_port_t;
+	')
+
+	allow $1 mountd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_mountd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_mountd_port'($*)) dnl
+	
+	gen_require(`
+		type mountd_port_t;
+	')
+
+	allow $1 mountd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_mountd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the mountd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_mountd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_mountd_port'($*)) dnl
+	
+	gen_require(`
+		type mountd_port_t;
+	')
+
+	allow $1 mountd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_mountd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mountd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mountd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mountd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_client_packet_t;
+	')
+
+	allow $1 mountd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mountd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mountd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mountd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mountd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_client_packet_t;
+	')
+
+	dontaudit $1 mountd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mountd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mountd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mountd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mountd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_client_packet_t;
+	')
+
+	allow $1 mountd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mountd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mountd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mountd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mountd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_client_packet_t;
+	')
+
+	dontaudit $1 mountd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mountd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mountd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mountd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mountd_client_packets'($*)) dnl
+	
+	corenet_send_mountd_client_packets($1)
+	corenet_receive_mountd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mountd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mountd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mountd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mountd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mountd_client_packets($1)
+	corenet_dontaudit_receive_mountd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mountd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mountd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mountd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mountd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_client_packet_t;
+	')
+
+	allow $1 mountd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mountd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mountd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mountd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mountd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_server_packet_t;
+	')
+
+	allow $1 mountd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mountd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mountd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mountd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mountd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_server_packet_t;
+	')
+
+	dontaudit $1 mountd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mountd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mountd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mountd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mountd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_server_packet_t;
+	')
+
+	allow $1 mountd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mountd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mountd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mountd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mountd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_server_packet_t;
+	')
+
+	dontaudit $1 mountd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mountd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mountd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mountd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mountd_server_packets'($*)) dnl
+	
+	corenet_send_mountd_server_packets($1)
+	corenet_receive_mountd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mountd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mountd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mountd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mountd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mountd_server_packets($1)
+	corenet_dontaudit_receive_mountd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mountd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mountd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mountd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mountd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mountd_server_packet_t;
+	')
+
+	allow $1 mountd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mountd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_movaz_ssc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_movaz_ssc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_movaz_ssc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_movaz_ssc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_movaz_ssc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_movaz_ssc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_movaz_ssc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_movaz_ssc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_movaz_ssc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_movaz_ssc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_movaz_ssc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_movaz_ssc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_movaz_ssc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_movaz_ssc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_movaz_ssc_port'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_port_t;
+	')
+
+	allow $1 movaz_ssc_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_movaz_ssc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_movaz_ssc_port'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_port_t;
+	')
+
+	allow $1 movaz_ssc_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_movaz_ssc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the movaz_ssc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_movaz_ssc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_movaz_ssc_port'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_port_t;
+	')
+
+	allow $1 movaz_ssc_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_movaz_ssc_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send movaz_ssc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_movaz_ssc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_movaz_ssc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_client_packet_t;
+	')
+
+	allow $1 movaz_ssc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_movaz_ssc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send movaz_ssc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_movaz_ssc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_movaz_ssc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_client_packet_t;
+	')
+
+	dontaudit $1 movaz_ssc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_movaz_ssc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive movaz_ssc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_movaz_ssc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_movaz_ssc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_client_packet_t;
+	')
+
+	allow $1 movaz_ssc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_movaz_ssc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive movaz_ssc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_movaz_ssc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_movaz_ssc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_client_packet_t;
+	')
+
+	dontaudit $1 movaz_ssc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_movaz_ssc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive movaz_ssc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_movaz_ssc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_movaz_ssc_client_packets'($*)) dnl
+	
+	corenet_send_movaz_ssc_client_packets($1)
+	corenet_receive_movaz_ssc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_movaz_ssc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive movaz_ssc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_movaz_ssc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_movaz_ssc_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_movaz_ssc_client_packets($1)
+	corenet_dontaudit_receive_movaz_ssc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_movaz_ssc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to movaz_ssc_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_movaz_ssc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_movaz_ssc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_client_packet_t;
+	')
+
+	allow $1 movaz_ssc_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_movaz_ssc_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send movaz_ssc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_movaz_ssc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_movaz_ssc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_server_packet_t;
+	')
+
+	allow $1 movaz_ssc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_movaz_ssc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send movaz_ssc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_movaz_ssc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_movaz_ssc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_server_packet_t;
+	')
+
+	dontaudit $1 movaz_ssc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_movaz_ssc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive movaz_ssc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_movaz_ssc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_movaz_ssc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_server_packet_t;
+	')
+
+	allow $1 movaz_ssc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_movaz_ssc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive movaz_ssc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_movaz_ssc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_movaz_ssc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_server_packet_t;
+	')
+
+	dontaudit $1 movaz_ssc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_movaz_ssc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive movaz_ssc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_movaz_ssc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_movaz_ssc_server_packets'($*)) dnl
+	
+	corenet_send_movaz_ssc_server_packets($1)
+	corenet_receive_movaz_ssc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_movaz_ssc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive movaz_ssc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_movaz_ssc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_movaz_ssc_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_movaz_ssc_server_packets($1)
+	corenet_dontaudit_receive_movaz_ssc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_movaz_ssc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to movaz_ssc_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_movaz_ssc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_movaz_ssc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type movaz_ssc_server_packet_t;
+	')
+
+	allow $1 movaz_ssc_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_movaz_ssc_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_mpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_mpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_mpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_mpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_mpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_mpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_mpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_mpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_mpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_mpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_mpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_mpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_mpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_mpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_mpd_port'($*)) dnl
+	
+	gen_require(`
+		type mpd_port_t;
+	')
+
+	allow $1 mpd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_mpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_mpd_port'($*)) dnl
+	
+	gen_require(`
+		type mpd_port_t;
+	')
+
+	allow $1 mpd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_mpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the mpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_mpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_mpd_port'($*)) dnl
+	
+	gen_require(`
+		type mpd_port_t;
+	')
+
+	allow $1 mpd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_mpd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_client_packet_t;
+	')
+
+	allow $1 mpd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_client_packet_t;
+	')
+
+	dontaudit $1 mpd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_client_packet_t;
+	')
+
+	allow $1 mpd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_client_packet_t;
+	')
+
+	dontaudit $1 mpd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mpd_client_packets'($*)) dnl
+	
+	corenet_send_mpd_client_packets($1)
+	corenet_receive_mpd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mpd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mpd_client_packets($1)
+	corenet_dontaudit_receive_mpd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mpd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_client_packet_t;
+	')
+
+	allow $1 mpd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mpd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_server_packet_t;
+	')
+
+	allow $1 mpd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_server_packet_t;
+	')
+
+	dontaudit $1 mpd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_server_packet_t;
+	')
+
+	allow $1 mpd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_server_packet_t;
+	')
+
+	dontaudit $1 mpd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mpd_server_packets'($*)) dnl
+	
+	corenet_send_mpd_server_packets($1)
+	corenet_receive_mpd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mpd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mpd_server_packets($1)
+	corenet_dontaudit_receive_mpd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mpd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mpd_server_packet_t;
+	')
+
+	allow $1 mpd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mpd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_msgsrvr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_msgsrvr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_msgsrvr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_msgsrvr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_msgsrvr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_msgsrvr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_msgsrvr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_msgsrvr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_msgsrvr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_msgsrvr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_msgsrvr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_msgsrvr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_msgsrvr_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_msgsrvr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_msgsrvr_port'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_port_t;
+	')
+
+	allow $1 msgsrvr_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_msgsrvr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_msgsrvr_port'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_port_t;
+	')
+
+	allow $1 msgsrvr_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_msgsrvr_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the msgsrvr port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_msgsrvr_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_msgsrvr_port'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_port_t;
+	')
+
+	allow $1 msgsrvr_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_msgsrvr_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send msgsrvr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_msgsrvr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_msgsrvr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_client_packet_t;
+	')
+
+	allow $1 msgsrvr_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_msgsrvr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send msgsrvr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_msgsrvr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_msgsrvr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_client_packet_t;
+	')
+
+	dontaudit $1 msgsrvr_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_msgsrvr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive msgsrvr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_msgsrvr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_msgsrvr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_client_packet_t;
+	')
+
+	allow $1 msgsrvr_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_msgsrvr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive msgsrvr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_msgsrvr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_msgsrvr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_client_packet_t;
+	')
+
+	dontaudit $1 msgsrvr_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_msgsrvr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive msgsrvr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_msgsrvr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_msgsrvr_client_packets'($*)) dnl
+	
+	corenet_send_msgsrvr_client_packets($1)
+	corenet_receive_msgsrvr_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_msgsrvr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive msgsrvr_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_msgsrvr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_msgsrvr_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_msgsrvr_client_packets($1)
+	corenet_dontaudit_receive_msgsrvr_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_msgsrvr_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to msgsrvr_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_msgsrvr_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_msgsrvr_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_client_packet_t;
+	')
+
+	allow $1 msgsrvr_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_msgsrvr_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send msgsrvr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_msgsrvr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_msgsrvr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_server_packet_t;
+	')
+
+	allow $1 msgsrvr_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_msgsrvr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send msgsrvr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_msgsrvr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_msgsrvr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_server_packet_t;
+	')
+
+	dontaudit $1 msgsrvr_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_msgsrvr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive msgsrvr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_msgsrvr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_msgsrvr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_server_packet_t;
+	')
+
+	allow $1 msgsrvr_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_msgsrvr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive msgsrvr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_msgsrvr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_msgsrvr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_server_packet_t;
+	')
+
+	dontaudit $1 msgsrvr_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_msgsrvr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive msgsrvr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_msgsrvr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_msgsrvr_server_packets'($*)) dnl
+	
+	corenet_send_msgsrvr_server_packets($1)
+	corenet_receive_msgsrvr_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_msgsrvr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive msgsrvr_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_msgsrvr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_msgsrvr_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_msgsrvr_server_packets($1)
+	corenet_dontaudit_receive_msgsrvr_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_msgsrvr_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to msgsrvr_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_msgsrvr_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_msgsrvr_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msgsrvr_server_packet_t;
+	')
+
+	allow $1 msgsrvr_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_msgsrvr_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_msnp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_msnp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_msnp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_msnp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_msnp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_msnp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_msnp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_msnp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_msnp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_msnp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_msnp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_msnp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_msnp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_msnp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_msnp_port'($*)) dnl
+	
+	gen_require(`
+		type msnp_port_t;
+	')
+
+	allow $1 msnp_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_msnp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_msnp_port'($*)) dnl
+	
+	gen_require(`
+		type msnp_port_t;
+	')
+
+	allow $1 msnp_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_msnp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the msnp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_msnp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_msnp_port'($*)) dnl
+	
+	gen_require(`
+		type msnp_port_t;
+	')
+
+	allow $1 msnp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_msnp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send msnp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_msnp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_msnp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_client_packet_t;
+	')
+
+	allow $1 msnp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_msnp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send msnp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_msnp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_msnp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_client_packet_t;
+	')
+
+	dontaudit $1 msnp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_msnp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive msnp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_msnp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_msnp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_client_packet_t;
+	')
+
+	allow $1 msnp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_msnp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive msnp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_msnp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_msnp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_client_packet_t;
+	')
+
+	dontaudit $1 msnp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_msnp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive msnp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_msnp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_msnp_client_packets'($*)) dnl
+	
+	corenet_send_msnp_client_packets($1)
+	corenet_receive_msnp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_msnp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive msnp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_msnp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_msnp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_msnp_client_packets($1)
+	corenet_dontaudit_receive_msnp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_msnp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to msnp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_msnp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_msnp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_client_packet_t;
+	')
+
+	allow $1 msnp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_msnp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send msnp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_msnp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_msnp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_server_packet_t;
+	')
+
+	allow $1 msnp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_msnp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send msnp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_msnp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_msnp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_server_packet_t;
+	')
+
+	dontaudit $1 msnp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_msnp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive msnp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_msnp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_msnp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_server_packet_t;
+	')
+
+	allow $1 msnp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_msnp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive msnp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_msnp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_msnp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_server_packet_t;
+	')
+
+	dontaudit $1 msnp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_msnp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive msnp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_msnp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_msnp_server_packets'($*)) dnl
+	
+	corenet_send_msnp_server_packets($1)
+	corenet_receive_msnp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_msnp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive msnp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_msnp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_msnp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_msnp_server_packets($1)
+	corenet_dontaudit_receive_msnp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_msnp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to msnp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_msnp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_msnp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type msnp_server_packet_t;
+	')
+
+	allow $1 msnp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_msnp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_mssql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_mssql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_mssql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_mssql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_mssql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_mssql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_mssql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_mssql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_mssql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_mssql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_mssql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_mssql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_mssql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_mssql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_mssql_port'($*)) dnl
+	
+	gen_require(`
+		type mssql_port_t;
+	')
+
+	allow $1 mssql_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_mssql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_mssql_port'($*)) dnl
+	
+	gen_require(`
+		type mssql_port_t;
+	')
+
+	allow $1 mssql_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_mssql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the mssql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_mssql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_mssql_port'($*)) dnl
+	
+	gen_require(`
+		type mssql_port_t;
+	')
+
+	allow $1 mssql_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_mssql_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mssql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mssql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mssql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_client_packet_t;
+	')
+
+	allow $1 mssql_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mssql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mssql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mssql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mssql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_client_packet_t;
+	')
+
+	dontaudit $1 mssql_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mssql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mssql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mssql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mssql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_client_packet_t;
+	')
+
+	allow $1 mssql_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mssql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mssql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mssql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mssql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_client_packet_t;
+	')
+
+	dontaudit $1 mssql_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mssql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mssql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mssql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mssql_client_packets'($*)) dnl
+	
+	corenet_send_mssql_client_packets($1)
+	corenet_receive_mssql_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mssql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mssql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mssql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mssql_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mssql_client_packets($1)
+	corenet_dontaudit_receive_mssql_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mssql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mssql_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mssql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mssql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_client_packet_t;
+	')
+
+	allow $1 mssql_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mssql_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mssql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mssql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mssql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_server_packet_t;
+	')
+
+	allow $1 mssql_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mssql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mssql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mssql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mssql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_server_packet_t;
+	')
+
+	dontaudit $1 mssql_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mssql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mssql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mssql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mssql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_server_packet_t;
+	')
+
+	allow $1 mssql_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mssql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mssql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mssql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mssql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_server_packet_t;
+	')
+
+	dontaudit $1 mssql_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mssql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mssql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mssql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mssql_server_packets'($*)) dnl
+	
+	corenet_send_mssql_server_packets($1)
+	corenet_receive_mssql_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mssql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mssql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mssql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mssql_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mssql_server_packets($1)
+	corenet_dontaudit_receive_mssql_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mssql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mssql_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mssql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mssql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mssql_server_packet_t;
+	')
+
+	allow $1 mssql_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mssql_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ms_streaming_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ms_streaming_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ms_streaming_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ms_streaming_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ms_streaming_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ms_streaming_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ms_streaming_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ms_streaming_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ms_streaming_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ms_streaming_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ms_streaming_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ms_streaming_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ms_streaming_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ms_streaming_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ms_streaming_port'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_port_t;
+	')
+
+	allow $1 ms_streaming_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ms_streaming_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ms_streaming_port'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_port_t;
+	')
+
+	allow $1 ms_streaming_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ms_streaming_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ms_streaming port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ms_streaming_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ms_streaming_port'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_port_t;
+	')
+
+	allow $1 ms_streaming_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ms_streaming_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ms_streaming_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ms_streaming_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ms_streaming_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_client_packet_t;
+	')
+
+	allow $1 ms_streaming_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ms_streaming_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ms_streaming_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ms_streaming_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ms_streaming_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_client_packet_t;
+	')
+
+	dontaudit $1 ms_streaming_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ms_streaming_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ms_streaming_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ms_streaming_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ms_streaming_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_client_packet_t;
+	')
+
+	allow $1 ms_streaming_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ms_streaming_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ms_streaming_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ms_streaming_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ms_streaming_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_client_packet_t;
+	')
+
+	dontaudit $1 ms_streaming_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ms_streaming_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ms_streaming_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ms_streaming_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ms_streaming_client_packets'($*)) dnl
+	
+	corenet_send_ms_streaming_client_packets($1)
+	corenet_receive_ms_streaming_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ms_streaming_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ms_streaming_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ms_streaming_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ms_streaming_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ms_streaming_client_packets($1)
+	corenet_dontaudit_receive_ms_streaming_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ms_streaming_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ms_streaming_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ms_streaming_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ms_streaming_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_client_packet_t;
+	')
+
+	allow $1 ms_streaming_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ms_streaming_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ms_streaming_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ms_streaming_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ms_streaming_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_server_packet_t;
+	')
+
+	allow $1 ms_streaming_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ms_streaming_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ms_streaming_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ms_streaming_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ms_streaming_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_server_packet_t;
+	')
+
+	dontaudit $1 ms_streaming_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ms_streaming_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ms_streaming_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ms_streaming_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ms_streaming_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_server_packet_t;
+	')
+
+	allow $1 ms_streaming_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ms_streaming_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ms_streaming_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ms_streaming_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ms_streaming_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_server_packet_t;
+	')
+
+	dontaudit $1 ms_streaming_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ms_streaming_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ms_streaming_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ms_streaming_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ms_streaming_server_packets'($*)) dnl
+	
+	corenet_send_ms_streaming_server_packets($1)
+	corenet_receive_ms_streaming_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ms_streaming_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ms_streaming_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ms_streaming_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ms_streaming_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ms_streaming_server_packets($1)
+	corenet_dontaudit_receive_ms_streaming_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ms_streaming_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ms_streaming_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ms_streaming_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ms_streaming_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ms_streaming_server_packet_t;
+	')
+
+	allow $1 ms_streaming_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ms_streaming_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_munin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_munin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_munin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_munin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_munin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_munin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_munin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_munin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_munin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_munin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_munin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_munin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_munin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_munin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_munin_port'($*)) dnl
+	
+	gen_require(`
+		type munin_port_t;
+	')
+
+	allow $1 munin_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_munin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_munin_port'($*)) dnl
+	
+	gen_require(`
+		type munin_port_t;
+	')
+
+	allow $1 munin_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_munin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the munin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_munin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_munin_port'($*)) dnl
+	
+	gen_require(`
+		type munin_port_t;
+	')
+
+	allow $1 munin_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_munin_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send munin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_munin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_munin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_client_packet_t;
+	')
+
+	allow $1 munin_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_munin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send munin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_munin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_munin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_client_packet_t;
+	')
+
+	dontaudit $1 munin_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_munin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive munin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_munin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_munin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_client_packet_t;
+	')
+
+	allow $1 munin_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_munin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive munin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_munin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_munin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_client_packet_t;
+	')
+
+	dontaudit $1 munin_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_munin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive munin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_munin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_munin_client_packets'($*)) dnl
+	
+	corenet_send_munin_client_packets($1)
+	corenet_receive_munin_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_munin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive munin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_munin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_munin_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_munin_client_packets($1)
+	corenet_dontaudit_receive_munin_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_munin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to munin_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_munin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_munin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_client_packet_t;
+	')
+
+	allow $1 munin_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_munin_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send munin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_munin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_munin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_server_packet_t;
+	')
+
+	allow $1 munin_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_munin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send munin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_munin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_munin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_server_packet_t;
+	')
+
+	dontaudit $1 munin_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_munin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive munin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_munin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_munin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_server_packet_t;
+	')
+
+	allow $1 munin_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_munin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive munin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_munin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_munin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_server_packet_t;
+	')
+
+	dontaudit $1 munin_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_munin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive munin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_munin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_munin_server_packets'($*)) dnl
+	
+	corenet_send_munin_server_packets($1)
+	corenet_receive_munin_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_munin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive munin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_munin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_munin_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_munin_server_packets($1)
+	corenet_dontaudit_receive_munin_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_munin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to munin_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_munin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_munin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type munin_server_packet_t;
+	')
+
+	allow $1 munin_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_munin_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_mxi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_mxi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_mxi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_mxi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_mxi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_mxi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_mxi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_mxi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_mxi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_mxi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_mxi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_mxi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_mxi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_mxi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_mxi_port'($*)) dnl
+	
+	gen_require(`
+		type mxi_port_t;
+	')
+
+	allow $1 mxi_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_mxi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_mxi_port'($*)) dnl
+	
+	gen_require(`
+		type mxi_port_t;
+	')
+
+	allow $1 mxi_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_mxi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the mxi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_mxi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_mxi_port'($*)) dnl
+	
+	gen_require(`
+		type mxi_port_t;
+	')
+
+	allow $1 mxi_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_mxi_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mxi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mxi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mxi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_client_packet_t;
+	')
+
+	allow $1 mxi_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mxi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mxi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mxi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mxi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_client_packet_t;
+	')
+
+	dontaudit $1 mxi_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mxi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mxi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mxi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mxi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_client_packet_t;
+	')
+
+	allow $1 mxi_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mxi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mxi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mxi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mxi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_client_packet_t;
+	')
+
+	dontaudit $1 mxi_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mxi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mxi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mxi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mxi_client_packets'($*)) dnl
+	
+	corenet_send_mxi_client_packets($1)
+	corenet_receive_mxi_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mxi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mxi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mxi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mxi_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mxi_client_packets($1)
+	corenet_dontaudit_receive_mxi_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mxi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mxi_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mxi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mxi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_client_packet_t;
+	')
+
+	allow $1 mxi_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mxi_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mxi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mxi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mxi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_server_packet_t;
+	')
+
+	allow $1 mxi_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mxi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mxi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mxi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mxi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_server_packet_t;
+	')
+
+	dontaudit $1 mxi_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mxi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mxi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mxi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mxi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_server_packet_t;
+	')
+
+	allow $1 mxi_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mxi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mxi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mxi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mxi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_server_packet_t;
+	')
+
+	dontaudit $1 mxi_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mxi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mxi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mxi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mxi_server_packets'($*)) dnl
+	
+	corenet_send_mxi_server_packets($1)
+	corenet_receive_mxi_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mxi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mxi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mxi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mxi_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mxi_server_packets($1)
+	corenet_dontaudit_receive_mxi_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mxi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mxi_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mxi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mxi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mxi_server_packet_t;
+	')
+
+	allow $1 mxi_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mxi_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_mysqld_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_mysqld_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_mysqld_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_mysqld_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_mysqld_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_mysqld_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_mysqld_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_mysqld_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_mysqld_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_mysqld_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_mysqld_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_mysqld_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_mysqld_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_mysqld_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_mysqld_port'($*)) dnl
+	
+	gen_require(`
+		type mysqld_port_t;
+	')
+
+	allow $1 mysqld_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_mysqld_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_mysqld_port'($*)) dnl
+	
+	gen_require(`
+		type mysqld_port_t;
+	')
+
+	allow $1 mysqld_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_mysqld_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the mysqld port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_mysqld_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_mysqld_port'($*)) dnl
+	
+	gen_require(`
+		type mysqld_port_t;
+	')
+
+	allow $1 mysqld_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_mysqld_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mysqld_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mysqld_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mysqld_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_client_packet_t;
+	')
+
+	allow $1 mysqld_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mysqld_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mysqld_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mysqld_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mysqld_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_client_packet_t;
+	')
+
+	dontaudit $1 mysqld_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mysqld_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mysqld_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mysqld_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mysqld_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_client_packet_t;
+	')
+
+	allow $1 mysqld_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mysqld_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mysqld_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mysqld_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mysqld_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_client_packet_t;
+	')
+
+	dontaudit $1 mysqld_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mysqld_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mysqld_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mysqld_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mysqld_client_packets'($*)) dnl
+	
+	corenet_send_mysqld_client_packets($1)
+	corenet_receive_mysqld_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mysqld_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mysqld_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mysqld_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mysqld_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mysqld_client_packets($1)
+	corenet_dontaudit_receive_mysqld_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mysqld_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mysqld_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mysqld_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mysqld_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_client_packet_t;
+	')
+
+	allow $1 mysqld_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mysqld_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mysqld_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mysqld_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mysqld_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_server_packet_t;
+	')
+
+	allow $1 mysqld_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mysqld_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mysqld_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mysqld_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mysqld_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_server_packet_t;
+	')
+
+	dontaudit $1 mysqld_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mysqld_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mysqld_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mysqld_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mysqld_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_server_packet_t;
+	')
+
+	allow $1 mysqld_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mysqld_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mysqld_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mysqld_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mysqld_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_server_packet_t;
+	')
+
+	dontaudit $1 mysqld_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mysqld_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mysqld_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mysqld_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mysqld_server_packets'($*)) dnl
+	
+	corenet_send_mysqld_server_packets($1)
+	corenet_receive_mysqld_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mysqld_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mysqld_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mysqld_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mysqld_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mysqld_server_packets($1)
+	corenet_dontaudit_receive_mysqld_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mysqld_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mysqld_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mysqld_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mysqld_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqld_server_packet_t;
+	')
+
+	allow $1 mysqld_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mysqld_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_mysqlmanagerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_mysqlmanagerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_mysqlmanagerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_mysqlmanagerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_mysqlmanagerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_mysqlmanagerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_mysqlmanagerd_port'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_port_t;
+	')
+
+	allow $1 mysqlmanagerd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_mysqlmanagerd_port'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_port_t;
+	')
+
+	allow $1 mysqlmanagerd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the mysqlmanagerd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_mysqlmanagerd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_mysqlmanagerd_port'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_port_t;
+	')
+
+	allow $1 mysqlmanagerd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_mysqlmanagerd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mysqlmanagerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mysqlmanagerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mysqlmanagerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_client_packet_t;
+	')
+
+	allow $1 mysqlmanagerd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mysqlmanagerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mysqlmanagerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mysqlmanagerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mysqlmanagerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_client_packet_t;
+	')
+
+	dontaudit $1 mysqlmanagerd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mysqlmanagerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mysqlmanagerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mysqlmanagerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mysqlmanagerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_client_packet_t;
+	')
+
+	allow $1 mysqlmanagerd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mysqlmanagerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mysqlmanagerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mysqlmanagerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mysqlmanagerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_client_packet_t;
+	')
+
+	dontaudit $1 mysqlmanagerd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mysqlmanagerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mysqlmanagerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mysqlmanagerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mysqlmanagerd_client_packets'($*)) dnl
+	
+	corenet_send_mysqlmanagerd_client_packets($1)
+	corenet_receive_mysqlmanagerd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mysqlmanagerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mysqlmanagerd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mysqlmanagerd_client_packets($1)
+	corenet_dontaudit_receive_mysqlmanagerd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mysqlmanagerd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mysqlmanagerd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mysqlmanagerd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_client_packet_t;
+	')
+
+	allow $1 mysqlmanagerd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mysqlmanagerd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send mysqlmanagerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_mysqlmanagerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_mysqlmanagerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_server_packet_t;
+	')
+
+	allow $1 mysqlmanagerd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_mysqlmanagerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send mysqlmanagerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_mysqlmanagerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_mysqlmanagerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_server_packet_t;
+	')
+
+	dontaudit $1 mysqlmanagerd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_mysqlmanagerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive mysqlmanagerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_mysqlmanagerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_mysqlmanagerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_server_packet_t;
+	')
+
+	allow $1 mysqlmanagerd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_mysqlmanagerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive mysqlmanagerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_mysqlmanagerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_mysqlmanagerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_server_packet_t;
+	')
+
+	dontaudit $1 mysqlmanagerd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_mysqlmanagerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive mysqlmanagerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_mysqlmanagerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_mysqlmanagerd_server_packets'($*)) dnl
+	
+	corenet_send_mysqlmanagerd_server_packets($1)
+	corenet_receive_mysqlmanagerd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_mysqlmanagerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive mysqlmanagerd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_mysqlmanagerd_server_packets($1)
+	corenet_dontaudit_receive_mysqlmanagerd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to mysqlmanagerd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_mysqlmanagerd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_mysqlmanagerd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type mysqlmanagerd_server_packet_t;
+	')
+
+	allow $1 mysqlmanagerd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_mysqlmanagerd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_nessus_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_nessus_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_nessus_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_nessus_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_nessus_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_nessus_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_nessus_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_nessus_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_nessus_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_nessus_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_nessus_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_nessus_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_nessus_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_nessus_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_nessus_port'($*)) dnl
+	
+	gen_require(`
+		type nessus_port_t;
+	')
+
+	allow $1 nessus_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_nessus_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_nessus_port'($*)) dnl
+	
+	gen_require(`
+		type nessus_port_t;
+	')
+
+	allow $1 nessus_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_nessus_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the nessus port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_nessus_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_nessus_port'($*)) dnl
+	
+	gen_require(`
+		type nessus_port_t;
+	')
+
+	allow $1 nessus_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_nessus_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send nessus_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_nessus_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_nessus_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_client_packet_t;
+	')
+
+	allow $1 nessus_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_nessus_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send nessus_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_nessus_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_nessus_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_client_packet_t;
+	')
+
+	dontaudit $1 nessus_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_nessus_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive nessus_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_nessus_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_nessus_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_client_packet_t;
+	')
+
+	allow $1 nessus_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_nessus_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive nessus_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_nessus_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_nessus_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_client_packet_t;
+	')
+
+	dontaudit $1 nessus_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_nessus_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive nessus_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_nessus_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_nessus_client_packets'($*)) dnl
+	
+	corenet_send_nessus_client_packets($1)
+	corenet_receive_nessus_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_nessus_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive nessus_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_nessus_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_nessus_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_nessus_client_packets($1)
+	corenet_dontaudit_receive_nessus_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_nessus_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to nessus_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_nessus_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_nessus_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_client_packet_t;
+	')
+
+	allow $1 nessus_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_nessus_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send nessus_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_nessus_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_nessus_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_server_packet_t;
+	')
+
+	allow $1 nessus_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_nessus_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send nessus_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_nessus_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_nessus_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_server_packet_t;
+	')
+
+	dontaudit $1 nessus_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_nessus_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive nessus_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_nessus_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_nessus_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_server_packet_t;
+	')
+
+	allow $1 nessus_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_nessus_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive nessus_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_nessus_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_nessus_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_server_packet_t;
+	')
+
+	dontaudit $1 nessus_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_nessus_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive nessus_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_nessus_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_nessus_server_packets'($*)) dnl
+	
+	corenet_send_nessus_server_packets($1)
+	corenet_receive_nessus_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_nessus_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive nessus_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_nessus_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_nessus_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_nessus_server_packets($1)
+	corenet_dontaudit_receive_nessus_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_nessus_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to nessus_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_nessus_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_nessus_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nessus_server_packet_t;
+	')
+
+	allow $1 nessus_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_nessus_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_netport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_netport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_netport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_netport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_netport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_netport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_netport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_netport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_netport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_netport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_netport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_netport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_netport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_netport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_netport_port'($*)) dnl
+	
+	gen_require(`
+		type netport_port_t;
+	')
+
+	allow $1 netport_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_netport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_netport_port'($*)) dnl
+	
+	gen_require(`
+		type netport_port_t;
+	')
+
+	allow $1 netport_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_netport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the netport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_netport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_netport_port'($*)) dnl
+	
+	gen_require(`
+		type netport_port_t;
+	')
+
+	allow $1 netport_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_netport_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send netport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_netport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_netport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_client_packet_t;
+	')
+
+	allow $1 netport_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_netport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send netport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_netport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_netport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_client_packet_t;
+	')
+
+	dontaudit $1 netport_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_netport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive netport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_netport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_netport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_client_packet_t;
+	')
+
+	allow $1 netport_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_netport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive netport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_netport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_netport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_client_packet_t;
+	')
+
+	dontaudit $1 netport_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_netport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive netport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_netport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_netport_client_packets'($*)) dnl
+	
+	corenet_send_netport_client_packets($1)
+	corenet_receive_netport_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_netport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive netport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_netport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_netport_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_netport_client_packets($1)
+	corenet_dontaudit_receive_netport_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_netport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to netport_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_netport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_netport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_client_packet_t;
+	')
+
+	allow $1 netport_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_netport_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send netport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_netport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_netport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_server_packet_t;
+	')
+
+	allow $1 netport_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_netport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send netport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_netport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_netport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_server_packet_t;
+	')
+
+	dontaudit $1 netport_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_netport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive netport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_netport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_netport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_server_packet_t;
+	')
+
+	allow $1 netport_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_netport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive netport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_netport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_netport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_server_packet_t;
+	')
+
+	dontaudit $1 netport_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_netport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive netport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_netport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_netport_server_packets'($*)) dnl
+	
+	corenet_send_netport_server_packets($1)
+	corenet_receive_netport_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_netport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive netport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_netport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_netport_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_netport_server_packets($1)
+	corenet_dontaudit_receive_netport_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_netport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to netport_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_netport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_netport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netport_server_packet_t;
+	')
+
+	allow $1 netport_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_netport_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_netsupport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_netsupport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_netsupport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_netsupport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_netsupport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_netsupport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_netsupport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_netsupport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_netsupport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_netsupport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_netsupport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_netsupport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_netsupport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_netsupport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_netsupport_port'($*)) dnl
+	
+	gen_require(`
+		type netsupport_port_t;
+	')
+
+	allow $1 netsupport_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_netsupport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_netsupport_port'($*)) dnl
+	
+	gen_require(`
+		type netsupport_port_t;
+	')
+
+	allow $1 netsupport_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_netsupport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the netsupport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_netsupport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_netsupport_port'($*)) dnl
+	
+	gen_require(`
+		type netsupport_port_t;
+	')
+
+	allow $1 netsupport_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_netsupport_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send netsupport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_netsupport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_netsupport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_client_packet_t;
+	')
+
+	allow $1 netsupport_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_netsupport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send netsupport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_netsupport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_netsupport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_client_packet_t;
+	')
+
+	dontaudit $1 netsupport_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_netsupport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive netsupport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_netsupport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_netsupport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_client_packet_t;
+	')
+
+	allow $1 netsupport_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_netsupport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive netsupport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_netsupport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_netsupport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_client_packet_t;
+	')
+
+	dontaudit $1 netsupport_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_netsupport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive netsupport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_netsupport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_netsupport_client_packets'($*)) dnl
+	
+	corenet_send_netsupport_client_packets($1)
+	corenet_receive_netsupport_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_netsupport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive netsupport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_netsupport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_netsupport_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_netsupport_client_packets($1)
+	corenet_dontaudit_receive_netsupport_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_netsupport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to netsupport_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_netsupport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_netsupport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_client_packet_t;
+	')
+
+	allow $1 netsupport_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_netsupport_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send netsupport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_netsupport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_netsupport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_server_packet_t;
+	')
+
+	allow $1 netsupport_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_netsupport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send netsupport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_netsupport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_netsupport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_server_packet_t;
+	')
+
+	dontaudit $1 netsupport_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_netsupport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive netsupport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_netsupport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_netsupport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_server_packet_t;
+	')
+
+	allow $1 netsupport_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_netsupport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive netsupport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_netsupport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_netsupport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_server_packet_t;
+	')
+
+	dontaudit $1 netsupport_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_netsupport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive netsupport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_netsupport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_netsupport_server_packets'($*)) dnl
+	
+	corenet_send_netsupport_server_packets($1)
+	corenet_receive_netsupport_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_netsupport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive netsupport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_netsupport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_netsupport_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_netsupport_server_packets($1)
+	corenet_dontaudit_receive_netsupport_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_netsupport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to netsupport_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_netsupport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_netsupport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type netsupport_server_packet_t;
+	')
+
+	allow $1 netsupport_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_netsupport_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_nfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_nfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_nfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_nfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_nfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_nfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_nfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_nfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_nfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_nfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_nfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_nfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_nfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_nfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_nfs_port'($*)) dnl
+	
+	gen_require(`
+		type nfs_port_t;
+	')
+
+	allow $1 nfs_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_nfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_nfs_port'($*)) dnl
+	
+	gen_require(`
+		type nfs_port_t;
+	')
+
+	allow $1 nfs_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_nfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the nfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_nfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_nfs_port'($*)) dnl
+	
+	gen_require(`
+		type nfs_port_t;
+	')
+
+	allow $1 nfs_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_nfs_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send nfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_nfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_nfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_client_packet_t;
+	')
+
+	allow $1 nfs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_nfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send nfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_nfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_nfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_client_packet_t;
+	')
+
+	dontaudit $1 nfs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_nfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive nfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_nfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_nfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_client_packet_t;
+	')
+
+	allow $1 nfs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_nfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive nfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_nfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_nfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_client_packet_t;
+	')
+
+	dontaudit $1 nfs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_nfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive nfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_nfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_nfs_client_packets'($*)) dnl
+	
+	corenet_send_nfs_client_packets($1)
+	corenet_receive_nfs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_nfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive nfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_nfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_nfs_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_nfs_client_packets($1)
+	corenet_dontaudit_receive_nfs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_nfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to nfs_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_nfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_nfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_client_packet_t;
+	')
+
+	allow $1 nfs_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_nfs_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send nfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_nfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_nfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_server_packet_t;
+	')
+
+	allow $1 nfs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_nfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send nfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_nfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_nfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_server_packet_t;
+	')
+
+	dontaudit $1 nfs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_nfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive nfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_nfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_nfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_server_packet_t;
+	')
+
+	allow $1 nfs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_nfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive nfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_nfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_nfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_server_packet_t;
+	')
+
+	dontaudit $1 nfs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_nfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive nfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_nfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_nfs_server_packets'($*)) dnl
+	
+	corenet_send_nfs_server_packets($1)
+	corenet_receive_nfs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_nfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive nfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_nfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_nfs_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_nfs_server_packets($1)
+	corenet_dontaudit_receive_nfs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_nfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to nfs_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_nfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_nfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfs_server_packet_t;
+	')
+
+	allow $1 nfs_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_nfs_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_nfsrdma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_nfsrdma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_nfsrdma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_nfsrdma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_nfsrdma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_nfsrdma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_nfsrdma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_nfsrdma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_nfsrdma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_nfsrdma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_nfsrdma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_nfsrdma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_nfsrdma_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_nfsrdma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_nfsrdma_port'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_port_t;
+	')
+
+	allow $1 nfsrdma_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_nfsrdma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_nfsrdma_port'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_port_t;
+	')
+
+	allow $1 nfsrdma_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_nfsrdma_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the nfsrdma port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_nfsrdma_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_nfsrdma_port'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_port_t;
+	')
+
+	allow $1 nfsrdma_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_nfsrdma_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send nfsrdma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_nfsrdma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_nfsrdma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_client_packet_t;
+	')
+
+	allow $1 nfsrdma_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_nfsrdma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send nfsrdma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_nfsrdma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_nfsrdma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_client_packet_t;
+	')
+
+	dontaudit $1 nfsrdma_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_nfsrdma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive nfsrdma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_nfsrdma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_nfsrdma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_client_packet_t;
+	')
+
+	allow $1 nfsrdma_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_nfsrdma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive nfsrdma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_nfsrdma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_nfsrdma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_client_packet_t;
+	')
+
+	dontaudit $1 nfsrdma_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_nfsrdma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive nfsrdma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_nfsrdma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_nfsrdma_client_packets'($*)) dnl
+	
+	corenet_send_nfsrdma_client_packets($1)
+	corenet_receive_nfsrdma_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_nfsrdma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive nfsrdma_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_nfsrdma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_nfsrdma_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_nfsrdma_client_packets($1)
+	corenet_dontaudit_receive_nfsrdma_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_nfsrdma_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to nfsrdma_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_nfsrdma_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_nfsrdma_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_client_packet_t;
+	')
+
+	allow $1 nfsrdma_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_nfsrdma_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send nfsrdma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_nfsrdma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_nfsrdma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_server_packet_t;
+	')
+
+	allow $1 nfsrdma_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_nfsrdma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send nfsrdma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_nfsrdma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_nfsrdma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_server_packet_t;
+	')
+
+	dontaudit $1 nfsrdma_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_nfsrdma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive nfsrdma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_nfsrdma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_nfsrdma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_server_packet_t;
+	')
+
+	allow $1 nfsrdma_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_nfsrdma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive nfsrdma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_nfsrdma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_nfsrdma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_server_packet_t;
+	')
+
+	dontaudit $1 nfsrdma_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_nfsrdma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive nfsrdma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_nfsrdma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_nfsrdma_server_packets'($*)) dnl
+	
+	corenet_send_nfsrdma_server_packets($1)
+	corenet_receive_nfsrdma_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_nfsrdma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive nfsrdma_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_nfsrdma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_nfsrdma_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_nfsrdma_server_packets($1)
+	corenet_dontaudit_receive_nfsrdma_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_nfsrdma_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to nfsrdma_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_nfsrdma_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_nfsrdma_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nfsrdma_server_packet_t;
+	')
+
+	allow $1 nfsrdma_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_nfsrdma_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_nmbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_nmbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_nmbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_nmbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_nmbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_nmbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_nmbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_nmbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_nmbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_nmbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_nmbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_nmbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_nmbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_nmbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_nmbd_port'($*)) dnl
+	
+	gen_require(`
+		type nmbd_port_t;
+	')
+
+	allow $1 nmbd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_nmbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_nmbd_port'($*)) dnl
+	
+	gen_require(`
+		type nmbd_port_t;
+	')
+
+	allow $1 nmbd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_nmbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the nmbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_nmbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_nmbd_port'($*)) dnl
+	
+	gen_require(`
+		type nmbd_port_t;
+	')
+
+	allow $1 nmbd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_nmbd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send nmbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_nmbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_nmbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_client_packet_t;
+	')
+
+	allow $1 nmbd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_nmbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send nmbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_nmbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_nmbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_client_packet_t;
+	')
+
+	dontaudit $1 nmbd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_nmbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive nmbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_nmbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_nmbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_client_packet_t;
+	')
+
+	allow $1 nmbd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_nmbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive nmbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_nmbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_nmbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_client_packet_t;
+	')
+
+	dontaudit $1 nmbd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_nmbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive nmbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_nmbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_nmbd_client_packets'($*)) dnl
+	
+	corenet_send_nmbd_client_packets($1)
+	corenet_receive_nmbd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_nmbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive nmbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_nmbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_nmbd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_nmbd_client_packets($1)
+	corenet_dontaudit_receive_nmbd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_nmbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to nmbd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_nmbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_nmbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_client_packet_t;
+	')
+
+	allow $1 nmbd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_nmbd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send nmbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_nmbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_nmbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_server_packet_t;
+	')
+
+	allow $1 nmbd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_nmbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send nmbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_nmbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_nmbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_server_packet_t;
+	')
+
+	dontaudit $1 nmbd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_nmbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive nmbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_nmbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_nmbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_server_packet_t;
+	')
+
+	allow $1 nmbd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_nmbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive nmbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_nmbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_nmbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_server_packet_t;
+	')
+
+	dontaudit $1 nmbd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_nmbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive nmbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_nmbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_nmbd_server_packets'($*)) dnl
+	
+	corenet_send_nmbd_server_packets($1)
+	corenet_receive_nmbd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_nmbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive nmbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_nmbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_nmbd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_nmbd_server_packets($1)
+	corenet_dontaudit_receive_nmbd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_nmbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to nmbd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_nmbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_nmbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type nmbd_server_packet_t;
+	')
+
+	allow $1 nmbd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_nmbd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ntop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ntop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ntop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ntop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ntop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ntop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ntop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ntop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ntop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ntop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ntop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ntop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ntop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ntop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ntop_port'($*)) dnl
+	
+	gen_require(`
+		type ntop_port_t;
+	')
+
+	allow $1 ntop_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ntop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ntop_port'($*)) dnl
+	
+	gen_require(`
+		type ntop_port_t;
+	')
+
+	allow $1 ntop_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ntop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ntop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ntop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ntop_port'($*)) dnl
+	
+	gen_require(`
+		type ntop_port_t;
+	')
+
+	allow $1 ntop_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ntop_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ntop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ntop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ntop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_client_packet_t;
+	')
+
+	allow $1 ntop_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ntop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ntop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ntop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ntop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_client_packet_t;
+	')
+
+	dontaudit $1 ntop_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ntop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ntop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ntop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ntop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_client_packet_t;
+	')
+
+	allow $1 ntop_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ntop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ntop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ntop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ntop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_client_packet_t;
+	')
+
+	dontaudit $1 ntop_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ntop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ntop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ntop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ntop_client_packets'($*)) dnl
+	
+	corenet_send_ntop_client_packets($1)
+	corenet_receive_ntop_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ntop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ntop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ntop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ntop_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ntop_client_packets($1)
+	corenet_dontaudit_receive_ntop_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ntop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ntop_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ntop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ntop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_client_packet_t;
+	')
+
+	allow $1 ntop_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ntop_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ntop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ntop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ntop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_server_packet_t;
+	')
+
+	allow $1 ntop_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ntop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ntop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ntop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ntop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_server_packet_t;
+	')
+
+	dontaudit $1 ntop_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ntop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ntop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ntop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ntop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_server_packet_t;
+	')
+
+	allow $1 ntop_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ntop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ntop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ntop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ntop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_server_packet_t;
+	')
+
+	dontaudit $1 ntop_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ntop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ntop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ntop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ntop_server_packets'($*)) dnl
+	
+	corenet_send_ntop_server_packets($1)
+	corenet_receive_ntop_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ntop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ntop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ntop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ntop_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ntop_server_packets($1)
+	corenet_dontaudit_receive_ntop_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ntop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ntop_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ntop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ntop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntop_server_packet_t;
+	')
+
+	allow $1 ntop_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ntop_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ntp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ntp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ntp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ntp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ntp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ntp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ntp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ntp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ntp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ntp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ntp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ntp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ntp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ntp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ntp_port'($*)) dnl
+	
+	gen_require(`
+		type ntp_port_t;
+	')
+
+	allow $1 ntp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ntp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ntp_port'($*)) dnl
+	
+	gen_require(`
+		type ntp_port_t;
+	')
+
+	allow $1 ntp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ntp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ntp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ntp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ntp_port'($*)) dnl
+	
+	gen_require(`
+		type ntp_port_t;
+	')
+
+	allow $1 ntp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ntp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ntp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ntp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ntp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_client_packet_t;
+	')
+
+	allow $1 ntp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ntp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ntp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ntp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ntp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_client_packet_t;
+	')
+
+	dontaudit $1 ntp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ntp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ntp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ntp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ntp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_client_packet_t;
+	')
+
+	allow $1 ntp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ntp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ntp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ntp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ntp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_client_packet_t;
+	')
+
+	dontaudit $1 ntp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ntp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ntp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ntp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ntp_client_packets'($*)) dnl
+	
+	corenet_send_ntp_client_packets($1)
+	corenet_receive_ntp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ntp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ntp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ntp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ntp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ntp_client_packets($1)
+	corenet_dontaudit_receive_ntp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ntp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ntp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ntp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ntp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_client_packet_t;
+	')
+
+	allow $1 ntp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ntp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ntp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ntp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ntp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_server_packet_t;
+	')
+
+	allow $1 ntp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ntp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ntp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ntp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ntp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_server_packet_t;
+	')
+
+	dontaudit $1 ntp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ntp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ntp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ntp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ntp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_server_packet_t;
+	')
+
+	allow $1 ntp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ntp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ntp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ntp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ntp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_server_packet_t;
+	')
+
+	dontaudit $1 ntp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ntp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ntp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ntp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ntp_server_packets'($*)) dnl
+	
+	corenet_send_ntp_server_packets($1)
+	corenet_receive_ntp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ntp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ntp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ntp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ntp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ntp_server_packets($1)
+	corenet_dontaudit_receive_ntp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ntp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ntp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ntp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ntp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ntp_server_packet_t;
+	')
+
+	allow $1 ntp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ntp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_oa_system_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_oa_system_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_oa_system_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_oa_system_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_oa_system_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_oa_system_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_oa_system_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_oa_system_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_oa_system_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_oa_system_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_oa_system_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_oa_system_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_oa_system_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_oa_system_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_oa_system_port'($*)) dnl
+	
+	gen_require(`
+		type oa_system_port_t;
+	')
+
+	allow $1 oa_system_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_oa_system_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_oa_system_port'($*)) dnl
+	
+	gen_require(`
+		type oa_system_port_t;
+	')
+
+	allow $1 oa_system_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_oa_system_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the oa_system port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_oa_system_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_oa_system_port'($*)) dnl
+	
+	gen_require(`
+		type oa_system_port_t;
+	')
+
+	allow $1 oa_system_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_oa_system_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send oa_system_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_oa_system_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_oa_system_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_client_packet_t;
+	')
+
+	allow $1 oa_system_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_oa_system_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send oa_system_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_oa_system_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_oa_system_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_client_packet_t;
+	')
+
+	dontaudit $1 oa_system_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_oa_system_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive oa_system_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_oa_system_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_oa_system_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_client_packet_t;
+	')
+
+	allow $1 oa_system_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_oa_system_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive oa_system_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_oa_system_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_oa_system_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_client_packet_t;
+	')
+
+	dontaudit $1 oa_system_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_oa_system_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive oa_system_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_oa_system_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_oa_system_client_packets'($*)) dnl
+	
+	corenet_send_oa_system_client_packets($1)
+	corenet_receive_oa_system_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_oa_system_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive oa_system_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_oa_system_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_oa_system_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_oa_system_client_packets($1)
+	corenet_dontaudit_receive_oa_system_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_oa_system_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to oa_system_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_oa_system_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_oa_system_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_client_packet_t;
+	')
+
+	allow $1 oa_system_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_oa_system_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send oa_system_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_oa_system_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_oa_system_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_server_packet_t;
+	')
+
+	allow $1 oa_system_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_oa_system_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send oa_system_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_oa_system_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_oa_system_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_server_packet_t;
+	')
+
+	dontaudit $1 oa_system_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_oa_system_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive oa_system_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_oa_system_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_oa_system_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_server_packet_t;
+	')
+
+	allow $1 oa_system_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_oa_system_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive oa_system_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_oa_system_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_oa_system_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_server_packet_t;
+	')
+
+	dontaudit $1 oa_system_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_oa_system_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive oa_system_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_oa_system_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_oa_system_server_packets'($*)) dnl
+	
+	corenet_send_oa_system_server_packets($1)
+	corenet_receive_oa_system_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_oa_system_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive oa_system_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_oa_system_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_oa_system_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_oa_system_server_packets($1)
+	corenet_dontaudit_receive_oa_system_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_oa_system_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to oa_system_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_oa_system_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_oa_system_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oa_system_server_packet_t;
+	')
+
+	allow $1 oa_system_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_oa_system_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_oracledb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_oracledb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_oracledb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_oracledb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_oracledb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_oracledb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_oracledb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_oracledb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_oracledb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_oracledb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_oracledb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_oracledb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_oracledb_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_oracledb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_oracledb_port'($*)) dnl
+	
+	gen_require(`
+		type oracledb_port_t;
+	')
+
+	allow $1 oracledb_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_oracledb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_oracledb_port'($*)) dnl
+	
+	gen_require(`
+		type oracledb_port_t;
+	')
+
+	allow $1 oracledb_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_oracledb_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the oracledb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_oracledb_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_oracledb_port'($*)) dnl
+	
+	gen_require(`
+		type oracledb_port_t;
+	')
+
+	allow $1 oracledb_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_oracledb_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send oracledb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_oracledb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_oracledb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_client_packet_t;
+	')
+
+	allow $1 oracledb_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_oracledb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send oracledb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_oracledb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_oracledb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_client_packet_t;
+	')
+
+	dontaudit $1 oracledb_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_oracledb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive oracledb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_oracledb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_oracledb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_client_packet_t;
+	')
+
+	allow $1 oracledb_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_oracledb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive oracledb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_oracledb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_oracledb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_client_packet_t;
+	')
+
+	dontaudit $1 oracledb_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_oracledb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive oracledb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_oracledb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_oracledb_client_packets'($*)) dnl
+	
+	corenet_send_oracledb_client_packets($1)
+	corenet_receive_oracledb_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_oracledb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive oracledb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_oracledb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_oracledb_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_oracledb_client_packets($1)
+	corenet_dontaudit_receive_oracledb_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_oracledb_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to oracledb_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_oracledb_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_oracledb_client_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_client_packet_t;
+	')
+
+	allow $1 oracledb_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_oracledb_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send oracledb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_oracledb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_oracledb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_server_packet_t;
+	')
+
+	allow $1 oracledb_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_oracledb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send oracledb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_oracledb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_oracledb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_server_packet_t;
+	')
+
+	dontaudit $1 oracledb_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_oracledb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive oracledb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_oracledb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_oracledb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_server_packet_t;
+	')
+
+	allow $1 oracledb_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_oracledb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive oracledb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_oracledb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_oracledb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_server_packet_t;
+	')
+
+	dontaudit $1 oracledb_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_oracledb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive oracledb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_oracledb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_oracledb_server_packets'($*)) dnl
+	
+	corenet_send_oracledb_server_packets($1)
+	corenet_receive_oracledb_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_oracledb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive oracledb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_oracledb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_oracledb_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_oracledb_server_packets($1)
+	corenet_dontaudit_receive_oracledb_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_oracledb_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to oracledb_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_oracledb_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_oracledb_server_packets'($*)) dnl
+	
+	gen_require(`
+		type oracledb_server_packet_t;
+	')
+
+	allow $1 oracledb_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_oracledb_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ocsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ocsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ocsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ocsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ocsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ocsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ocsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ocsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ocsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ocsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ocsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ocsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ocsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ocsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ocsp_port'($*)) dnl
+	
+	gen_require(`
+		type ocsp_port_t;
+	')
+
+	allow $1 ocsp_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ocsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ocsp_port'($*)) dnl
+	
+	gen_require(`
+		type ocsp_port_t;
+	')
+
+	allow $1 ocsp_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ocsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ocsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ocsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ocsp_port'($*)) dnl
+	
+	gen_require(`
+		type ocsp_port_t;
+	')
+
+	allow $1 ocsp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ocsp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ocsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ocsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ocsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_client_packet_t;
+	')
+
+	allow $1 ocsp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ocsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ocsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ocsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ocsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_client_packet_t;
+	')
+
+	dontaudit $1 ocsp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ocsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ocsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ocsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ocsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_client_packet_t;
+	')
+
+	allow $1 ocsp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ocsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ocsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ocsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ocsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_client_packet_t;
+	')
+
+	dontaudit $1 ocsp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ocsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ocsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ocsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ocsp_client_packets'($*)) dnl
+	
+	corenet_send_ocsp_client_packets($1)
+	corenet_receive_ocsp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ocsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ocsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ocsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ocsp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ocsp_client_packets($1)
+	corenet_dontaudit_receive_ocsp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ocsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ocsp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ocsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ocsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_client_packet_t;
+	')
+
+	allow $1 ocsp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ocsp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ocsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ocsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ocsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_server_packet_t;
+	')
+
+	allow $1 ocsp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ocsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ocsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ocsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ocsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_server_packet_t;
+	')
+
+	dontaudit $1 ocsp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ocsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ocsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ocsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ocsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_server_packet_t;
+	')
+
+	allow $1 ocsp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ocsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ocsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ocsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ocsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_server_packet_t;
+	')
+
+	dontaudit $1 ocsp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ocsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ocsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ocsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ocsp_server_packets'($*)) dnl
+	
+	corenet_send_ocsp_server_packets($1)
+	corenet_receive_ocsp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ocsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ocsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ocsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ocsp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ocsp_server_packets($1)
+	corenet_dontaudit_receive_ocsp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ocsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ocsp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ocsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ocsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ocsp_server_packet_t;
+	')
+
+	allow $1 ocsp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ocsp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_openhpid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_openhpid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_openhpid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_openhpid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_openhpid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_openhpid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_openhpid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_openhpid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_openhpid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_openhpid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_openhpid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_openhpid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_openhpid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_openhpid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_openhpid_port'($*)) dnl
+	
+	gen_require(`
+		type openhpid_port_t;
+	')
+
+	allow $1 openhpid_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_openhpid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_openhpid_port'($*)) dnl
+	
+	gen_require(`
+		type openhpid_port_t;
+	')
+
+	allow $1 openhpid_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_openhpid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the openhpid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_openhpid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_openhpid_port'($*)) dnl
+	
+	gen_require(`
+		type openhpid_port_t;
+	')
+
+	allow $1 openhpid_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_openhpid_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send openhpid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_openhpid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_openhpid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_client_packet_t;
+	')
+
+	allow $1 openhpid_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_openhpid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send openhpid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_openhpid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_openhpid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_client_packet_t;
+	')
+
+	dontaudit $1 openhpid_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_openhpid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive openhpid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_openhpid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_openhpid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_client_packet_t;
+	')
+
+	allow $1 openhpid_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_openhpid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive openhpid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_openhpid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_openhpid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_client_packet_t;
+	')
+
+	dontaudit $1 openhpid_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_openhpid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive openhpid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_openhpid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_openhpid_client_packets'($*)) dnl
+	
+	corenet_send_openhpid_client_packets($1)
+	corenet_receive_openhpid_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_openhpid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive openhpid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_openhpid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_openhpid_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_openhpid_client_packets($1)
+	corenet_dontaudit_receive_openhpid_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_openhpid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to openhpid_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_openhpid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_openhpid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_client_packet_t;
+	')
+
+	allow $1 openhpid_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_openhpid_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send openhpid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_openhpid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_openhpid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_server_packet_t;
+	')
+
+	allow $1 openhpid_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_openhpid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send openhpid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_openhpid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_openhpid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_server_packet_t;
+	')
+
+	dontaudit $1 openhpid_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_openhpid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive openhpid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_openhpid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_openhpid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_server_packet_t;
+	')
+
+	allow $1 openhpid_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_openhpid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive openhpid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_openhpid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_openhpid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_server_packet_t;
+	')
+
+	dontaudit $1 openhpid_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_openhpid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive openhpid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_openhpid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_openhpid_server_packets'($*)) dnl
+	
+	corenet_send_openhpid_server_packets($1)
+	corenet_receive_openhpid_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_openhpid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive openhpid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_openhpid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_openhpid_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_openhpid_server_packets($1)
+	corenet_dontaudit_receive_openhpid_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_openhpid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to openhpid_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_openhpid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_openhpid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openhpid_server_packet_t;
+	')
+
+	allow $1 openhpid_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_openhpid_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_openvpn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_openvpn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_openvpn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_openvpn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_openvpn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_openvpn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_openvpn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_openvpn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_openvpn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_openvpn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_openvpn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_openvpn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_openvpn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_openvpn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_openvpn_port'($*)) dnl
+	
+	gen_require(`
+		type openvpn_port_t;
+	')
+
+	allow $1 openvpn_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_openvpn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_openvpn_port'($*)) dnl
+	
+	gen_require(`
+		type openvpn_port_t;
+	')
+
+	allow $1 openvpn_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_openvpn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the openvpn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_openvpn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_openvpn_port'($*)) dnl
+	
+	gen_require(`
+		type openvpn_port_t;
+	')
+
+	allow $1 openvpn_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_openvpn_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send openvpn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_openvpn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_openvpn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_client_packet_t;
+	')
+
+	allow $1 openvpn_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_openvpn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send openvpn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_openvpn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_openvpn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_client_packet_t;
+	')
+
+	dontaudit $1 openvpn_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_openvpn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive openvpn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_openvpn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_openvpn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_client_packet_t;
+	')
+
+	allow $1 openvpn_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_openvpn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive openvpn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_openvpn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_openvpn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_client_packet_t;
+	')
+
+	dontaudit $1 openvpn_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_openvpn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive openvpn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_openvpn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_openvpn_client_packets'($*)) dnl
+	
+	corenet_send_openvpn_client_packets($1)
+	corenet_receive_openvpn_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_openvpn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive openvpn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_openvpn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_openvpn_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_openvpn_client_packets($1)
+	corenet_dontaudit_receive_openvpn_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_openvpn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to openvpn_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_openvpn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_openvpn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_client_packet_t;
+	')
+
+	allow $1 openvpn_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_openvpn_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send openvpn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_openvpn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_openvpn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_server_packet_t;
+	')
+
+	allow $1 openvpn_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_openvpn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send openvpn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_openvpn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_openvpn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_server_packet_t;
+	')
+
+	dontaudit $1 openvpn_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_openvpn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive openvpn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_openvpn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_openvpn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_server_packet_t;
+	')
+
+	allow $1 openvpn_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_openvpn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive openvpn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_openvpn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_openvpn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_server_packet_t;
+	')
+
+	dontaudit $1 openvpn_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_openvpn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive openvpn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_openvpn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_openvpn_server_packets'($*)) dnl
+	
+	corenet_send_openvpn_server_packets($1)
+	corenet_receive_openvpn_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_openvpn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive openvpn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_openvpn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_openvpn_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_openvpn_server_packets($1)
+	corenet_dontaudit_receive_openvpn_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_openvpn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to openvpn_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_openvpn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_openvpn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type openvpn_server_packet_t;
+	')
+
+	allow $1 openvpn_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_openvpn_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pdps_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pdps_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pdps_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pdps_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pdps_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pdps_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pdps_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pdps_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pdps_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pdps_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pdps_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pdps_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pdps_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pdps_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pdps_port'($*)) dnl
+	
+	gen_require(`
+		type pdps_port_t;
+	')
+
+	allow $1 pdps_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pdps_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pdps_port'($*)) dnl
+	
+	gen_require(`
+		type pdps_port_t;
+	')
+
+	allow $1 pdps_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pdps_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pdps port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pdps_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pdps_port'($*)) dnl
+	
+	gen_require(`
+		type pdps_port_t;
+	')
+
+	allow $1 pdps_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pdps_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pdps_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pdps_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pdps_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_client_packet_t;
+	')
+
+	allow $1 pdps_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pdps_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pdps_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pdps_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pdps_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_client_packet_t;
+	')
+
+	dontaudit $1 pdps_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pdps_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pdps_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pdps_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pdps_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_client_packet_t;
+	')
+
+	allow $1 pdps_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pdps_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pdps_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pdps_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pdps_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_client_packet_t;
+	')
+
+	dontaudit $1 pdps_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pdps_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pdps_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pdps_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pdps_client_packets'($*)) dnl
+	
+	corenet_send_pdps_client_packets($1)
+	corenet_receive_pdps_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pdps_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pdps_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pdps_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pdps_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pdps_client_packets($1)
+	corenet_dontaudit_receive_pdps_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pdps_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pdps_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pdps_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pdps_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_client_packet_t;
+	')
+
+	allow $1 pdps_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pdps_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pdps_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pdps_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pdps_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_server_packet_t;
+	')
+
+	allow $1 pdps_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pdps_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pdps_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pdps_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pdps_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_server_packet_t;
+	')
+
+	dontaudit $1 pdps_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pdps_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pdps_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pdps_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pdps_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_server_packet_t;
+	')
+
+	allow $1 pdps_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pdps_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pdps_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pdps_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pdps_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_server_packet_t;
+	')
+
+	dontaudit $1 pdps_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pdps_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pdps_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pdps_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pdps_server_packets'($*)) dnl
+	
+	corenet_send_pdps_server_packets($1)
+	corenet_receive_pdps_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pdps_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pdps_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pdps_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pdps_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pdps_server_packets($1)
+	corenet_dontaudit_receive_pdps_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pdps_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pdps_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pdps_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pdps_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pdps_server_packet_t;
+	')
+
+	allow $1 pdps_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pdps_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pegasus_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pegasus_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pegasus_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pegasus_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pegasus_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pegasus_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pegasus_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pegasus_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pegasus_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pegasus_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pegasus_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pegasus_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pegasus_http_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pegasus_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pegasus_http_port'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_port_t;
+	')
+
+	allow $1 pegasus_http_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pegasus_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pegasus_http_port'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_port_t;
+	')
+
+	allow $1 pegasus_http_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pegasus_http_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pegasus_http port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pegasus_http_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pegasus_http_port'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_port_t;
+	')
+
+	allow $1 pegasus_http_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pegasus_http_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pegasus_http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pegasus_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pegasus_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_client_packet_t;
+	')
+
+	allow $1 pegasus_http_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pegasus_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pegasus_http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pegasus_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pegasus_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_client_packet_t;
+	')
+
+	dontaudit $1 pegasus_http_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pegasus_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pegasus_http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pegasus_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pegasus_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_client_packet_t;
+	')
+
+	allow $1 pegasus_http_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pegasus_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pegasus_http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pegasus_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pegasus_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_client_packet_t;
+	')
+
+	dontaudit $1 pegasus_http_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pegasus_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pegasus_http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pegasus_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pegasus_http_client_packets'($*)) dnl
+	
+	corenet_send_pegasus_http_client_packets($1)
+	corenet_receive_pegasus_http_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pegasus_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pegasus_http_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pegasus_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pegasus_http_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pegasus_http_client_packets($1)
+	corenet_dontaudit_receive_pegasus_http_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pegasus_http_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pegasus_http_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pegasus_http_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pegasus_http_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_client_packet_t;
+	')
+
+	allow $1 pegasus_http_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pegasus_http_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pegasus_http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pegasus_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pegasus_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_server_packet_t;
+	')
+
+	allow $1 pegasus_http_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pegasus_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pegasus_http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pegasus_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pegasus_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_server_packet_t;
+	')
+
+	dontaudit $1 pegasus_http_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pegasus_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pegasus_http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pegasus_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pegasus_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_server_packet_t;
+	')
+
+	allow $1 pegasus_http_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pegasus_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pegasus_http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pegasus_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pegasus_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_server_packet_t;
+	')
+
+	dontaudit $1 pegasus_http_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pegasus_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pegasus_http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pegasus_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pegasus_http_server_packets'($*)) dnl
+	
+	corenet_send_pegasus_http_server_packets($1)
+	corenet_receive_pegasus_http_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pegasus_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pegasus_http_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pegasus_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pegasus_http_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pegasus_http_server_packets($1)
+	corenet_dontaudit_receive_pegasus_http_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pegasus_http_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pegasus_http_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pegasus_http_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pegasus_http_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_http_server_packet_t;
+	')
+
+	allow $1 pegasus_http_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pegasus_http_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pegasus_https_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pegasus_https_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pegasus_https_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pegasus_https_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pegasus_https_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pegasus_https_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pegasus_https_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pegasus_https_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pegasus_https_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pegasus_https_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pegasus_https_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pegasus_https_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pegasus_https_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pegasus_https_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pegasus_https_port'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_port_t;
+	')
+
+	allow $1 pegasus_https_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pegasus_https_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pegasus_https_port'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_port_t;
+	')
+
+	allow $1 pegasus_https_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pegasus_https_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pegasus_https port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pegasus_https_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pegasus_https_port'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_port_t;
+	')
+
+	allow $1 pegasus_https_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pegasus_https_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pegasus_https_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pegasus_https_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pegasus_https_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_client_packet_t;
+	')
+
+	allow $1 pegasus_https_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pegasus_https_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pegasus_https_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pegasus_https_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pegasus_https_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_client_packet_t;
+	')
+
+	dontaudit $1 pegasus_https_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pegasus_https_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pegasus_https_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pegasus_https_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pegasus_https_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_client_packet_t;
+	')
+
+	allow $1 pegasus_https_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pegasus_https_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pegasus_https_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pegasus_https_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pegasus_https_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_client_packet_t;
+	')
+
+	dontaudit $1 pegasus_https_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pegasus_https_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pegasus_https_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pegasus_https_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pegasus_https_client_packets'($*)) dnl
+	
+	corenet_send_pegasus_https_client_packets($1)
+	corenet_receive_pegasus_https_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pegasus_https_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pegasus_https_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pegasus_https_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pegasus_https_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pegasus_https_client_packets($1)
+	corenet_dontaudit_receive_pegasus_https_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pegasus_https_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pegasus_https_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pegasus_https_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pegasus_https_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_client_packet_t;
+	')
+
+	allow $1 pegasus_https_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pegasus_https_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pegasus_https_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pegasus_https_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pegasus_https_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_server_packet_t;
+	')
+
+	allow $1 pegasus_https_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pegasus_https_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pegasus_https_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pegasus_https_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pegasus_https_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_server_packet_t;
+	')
+
+	dontaudit $1 pegasus_https_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pegasus_https_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pegasus_https_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pegasus_https_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pegasus_https_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_server_packet_t;
+	')
+
+	allow $1 pegasus_https_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pegasus_https_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pegasus_https_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pegasus_https_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pegasus_https_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_server_packet_t;
+	')
+
+	dontaudit $1 pegasus_https_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pegasus_https_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pegasus_https_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pegasus_https_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pegasus_https_server_packets'($*)) dnl
+	
+	corenet_send_pegasus_https_server_packets($1)
+	corenet_receive_pegasus_https_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pegasus_https_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pegasus_https_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pegasus_https_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pegasus_https_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pegasus_https_server_packets($1)
+	corenet_dontaudit_receive_pegasus_https_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pegasus_https_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pegasus_https_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pegasus_https_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pegasus_https_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pegasus_https_server_packet_t;
+	')
+
+	allow $1 pegasus_https_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pegasus_https_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pgpkeyserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pgpkeyserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pgpkeyserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pgpkeyserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pgpkeyserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pgpkeyserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pgpkeyserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pgpkeyserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pgpkeyserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pgpkeyserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pgpkeyserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pgpkeyserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pgpkeyserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pgpkeyserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pgpkeyserver_port'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_port_t;
+	')
+
+	allow $1 pgpkeyserver_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pgpkeyserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pgpkeyserver_port'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_port_t;
+	')
+
+	allow $1 pgpkeyserver_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pgpkeyserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pgpkeyserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pgpkeyserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pgpkeyserver_port'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_port_t;
+	')
+
+	allow $1 pgpkeyserver_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pgpkeyserver_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pgpkeyserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pgpkeyserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pgpkeyserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_client_packet_t;
+	')
+
+	allow $1 pgpkeyserver_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pgpkeyserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pgpkeyserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pgpkeyserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pgpkeyserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_client_packet_t;
+	')
+
+	dontaudit $1 pgpkeyserver_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pgpkeyserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pgpkeyserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pgpkeyserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pgpkeyserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_client_packet_t;
+	')
+
+	allow $1 pgpkeyserver_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pgpkeyserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pgpkeyserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pgpkeyserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pgpkeyserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_client_packet_t;
+	')
+
+	dontaudit $1 pgpkeyserver_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pgpkeyserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pgpkeyserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pgpkeyserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pgpkeyserver_client_packets'($*)) dnl
+	
+	corenet_send_pgpkeyserver_client_packets($1)
+	corenet_receive_pgpkeyserver_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pgpkeyserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pgpkeyserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pgpkeyserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pgpkeyserver_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pgpkeyserver_client_packets($1)
+	corenet_dontaudit_receive_pgpkeyserver_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pgpkeyserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pgpkeyserver_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pgpkeyserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pgpkeyserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_client_packet_t;
+	')
+
+	allow $1 pgpkeyserver_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pgpkeyserver_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pgpkeyserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pgpkeyserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pgpkeyserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_server_packet_t;
+	')
+
+	allow $1 pgpkeyserver_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pgpkeyserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pgpkeyserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pgpkeyserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pgpkeyserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_server_packet_t;
+	')
+
+	dontaudit $1 pgpkeyserver_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pgpkeyserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pgpkeyserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pgpkeyserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pgpkeyserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_server_packet_t;
+	')
+
+	allow $1 pgpkeyserver_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pgpkeyserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pgpkeyserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pgpkeyserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pgpkeyserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_server_packet_t;
+	')
+
+	dontaudit $1 pgpkeyserver_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pgpkeyserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pgpkeyserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pgpkeyserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pgpkeyserver_server_packets'($*)) dnl
+	
+	corenet_send_pgpkeyserver_server_packets($1)
+	corenet_receive_pgpkeyserver_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pgpkeyserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pgpkeyserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pgpkeyserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pgpkeyserver_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pgpkeyserver_server_packets($1)
+	corenet_dontaudit_receive_pgpkeyserver_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pgpkeyserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pgpkeyserver_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pgpkeyserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pgpkeyserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pgpkeyserver_server_packet_t;
+	')
+
+	allow $1 pgpkeyserver_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pgpkeyserver_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pingd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pingd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pingd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pingd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pingd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pingd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pingd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pingd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pingd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pingd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pingd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pingd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pingd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pingd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pingd_port'($*)) dnl
+	
+	gen_require(`
+		type pingd_port_t;
+	')
+
+	allow $1 pingd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pingd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pingd_port'($*)) dnl
+	
+	gen_require(`
+		type pingd_port_t;
+	')
+
+	allow $1 pingd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pingd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pingd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pingd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pingd_port'($*)) dnl
+	
+	gen_require(`
+		type pingd_port_t;
+	')
+
+	allow $1 pingd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pingd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pingd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pingd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pingd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_client_packet_t;
+	')
+
+	allow $1 pingd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pingd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pingd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pingd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pingd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_client_packet_t;
+	')
+
+	dontaudit $1 pingd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pingd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pingd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pingd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pingd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_client_packet_t;
+	')
+
+	allow $1 pingd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pingd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pingd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pingd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pingd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_client_packet_t;
+	')
+
+	dontaudit $1 pingd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pingd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pingd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pingd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pingd_client_packets'($*)) dnl
+	
+	corenet_send_pingd_client_packets($1)
+	corenet_receive_pingd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pingd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pingd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pingd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pingd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pingd_client_packets($1)
+	corenet_dontaudit_receive_pingd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pingd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pingd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pingd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pingd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_client_packet_t;
+	')
+
+	allow $1 pingd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pingd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pingd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pingd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pingd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_server_packet_t;
+	')
+
+	allow $1 pingd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pingd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pingd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pingd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pingd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_server_packet_t;
+	')
+
+	dontaudit $1 pingd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pingd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pingd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pingd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pingd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_server_packet_t;
+	')
+
+	allow $1 pingd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pingd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pingd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pingd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pingd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_server_packet_t;
+	')
+
+	dontaudit $1 pingd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pingd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pingd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pingd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pingd_server_packets'($*)) dnl
+	
+	corenet_send_pingd_server_packets($1)
+	corenet_receive_pingd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pingd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pingd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pingd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pingd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pingd_server_packets($1)
+	corenet_dontaudit_receive_pingd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pingd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pingd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pingd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pingd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pingd_server_packet_t;
+	')
+
+	allow $1 pingd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pingd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pktcable_cops_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pktcable_cops_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pktcable_cops_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pktcable_cops_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pktcable_cops_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pktcable_cops_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pktcable_cops_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pktcable_cops_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pktcable_cops_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pktcable_cops_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pktcable_cops_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pktcable_cops_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pktcable_cops_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pktcable_cops_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pktcable_cops_port'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_port_t;
+	')
+
+	allow $1 pktcable_cops_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pktcable_cops_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pktcable_cops_port'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_port_t;
+	')
+
+	allow $1 pktcable_cops_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pktcable_cops_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pktcable_cops port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pktcable_cops_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pktcable_cops_port'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_port_t;
+	')
+
+	allow $1 pktcable_cops_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pktcable_cops_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pktcable_cops_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pktcable_cops_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pktcable_cops_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_client_packet_t;
+	')
+
+	allow $1 pktcable_cops_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pktcable_cops_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pktcable_cops_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pktcable_cops_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pktcable_cops_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_client_packet_t;
+	')
+
+	dontaudit $1 pktcable_cops_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pktcable_cops_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pktcable_cops_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pktcable_cops_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pktcable_cops_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_client_packet_t;
+	')
+
+	allow $1 pktcable_cops_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pktcable_cops_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pktcable_cops_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pktcable_cops_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pktcable_cops_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_client_packet_t;
+	')
+
+	dontaudit $1 pktcable_cops_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pktcable_cops_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pktcable_cops_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pktcable_cops_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pktcable_cops_client_packets'($*)) dnl
+	
+	corenet_send_pktcable_cops_client_packets($1)
+	corenet_receive_pktcable_cops_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pktcable_cops_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pktcable_cops_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pktcable_cops_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pktcable_cops_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pktcable_cops_client_packets($1)
+	corenet_dontaudit_receive_pktcable_cops_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pktcable_cops_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pktcable_cops_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pktcable_cops_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pktcable_cops_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_client_packet_t;
+	')
+
+	allow $1 pktcable_cops_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pktcable_cops_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pktcable_cops_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pktcable_cops_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pktcable_cops_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_server_packet_t;
+	')
+
+	allow $1 pktcable_cops_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pktcable_cops_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pktcable_cops_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pktcable_cops_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pktcable_cops_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_server_packet_t;
+	')
+
+	dontaudit $1 pktcable_cops_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pktcable_cops_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pktcable_cops_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pktcable_cops_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pktcable_cops_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_server_packet_t;
+	')
+
+	allow $1 pktcable_cops_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pktcable_cops_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pktcable_cops_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pktcable_cops_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pktcable_cops_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_server_packet_t;
+	')
+
+	dontaudit $1 pktcable_cops_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pktcable_cops_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pktcable_cops_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pktcable_cops_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pktcable_cops_server_packets'($*)) dnl
+	
+	corenet_send_pktcable_cops_server_packets($1)
+	corenet_receive_pktcable_cops_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pktcable_cops_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pktcable_cops_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pktcable_cops_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pktcable_cops_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pktcable_cops_server_packets($1)
+	corenet_dontaudit_receive_pktcable_cops_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pktcable_cops_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pktcable_cops_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pktcable_cops_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pktcable_cops_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pktcable_cops_server_packet_t;
+	')
+
+	allow $1 pktcable_cops_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pktcable_cops_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pop_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pop_port'($*)) dnl
+	
+	gen_require(`
+		type pop_port_t;
+	')
+
+	allow $1 pop_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pop_port'($*)) dnl
+	
+	gen_require(`
+		type pop_port_t;
+	')
+
+	allow $1 pop_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pop_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pop port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pop_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pop_port'($*)) dnl
+	
+	gen_require(`
+		type pop_port_t;
+	')
+
+	allow $1 pop_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pop_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_client_packet_t;
+	')
+
+	allow $1 pop_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_client_packet_t;
+	')
+
+	dontaudit $1 pop_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_client_packet_t;
+	')
+
+	allow $1 pop_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_client_packet_t;
+	')
+
+	dontaudit $1 pop_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pop_client_packets'($*)) dnl
+	
+	corenet_send_pop_client_packets($1)
+	corenet_receive_pop_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pop_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pop_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pop_client_packets($1)
+	corenet_dontaudit_receive_pop_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pop_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pop_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pop_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pop_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_client_packet_t;
+	')
+
+	allow $1 pop_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pop_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_server_packet_t;
+	')
+
+	allow $1 pop_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_server_packet_t;
+	')
+
+	dontaudit $1 pop_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_server_packet_t;
+	')
+
+	allow $1 pop_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_server_packet_t;
+	')
+
+	dontaudit $1 pop_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pop_server_packets'($*)) dnl
+	
+	corenet_send_pop_server_packets($1)
+	corenet_receive_pop_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pop_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pop_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pop_server_packets($1)
+	corenet_dontaudit_receive_pop_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pop_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pop_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pop_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pop_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pop_server_packet_t;
+	')
+
+	allow $1 pop_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pop_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_portmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_portmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_portmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_portmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_portmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_portmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_portmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_portmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_portmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_portmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_portmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_portmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_portmap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_portmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_portmap_port'($*)) dnl
+	
+	gen_require(`
+		type portmap_port_t;
+	')
+
+	allow $1 portmap_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_portmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_portmap_port'($*)) dnl
+	
+	gen_require(`
+		type portmap_port_t;
+	')
+
+	allow $1 portmap_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_portmap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the portmap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_portmap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_portmap_port'($*)) dnl
+	
+	gen_require(`
+		type portmap_port_t;
+	')
+
+	allow $1 portmap_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_portmap_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send portmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_portmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_portmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_client_packet_t;
+	')
+
+	allow $1 portmap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_portmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send portmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_portmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_portmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_client_packet_t;
+	')
+
+	dontaudit $1 portmap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_portmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive portmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_portmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_portmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_client_packet_t;
+	')
+
+	allow $1 portmap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_portmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive portmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_portmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_portmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_client_packet_t;
+	')
+
+	dontaudit $1 portmap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_portmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive portmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_portmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_portmap_client_packets'($*)) dnl
+	
+	corenet_send_portmap_client_packets($1)
+	corenet_receive_portmap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_portmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive portmap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_portmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_portmap_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_portmap_client_packets($1)
+	corenet_dontaudit_receive_portmap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_portmap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to portmap_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_portmap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_portmap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_client_packet_t;
+	')
+
+	allow $1 portmap_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_portmap_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send portmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_portmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_portmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_server_packet_t;
+	')
+
+	allow $1 portmap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_portmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send portmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_portmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_portmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_server_packet_t;
+	')
+
+	dontaudit $1 portmap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_portmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive portmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_portmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_portmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_server_packet_t;
+	')
+
+	allow $1 portmap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_portmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive portmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_portmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_portmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_server_packet_t;
+	')
+
+	dontaudit $1 portmap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_portmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive portmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_portmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_portmap_server_packets'($*)) dnl
+	
+	corenet_send_portmap_server_packets($1)
+	corenet_receive_portmap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_portmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive portmap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_portmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_portmap_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_portmap_server_packets($1)
+	corenet_dontaudit_receive_portmap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_portmap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to portmap_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_portmap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_portmap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type portmap_server_packet_t;
+	')
+
+	allow $1 portmap_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_portmap_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_postfix_policyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_postfix_policyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_postfix_policyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_postfix_policyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_postfix_policyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_postfix_policyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_postfix_policyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_postfix_policyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_postfix_policyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_postfix_policyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_postfix_policyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_postfix_policyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_postfix_policyd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_postfix_policyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_postfix_policyd_port'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_port_t;
+	')
+
+	allow $1 postfix_policyd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_postfix_policyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_postfix_policyd_port'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_port_t;
+	')
+
+	allow $1 postfix_policyd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_postfix_policyd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the postfix_policyd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_postfix_policyd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_postfix_policyd_port'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_port_t;
+	')
+
+	allow $1 postfix_policyd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_postfix_policyd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send postfix_policyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_postfix_policyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_postfix_policyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_client_packet_t;
+	')
+
+	allow $1 postfix_policyd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_postfix_policyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send postfix_policyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_postfix_policyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_postfix_policyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_client_packet_t;
+	')
+
+	dontaudit $1 postfix_policyd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_postfix_policyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive postfix_policyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_postfix_policyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_postfix_policyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_client_packet_t;
+	')
+
+	allow $1 postfix_policyd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_postfix_policyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive postfix_policyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_postfix_policyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_postfix_policyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_client_packet_t;
+	')
+
+	dontaudit $1 postfix_policyd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_postfix_policyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive postfix_policyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_postfix_policyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_postfix_policyd_client_packets'($*)) dnl
+	
+	corenet_send_postfix_policyd_client_packets($1)
+	corenet_receive_postfix_policyd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_postfix_policyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive postfix_policyd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_postfix_policyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_postfix_policyd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_postfix_policyd_client_packets($1)
+	corenet_dontaudit_receive_postfix_policyd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_postfix_policyd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to postfix_policyd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_postfix_policyd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_postfix_policyd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_client_packet_t;
+	')
+
+	allow $1 postfix_policyd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_postfix_policyd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send postfix_policyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_postfix_policyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_postfix_policyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_server_packet_t;
+	')
+
+	allow $1 postfix_policyd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_postfix_policyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send postfix_policyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_postfix_policyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_postfix_policyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_server_packet_t;
+	')
+
+	dontaudit $1 postfix_policyd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_postfix_policyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive postfix_policyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_postfix_policyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_postfix_policyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_server_packet_t;
+	')
+
+	allow $1 postfix_policyd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_postfix_policyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive postfix_policyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_postfix_policyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_postfix_policyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_server_packet_t;
+	')
+
+	dontaudit $1 postfix_policyd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_postfix_policyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive postfix_policyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_postfix_policyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_postfix_policyd_server_packets'($*)) dnl
+	
+	corenet_send_postfix_policyd_server_packets($1)
+	corenet_receive_postfix_policyd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_postfix_policyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive postfix_policyd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_postfix_policyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_postfix_policyd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_postfix_policyd_server_packets($1)
+	corenet_dontaudit_receive_postfix_policyd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_postfix_policyd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to postfix_policyd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_postfix_policyd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_postfix_policyd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_server_packet_t;
+	')
+
+	allow $1 postfix_policyd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_postfix_policyd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_postgresql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_postgresql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_postgresql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_postgresql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_postgresql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_postgresql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_postgresql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_postgresql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_postgresql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_postgresql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_postgresql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_postgresql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_postgresql_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_postgresql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_postgresql_port'($*)) dnl
+	
+	gen_require(`
+		type postgresql_port_t;
+	')
+
+	allow $1 postgresql_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_postgresql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_postgresql_port'($*)) dnl
+	
+	gen_require(`
+		type postgresql_port_t;
+	')
+
+	allow $1 postgresql_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_postgresql_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the postgresql port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_postgresql_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_postgresql_port'($*)) dnl
+	
+	gen_require(`
+		type postgresql_port_t;
+	')
+
+	allow $1 postgresql_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_postgresql_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send postgresql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_postgresql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_postgresql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_client_packet_t;
+	')
+
+	allow $1 postgresql_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_postgresql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send postgresql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_postgresql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_postgresql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_client_packet_t;
+	')
+
+	dontaudit $1 postgresql_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_postgresql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive postgresql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_postgresql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_postgresql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_client_packet_t;
+	')
+
+	allow $1 postgresql_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_postgresql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive postgresql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_postgresql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_postgresql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_client_packet_t;
+	')
+
+	dontaudit $1 postgresql_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_postgresql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive postgresql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_postgresql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_postgresql_client_packets'($*)) dnl
+	
+	corenet_send_postgresql_client_packets($1)
+	corenet_receive_postgresql_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_postgresql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive postgresql_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_postgresql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_postgresql_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_postgresql_client_packets($1)
+	corenet_dontaudit_receive_postgresql_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_postgresql_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to postgresql_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_postgresql_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_postgresql_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_client_packet_t;
+	')
+
+	allow $1 postgresql_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_postgresql_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send postgresql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_postgresql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_postgresql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_server_packet_t;
+	')
+
+	allow $1 postgresql_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_postgresql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send postgresql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_postgresql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_postgresql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_server_packet_t;
+	')
+
+	dontaudit $1 postgresql_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_postgresql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive postgresql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_postgresql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_postgresql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_server_packet_t;
+	')
+
+	allow $1 postgresql_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_postgresql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive postgresql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_postgresql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_postgresql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_server_packet_t;
+	')
+
+	dontaudit $1 postgresql_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_postgresql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive postgresql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_postgresql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_postgresql_server_packets'($*)) dnl
+	
+	corenet_send_postgresql_server_packets($1)
+	corenet_receive_postgresql_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_postgresql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive postgresql_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_postgresql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_postgresql_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_postgresql_server_packets($1)
+	corenet_dontaudit_receive_postgresql_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_postgresql_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to postgresql_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_postgresql_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_postgresql_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgresql_server_packet_t;
+	')
+
+	allow $1 postgresql_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_postgresql_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_postgrey_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_postgrey_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_postgrey_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_postgrey_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_postgrey_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_postgrey_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_postgrey_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_postgrey_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_postgrey_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_postgrey_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_postgrey_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_postgrey_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_postgrey_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_postgrey_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_postgrey_port'($*)) dnl
+	
+	gen_require(`
+		type postgrey_port_t;
+	')
+
+	allow $1 postgrey_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_postgrey_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_postgrey_port'($*)) dnl
+	
+	gen_require(`
+		type postgrey_port_t;
+	')
+
+	allow $1 postgrey_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_postgrey_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the postgrey port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_postgrey_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_postgrey_port'($*)) dnl
+	
+	gen_require(`
+		type postgrey_port_t;
+	')
+
+	allow $1 postgrey_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_postgrey_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send postgrey_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_postgrey_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_postgrey_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_client_packet_t;
+	')
+
+	allow $1 postgrey_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_postgrey_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send postgrey_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_postgrey_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_postgrey_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_client_packet_t;
+	')
+
+	dontaudit $1 postgrey_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_postgrey_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive postgrey_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_postgrey_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_postgrey_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_client_packet_t;
+	')
+
+	allow $1 postgrey_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_postgrey_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive postgrey_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_postgrey_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_postgrey_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_client_packet_t;
+	')
+
+	dontaudit $1 postgrey_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_postgrey_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive postgrey_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_postgrey_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_postgrey_client_packets'($*)) dnl
+	
+	corenet_send_postgrey_client_packets($1)
+	corenet_receive_postgrey_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_postgrey_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive postgrey_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_postgrey_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_postgrey_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_postgrey_client_packets($1)
+	corenet_dontaudit_receive_postgrey_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_postgrey_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to postgrey_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_postgrey_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_postgrey_client_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_client_packet_t;
+	')
+
+	allow $1 postgrey_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_postgrey_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send postgrey_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_postgrey_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_postgrey_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_server_packet_t;
+	')
+
+	allow $1 postgrey_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_postgrey_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send postgrey_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_postgrey_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_postgrey_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_server_packet_t;
+	')
+
+	dontaudit $1 postgrey_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_postgrey_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive postgrey_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_postgrey_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_postgrey_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_server_packet_t;
+	')
+
+	allow $1 postgrey_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_postgrey_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive postgrey_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_postgrey_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_postgrey_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_server_packet_t;
+	')
+
+	dontaudit $1 postgrey_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_postgrey_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive postgrey_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_postgrey_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_postgrey_server_packets'($*)) dnl
+	
+	corenet_send_postgrey_server_packets($1)
+	corenet_receive_postgrey_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_postgrey_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive postgrey_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_postgrey_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_postgrey_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_postgrey_server_packets($1)
+	corenet_dontaudit_receive_postgrey_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_postgrey_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to postgrey_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_postgrey_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_postgrey_server_packets'($*)) dnl
+	
+	gen_require(`
+		type postgrey_server_packet_t;
+	')
+
+	allow $1 postgrey_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_postgrey_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pptp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pptp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pptp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pptp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pptp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pptp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pptp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pptp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pptp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pptp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pptp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pptp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pptp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pptp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pptp_port'($*)) dnl
+	
+	gen_require(`
+		type pptp_port_t;
+	')
+
+	allow $1 pptp_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pptp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pptp_port'($*)) dnl
+	
+	gen_require(`
+		type pptp_port_t;
+	')
+
+	allow $1 pptp_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pptp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pptp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pptp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pptp_port'($*)) dnl
+	
+	gen_require(`
+		type pptp_port_t;
+	')
+
+	allow $1 pptp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pptp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pptp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pptp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pptp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_client_packet_t;
+	')
+
+	allow $1 pptp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pptp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pptp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pptp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pptp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_client_packet_t;
+	')
+
+	dontaudit $1 pptp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pptp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pptp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pptp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pptp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_client_packet_t;
+	')
+
+	allow $1 pptp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pptp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pptp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pptp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pptp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_client_packet_t;
+	')
+
+	dontaudit $1 pptp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pptp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pptp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pptp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pptp_client_packets'($*)) dnl
+	
+	corenet_send_pptp_client_packets($1)
+	corenet_receive_pptp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pptp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pptp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pptp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pptp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pptp_client_packets($1)
+	corenet_dontaudit_receive_pptp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pptp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pptp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pptp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pptp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_client_packet_t;
+	')
+
+	allow $1 pptp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pptp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pptp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pptp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pptp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_server_packet_t;
+	')
+
+	allow $1 pptp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pptp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pptp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pptp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pptp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_server_packet_t;
+	')
+
+	dontaudit $1 pptp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pptp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pptp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pptp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pptp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_server_packet_t;
+	')
+
+	allow $1 pptp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pptp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pptp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pptp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pptp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_server_packet_t;
+	')
+
+	dontaudit $1 pptp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pptp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pptp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pptp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pptp_server_packets'($*)) dnl
+	
+	corenet_send_pptp_server_packets($1)
+	corenet_receive_pptp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pptp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pptp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pptp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pptp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pptp_server_packets($1)
+	corenet_dontaudit_receive_pptp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pptp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pptp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pptp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pptp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pptp_server_packet_t;
+	')
+
+	allow $1 pptp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pptp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_prelude_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_prelude_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_prelude_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_prelude_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_prelude_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_prelude_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_prelude_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_prelude_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_prelude_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_prelude_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_prelude_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_prelude_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_prelude_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_prelude_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_prelude_port'($*)) dnl
+	
+	gen_require(`
+		type prelude_port_t;
+	')
+
+	allow $1 prelude_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_prelude_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_prelude_port'($*)) dnl
+	
+	gen_require(`
+		type prelude_port_t;
+	')
+
+	allow $1 prelude_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_prelude_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the prelude port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_prelude_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_prelude_port'($*)) dnl
+	
+	gen_require(`
+		type prelude_port_t;
+	')
+
+	allow $1 prelude_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_prelude_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send prelude_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_prelude_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_prelude_client_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_client_packet_t;
+	')
+
+	allow $1 prelude_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_prelude_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send prelude_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_prelude_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_prelude_client_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_client_packet_t;
+	')
+
+	dontaudit $1 prelude_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_prelude_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive prelude_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_prelude_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_prelude_client_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_client_packet_t;
+	')
+
+	allow $1 prelude_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_prelude_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive prelude_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_prelude_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_prelude_client_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_client_packet_t;
+	')
+
+	dontaudit $1 prelude_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_prelude_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive prelude_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_prelude_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_prelude_client_packets'($*)) dnl
+	
+	corenet_send_prelude_client_packets($1)
+	corenet_receive_prelude_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_prelude_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive prelude_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_prelude_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_prelude_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_prelude_client_packets($1)
+	corenet_dontaudit_receive_prelude_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_prelude_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to prelude_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_prelude_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_prelude_client_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_client_packet_t;
+	')
+
+	allow $1 prelude_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_prelude_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send prelude_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_prelude_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_prelude_server_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_server_packet_t;
+	')
+
+	allow $1 prelude_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_prelude_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send prelude_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_prelude_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_prelude_server_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_server_packet_t;
+	')
+
+	dontaudit $1 prelude_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_prelude_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive prelude_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_prelude_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_prelude_server_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_server_packet_t;
+	')
+
+	allow $1 prelude_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_prelude_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive prelude_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_prelude_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_prelude_server_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_server_packet_t;
+	')
+
+	dontaudit $1 prelude_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_prelude_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive prelude_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_prelude_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_prelude_server_packets'($*)) dnl
+	
+	corenet_send_prelude_server_packets($1)
+	corenet_receive_prelude_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_prelude_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive prelude_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_prelude_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_prelude_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_prelude_server_packets($1)
+	corenet_dontaudit_receive_prelude_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_prelude_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to prelude_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_prelude_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_prelude_server_packets'($*)) dnl
+	
+	gen_require(`
+		type prelude_server_packet_t;
+	')
+
+	allow $1 prelude_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_prelude_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_presence_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_presence_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_presence_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_presence_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_presence_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_presence_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_presence_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_presence_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_presence_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_presence_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_presence_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_presence_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_presence_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_presence_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_presence_port'($*)) dnl
+	
+	gen_require(`
+		type presence_port_t;
+	')
+
+	allow $1 presence_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_presence_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_presence_port'($*)) dnl
+	
+	gen_require(`
+		type presence_port_t;
+	')
+
+	allow $1 presence_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_presence_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the presence port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_presence_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_presence_port'($*)) dnl
+	
+	gen_require(`
+		type presence_port_t;
+	')
+
+	allow $1 presence_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_presence_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send presence_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_presence_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_presence_client_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_client_packet_t;
+	')
+
+	allow $1 presence_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_presence_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send presence_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_presence_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_presence_client_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_client_packet_t;
+	')
+
+	dontaudit $1 presence_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_presence_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive presence_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_presence_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_presence_client_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_client_packet_t;
+	')
+
+	allow $1 presence_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_presence_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive presence_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_presence_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_presence_client_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_client_packet_t;
+	')
+
+	dontaudit $1 presence_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_presence_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive presence_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_presence_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_presence_client_packets'($*)) dnl
+	
+	corenet_send_presence_client_packets($1)
+	corenet_receive_presence_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_presence_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive presence_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_presence_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_presence_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_presence_client_packets($1)
+	corenet_dontaudit_receive_presence_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_presence_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to presence_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_presence_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_presence_client_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_client_packet_t;
+	')
+
+	allow $1 presence_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_presence_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send presence_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_presence_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_presence_server_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_server_packet_t;
+	')
+
+	allow $1 presence_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_presence_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send presence_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_presence_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_presence_server_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_server_packet_t;
+	')
+
+	dontaudit $1 presence_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_presence_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive presence_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_presence_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_presence_server_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_server_packet_t;
+	')
+
+	allow $1 presence_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_presence_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive presence_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_presence_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_presence_server_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_server_packet_t;
+	')
+
+	dontaudit $1 presence_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_presence_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive presence_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_presence_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_presence_server_packets'($*)) dnl
+	
+	corenet_send_presence_server_packets($1)
+	corenet_receive_presence_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_presence_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive presence_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_presence_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_presence_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_presence_server_packets($1)
+	corenet_dontaudit_receive_presence_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_presence_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to presence_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_presence_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_presence_server_packets'($*)) dnl
+	
+	gen_require(`
+		type presence_server_packet_t;
+	')
+
+	allow $1 presence_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_presence_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_printer_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_printer_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_printer_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_printer_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_printer_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_printer_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_printer_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_printer_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_printer_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_printer_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_printer_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_printer_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_printer_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_printer_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_printer_port'($*)) dnl
+	
+	gen_require(`
+		type printer_port_t;
+	')
+
+	allow $1 printer_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_printer_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_printer_port'($*)) dnl
+	
+	gen_require(`
+		type printer_port_t;
+	')
+
+	allow $1 printer_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_printer_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the printer port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_printer_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_printer_port'($*)) dnl
+	
+	gen_require(`
+		type printer_port_t;
+	')
+
+	allow $1 printer_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_printer_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send printer_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_printer_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_printer_client_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_client_packet_t;
+	')
+
+	allow $1 printer_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_printer_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send printer_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_printer_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_printer_client_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_client_packet_t;
+	')
+
+	dontaudit $1 printer_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_printer_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive printer_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_printer_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_printer_client_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_client_packet_t;
+	')
+
+	allow $1 printer_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_printer_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive printer_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_printer_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_printer_client_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_client_packet_t;
+	')
+
+	dontaudit $1 printer_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_printer_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive printer_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_printer_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_printer_client_packets'($*)) dnl
+	
+	corenet_send_printer_client_packets($1)
+	corenet_receive_printer_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_printer_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive printer_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_printer_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_printer_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_printer_client_packets($1)
+	corenet_dontaudit_receive_printer_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_printer_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to printer_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_printer_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_printer_client_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_client_packet_t;
+	')
+
+	allow $1 printer_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_printer_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send printer_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_printer_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_printer_server_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_server_packet_t;
+	')
+
+	allow $1 printer_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_printer_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send printer_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_printer_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_printer_server_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_server_packet_t;
+	')
+
+	dontaudit $1 printer_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_printer_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive printer_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_printer_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_printer_server_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_server_packet_t;
+	')
+
+	allow $1 printer_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_printer_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive printer_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_printer_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_printer_server_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_server_packet_t;
+	')
+
+	dontaudit $1 printer_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_printer_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive printer_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_printer_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_printer_server_packets'($*)) dnl
+	
+	corenet_send_printer_server_packets($1)
+	corenet_receive_printer_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_printer_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive printer_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_printer_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_printer_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_printer_server_packets($1)
+	corenet_dontaudit_receive_printer_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_printer_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to printer_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_printer_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_printer_server_packets'($*)) dnl
+	
+	gen_require(`
+		type printer_server_packet_t;
+	')
+
+	allow $1 printer_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_printer_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ptal_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ptal_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ptal_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ptal_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ptal_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ptal_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ptal_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ptal_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ptal_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ptal_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ptal_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ptal_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ptal_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ptal_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ptal_port'($*)) dnl
+	
+	gen_require(`
+		type ptal_port_t;
+	')
+
+	allow $1 ptal_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ptal_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ptal_port'($*)) dnl
+	
+	gen_require(`
+		type ptal_port_t;
+	')
+
+	allow $1 ptal_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ptal_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ptal port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ptal_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ptal_port'($*)) dnl
+	
+	gen_require(`
+		type ptal_port_t;
+	')
+
+	allow $1 ptal_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ptal_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ptal_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ptal_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ptal_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_client_packet_t;
+	')
+
+	allow $1 ptal_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ptal_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ptal_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ptal_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ptal_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_client_packet_t;
+	')
+
+	dontaudit $1 ptal_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ptal_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ptal_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ptal_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ptal_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_client_packet_t;
+	')
+
+	allow $1 ptal_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ptal_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ptal_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ptal_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ptal_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_client_packet_t;
+	')
+
+	dontaudit $1 ptal_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ptal_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ptal_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ptal_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ptal_client_packets'($*)) dnl
+	
+	corenet_send_ptal_client_packets($1)
+	corenet_receive_ptal_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ptal_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ptal_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ptal_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ptal_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ptal_client_packets($1)
+	corenet_dontaudit_receive_ptal_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ptal_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ptal_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ptal_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ptal_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_client_packet_t;
+	')
+
+	allow $1 ptal_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ptal_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ptal_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ptal_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ptal_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_server_packet_t;
+	')
+
+	allow $1 ptal_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ptal_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ptal_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ptal_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ptal_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_server_packet_t;
+	')
+
+	dontaudit $1 ptal_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ptal_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ptal_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ptal_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ptal_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_server_packet_t;
+	')
+
+	allow $1 ptal_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ptal_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ptal_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ptal_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ptal_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_server_packet_t;
+	')
+
+	dontaudit $1 ptal_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ptal_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ptal_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ptal_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ptal_server_packets'($*)) dnl
+	
+	corenet_send_ptal_server_packets($1)
+	corenet_receive_ptal_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ptal_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ptal_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ptal_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ptal_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ptal_server_packets($1)
+	corenet_dontaudit_receive_ptal_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ptal_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ptal_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ptal_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ptal_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ptal_server_packet_t;
+	')
+
+	allow $1 ptal_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ptal_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pulseaudio_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pulseaudio_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pulseaudio_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pulseaudio_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pulseaudio_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pulseaudio_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pulseaudio_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pulseaudio_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pulseaudio_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pulseaudio_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pulseaudio_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pulseaudio_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pulseaudio_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pulseaudio_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pulseaudio_port'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_port_t;
+	')
+
+	allow $1 pulseaudio_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pulseaudio_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pulseaudio_port'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_port_t;
+	')
+
+	allow $1 pulseaudio_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pulseaudio_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pulseaudio port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pulseaudio_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pulseaudio_port'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_port_t;
+	')
+
+	allow $1 pulseaudio_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pulseaudio_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pulseaudio_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pulseaudio_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pulseaudio_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_client_packet_t;
+	')
+
+	allow $1 pulseaudio_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pulseaudio_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pulseaudio_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pulseaudio_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pulseaudio_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_client_packet_t;
+	')
+
+	dontaudit $1 pulseaudio_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pulseaudio_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pulseaudio_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pulseaudio_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pulseaudio_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_client_packet_t;
+	')
+
+	allow $1 pulseaudio_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pulseaudio_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pulseaudio_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pulseaudio_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pulseaudio_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_client_packet_t;
+	')
+
+	dontaudit $1 pulseaudio_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pulseaudio_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pulseaudio_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pulseaudio_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pulseaudio_client_packets'($*)) dnl
+	
+	corenet_send_pulseaudio_client_packets($1)
+	corenet_receive_pulseaudio_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pulseaudio_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pulseaudio_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pulseaudio_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pulseaudio_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pulseaudio_client_packets($1)
+	corenet_dontaudit_receive_pulseaudio_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pulseaudio_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pulseaudio_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pulseaudio_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pulseaudio_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_client_packet_t;
+	')
+
+	allow $1 pulseaudio_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pulseaudio_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pulseaudio_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pulseaudio_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pulseaudio_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_server_packet_t;
+	')
+
+	allow $1 pulseaudio_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pulseaudio_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pulseaudio_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pulseaudio_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pulseaudio_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_server_packet_t;
+	')
+
+	dontaudit $1 pulseaudio_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pulseaudio_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pulseaudio_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pulseaudio_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pulseaudio_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_server_packet_t;
+	')
+
+	allow $1 pulseaudio_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pulseaudio_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pulseaudio_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pulseaudio_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pulseaudio_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_server_packet_t;
+	')
+
+	dontaudit $1 pulseaudio_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pulseaudio_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pulseaudio_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pulseaudio_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pulseaudio_server_packets'($*)) dnl
+	
+	corenet_send_pulseaudio_server_packets($1)
+	corenet_receive_pulseaudio_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pulseaudio_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pulseaudio_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pulseaudio_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pulseaudio_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pulseaudio_server_packets($1)
+	corenet_dontaudit_receive_pulseaudio_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pulseaudio_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pulseaudio_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pulseaudio_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pulseaudio_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pulseaudio_server_packet_t;
+	')
+
+	allow $1 pulseaudio_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pulseaudio_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_puppet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_puppet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_puppet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_puppet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_puppet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_puppet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_puppet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_puppet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_puppet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_puppet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_puppet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_puppet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_puppet_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_puppet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_puppet_port'($*)) dnl
+	
+	gen_require(`
+		type puppet_port_t;
+	')
+
+	allow $1 puppet_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_puppet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_puppet_port'($*)) dnl
+	
+	gen_require(`
+		type puppet_port_t;
+	')
+
+	allow $1 puppet_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_puppet_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the puppet port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_puppet_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_puppet_port'($*)) dnl
+	
+	gen_require(`
+		type puppet_port_t;
+	')
+
+	allow $1 puppet_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_puppet_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send puppet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_puppet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_puppet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_client_packet_t;
+	')
+
+	allow $1 puppet_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_puppet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send puppet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_puppet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_puppet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_client_packet_t;
+	')
+
+	dontaudit $1 puppet_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_puppet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive puppet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_puppet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_puppet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_client_packet_t;
+	')
+
+	allow $1 puppet_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_puppet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive puppet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_puppet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_puppet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_client_packet_t;
+	')
+
+	dontaudit $1 puppet_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_puppet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive puppet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_puppet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_puppet_client_packets'($*)) dnl
+	
+	corenet_send_puppet_client_packets($1)
+	corenet_receive_puppet_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_puppet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive puppet_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_puppet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_puppet_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_puppet_client_packets($1)
+	corenet_dontaudit_receive_puppet_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_puppet_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to puppet_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_puppet_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_puppet_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_client_packet_t;
+	')
+
+	allow $1 puppet_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_puppet_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send puppet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_puppet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_puppet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_server_packet_t;
+	')
+
+	allow $1 puppet_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_puppet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send puppet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_puppet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_puppet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_server_packet_t;
+	')
+
+	dontaudit $1 puppet_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_puppet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive puppet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_puppet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_puppet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_server_packet_t;
+	')
+
+	allow $1 puppet_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_puppet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive puppet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_puppet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_puppet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_server_packet_t;
+	')
+
+	dontaudit $1 puppet_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_puppet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive puppet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_puppet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_puppet_server_packets'($*)) dnl
+	
+	corenet_send_puppet_server_packets($1)
+	corenet_receive_puppet_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_puppet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive puppet_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_puppet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_puppet_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_puppet_server_packets($1)
+	corenet_dontaudit_receive_puppet_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_puppet_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to puppet_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_puppet_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_puppet_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppet_server_packet_t;
+	')
+
+	allow $1 puppet_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_puppet_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_puppetclient_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_puppetclient_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_puppetclient_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_puppetclient_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_puppetclient_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_puppetclient_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_puppetclient_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_puppetclient_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_puppetclient_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_puppetclient_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_puppetclient_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_puppetclient_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_puppetclient_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_puppetclient_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_puppetclient_port'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_port_t;
+	')
+
+	allow $1 puppetclient_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_puppetclient_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_puppetclient_port'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_port_t;
+	')
+
+	allow $1 puppetclient_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_puppetclient_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the puppetclient port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_puppetclient_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_puppetclient_port'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_port_t;
+	')
+
+	allow $1 puppetclient_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_puppetclient_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send puppetclient_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_puppetclient_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_puppetclient_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_client_packet_t;
+	')
+
+	allow $1 puppetclient_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_puppetclient_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send puppetclient_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_puppetclient_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_puppetclient_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_client_packet_t;
+	')
+
+	dontaudit $1 puppetclient_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_puppetclient_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive puppetclient_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_puppetclient_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_puppetclient_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_client_packet_t;
+	')
+
+	allow $1 puppetclient_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_puppetclient_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive puppetclient_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_puppetclient_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_puppetclient_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_client_packet_t;
+	')
+
+	dontaudit $1 puppetclient_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_puppetclient_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive puppetclient_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_puppetclient_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_puppetclient_client_packets'($*)) dnl
+	
+	corenet_send_puppetclient_client_packets($1)
+	corenet_receive_puppetclient_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_puppetclient_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive puppetclient_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_puppetclient_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_puppetclient_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_puppetclient_client_packets($1)
+	corenet_dontaudit_receive_puppetclient_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_puppetclient_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to puppetclient_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_puppetclient_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_puppetclient_client_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_client_packet_t;
+	')
+
+	allow $1 puppetclient_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_puppetclient_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send puppetclient_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_puppetclient_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_puppetclient_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_server_packet_t;
+	')
+
+	allow $1 puppetclient_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_puppetclient_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send puppetclient_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_puppetclient_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_puppetclient_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_server_packet_t;
+	')
+
+	dontaudit $1 puppetclient_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_puppetclient_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive puppetclient_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_puppetclient_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_puppetclient_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_server_packet_t;
+	')
+
+	allow $1 puppetclient_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_puppetclient_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive puppetclient_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_puppetclient_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_puppetclient_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_server_packet_t;
+	')
+
+	dontaudit $1 puppetclient_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_puppetclient_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive puppetclient_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_puppetclient_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_puppetclient_server_packets'($*)) dnl
+	
+	corenet_send_puppetclient_server_packets($1)
+	corenet_receive_puppetclient_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_puppetclient_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive puppetclient_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_puppetclient_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_puppetclient_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_puppetclient_server_packets($1)
+	corenet_dontaudit_receive_puppetclient_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_puppetclient_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to puppetclient_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_puppetclient_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_puppetclient_server_packets'($*)) dnl
+	
+	gen_require(`
+		type puppetclient_server_packet_t;
+	')
+
+	allow $1 puppetclient_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_puppetclient_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pxe_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pxe_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pxe_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pxe_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pxe_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pxe_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pxe_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pxe_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pxe_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pxe_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pxe_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pxe_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pxe_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pxe_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pxe_port'($*)) dnl
+	
+	gen_require(`
+		type pxe_port_t;
+	')
+
+	allow $1 pxe_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pxe_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pxe_port'($*)) dnl
+	
+	gen_require(`
+		type pxe_port_t;
+	')
+
+	allow $1 pxe_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pxe_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pxe port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pxe_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pxe_port'($*)) dnl
+	
+	gen_require(`
+		type pxe_port_t;
+	')
+
+	allow $1 pxe_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pxe_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pxe_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pxe_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pxe_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_client_packet_t;
+	')
+
+	allow $1 pxe_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pxe_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pxe_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pxe_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pxe_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_client_packet_t;
+	')
+
+	dontaudit $1 pxe_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pxe_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pxe_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pxe_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pxe_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_client_packet_t;
+	')
+
+	allow $1 pxe_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pxe_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pxe_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pxe_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pxe_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_client_packet_t;
+	')
+
+	dontaudit $1 pxe_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pxe_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pxe_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pxe_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pxe_client_packets'($*)) dnl
+	
+	corenet_send_pxe_client_packets($1)
+	corenet_receive_pxe_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pxe_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pxe_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pxe_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pxe_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pxe_client_packets($1)
+	corenet_dontaudit_receive_pxe_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pxe_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pxe_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pxe_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pxe_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_client_packet_t;
+	')
+
+	allow $1 pxe_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pxe_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pxe_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pxe_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pxe_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_server_packet_t;
+	')
+
+	allow $1 pxe_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pxe_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pxe_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pxe_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pxe_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_server_packet_t;
+	')
+
+	dontaudit $1 pxe_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pxe_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pxe_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pxe_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pxe_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_server_packet_t;
+	')
+
+	allow $1 pxe_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pxe_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pxe_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pxe_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pxe_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_server_packet_t;
+	')
+
+	dontaudit $1 pxe_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pxe_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pxe_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pxe_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pxe_server_packets'($*)) dnl
+	
+	corenet_send_pxe_server_packets($1)
+	corenet_receive_pxe_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pxe_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pxe_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pxe_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pxe_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pxe_server_packets($1)
+	corenet_dontaudit_receive_pxe_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pxe_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pxe_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pxe_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pxe_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pxe_server_packet_t;
+	')
+
+	allow $1 pxe_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pxe_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_pyzor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_pyzor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_pyzor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_pyzor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_pyzor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_pyzor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_pyzor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_pyzor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_pyzor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_pyzor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_pyzor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_pyzor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_pyzor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_pyzor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_pyzor_port'($*)) dnl
+	
+	gen_require(`
+		type pyzor_port_t;
+	')
+
+	allow $1 pyzor_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_pyzor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_pyzor_port'($*)) dnl
+	
+	gen_require(`
+		type pyzor_port_t;
+	')
+
+	allow $1 pyzor_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_pyzor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the pyzor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_pyzor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_pyzor_port'($*)) dnl
+	
+	gen_require(`
+		type pyzor_port_t;
+	')
+
+	allow $1 pyzor_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_pyzor_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pyzor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pyzor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pyzor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_client_packet_t;
+	')
+
+	allow $1 pyzor_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pyzor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pyzor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pyzor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pyzor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_client_packet_t;
+	')
+
+	dontaudit $1 pyzor_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pyzor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pyzor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pyzor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pyzor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_client_packet_t;
+	')
+
+	allow $1 pyzor_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pyzor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pyzor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pyzor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pyzor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_client_packet_t;
+	')
+
+	dontaudit $1 pyzor_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pyzor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pyzor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pyzor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pyzor_client_packets'($*)) dnl
+	
+	corenet_send_pyzor_client_packets($1)
+	corenet_receive_pyzor_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pyzor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pyzor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pyzor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pyzor_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pyzor_client_packets($1)
+	corenet_dontaudit_receive_pyzor_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pyzor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pyzor_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pyzor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pyzor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_client_packet_t;
+	')
+
+	allow $1 pyzor_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pyzor_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send pyzor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_pyzor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_pyzor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_server_packet_t;
+	')
+
+	allow $1 pyzor_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_pyzor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send pyzor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_pyzor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_pyzor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_server_packet_t;
+	')
+
+	dontaudit $1 pyzor_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_pyzor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive pyzor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_pyzor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_pyzor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_server_packet_t;
+	')
+
+	allow $1 pyzor_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_pyzor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive pyzor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_pyzor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_pyzor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_server_packet_t;
+	')
+
+	dontaudit $1 pyzor_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_pyzor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive pyzor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_pyzor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_pyzor_server_packets'($*)) dnl
+	
+	corenet_send_pyzor_server_packets($1)
+	corenet_receive_pyzor_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_pyzor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive pyzor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_pyzor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_pyzor_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_pyzor_server_packets($1)
+	corenet_dontaudit_receive_pyzor_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_pyzor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to pyzor_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_pyzor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_pyzor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type pyzor_server_packet_t;
+	')
+
+	allow $1 pyzor_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_pyzor_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_radacct_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_radacct_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_radacct_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_radacct_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_radacct_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_radacct_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_radacct_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_radacct_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_radacct_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_radacct_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_radacct_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_radacct_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_radacct_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_radacct_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_radacct_port'($*)) dnl
+	
+	gen_require(`
+		type radacct_port_t;
+	')
+
+	allow $1 radacct_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_radacct_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_radacct_port'($*)) dnl
+	
+	gen_require(`
+		type radacct_port_t;
+	')
+
+	allow $1 radacct_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_radacct_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the radacct port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_radacct_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_radacct_port'($*)) dnl
+	
+	gen_require(`
+		type radacct_port_t;
+	')
+
+	allow $1 radacct_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_radacct_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send radacct_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_radacct_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_radacct_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_client_packet_t;
+	')
+
+	allow $1 radacct_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_radacct_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send radacct_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_radacct_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_radacct_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_client_packet_t;
+	')
+
+	dontaudit $1 radacct_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_radacct_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive radacct_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_radacct_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_radacct_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_client_packet_t;
+	')
+
+	allow $1 radacct_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_radacct_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive radacct_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_radacct_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_radacct_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_client_packet_t;
+	')
+
+	dontaudit $1 radacct_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_radacct_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive radacct_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_radacct_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_radacct_client_packets'($*)) dnl
+	
+	corenet_send_radacct_client_packets($1)
+	corenet_receive_radacct_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_radacct_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive radacct_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_radacct_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_radacct_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_radacct_client_packets($1)
+	corenet_dontaudit_receive_radacct_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_radacct_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to radacct_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_radacct_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_radacct_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_client_packet_t;
+	')
+
+	allow $1 radacct_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_radacct_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send radacct_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_radacct_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_radacct_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_server_packet_t;
+	')
+
+	allow $1 radacct_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_radacct_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send radacct_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_radacct_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_radacct_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_server_packet_t;
+	')
+
+	dontaudit $1 radacct_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_radacct_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive radacct_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_radacct_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_radacct_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_server_packet_t;
+	')
+
+	allow $1 radacct_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_radacct_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive radacct_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_radacct_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_radacct_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_server_packet_t;
+	')
+
+	dontaudit $1 radacct_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_radacct_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive radacct_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_radacct_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_radacct_server_packets'($*)) dnl
+	
+	corenet_send_radacct_server_packets($1)
+	corenet_receive_radacct_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_radacct_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive radacct_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_radacct_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_radacct_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_radacct_server_packets($1)
+	corenet_dontaudit_receive_radacct_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_radacct_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to radacct_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_radacct_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_radacct_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radacct_server_packet_t;
+	')
+
+	allow $1 radacct_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_radacct_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_radius_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_radius_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_radius_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_radius_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_radius_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_radius_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_radius_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_radius_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_radius_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_radius_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_radius_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_radius_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_radius_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_radius_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_radius_port'($*)) dnl
+	
+	gen_require(`
+		type radius_port_t;
+	')
+
+	allow $1 radius_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_radius_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_radius_port'($*)) dnl
+	
+	gen_require(`
+		type radius_port_t;
+	')
+
+	allow $1 radius_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_radius_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the radius port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_radius_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_radius_port'($*)) dnl
+	
+	gen_require(`
+		type radius_port_t;
+	')
+
+	allow $1 radius_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_radius_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send radius_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_radius_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_radius_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_client_packet_t;
+	')
+
+	allow $1 radius_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_radius_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send radius_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_radius_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_radius_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_client_packet_t;
+	')
+
+	dontaudit $1 radius_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_radius_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive radius_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_radius_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_radius_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_client_packet_t;
+	')
+
+	allow $1 radius_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_radius_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive radius_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_radius_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_radius_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_client_packet_t;
+	')
+
+	dontaudit $1 radius_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_radius_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive radius_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_radius_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_radius_client_packets'($*)) dnl
+	
+	corenet_send_radius_client_packets($1)
+	corenet_receive_radius_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_radius_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive radius_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_radius_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_radius_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_radius_client_packets($1)
+	corenet_dontaudit_receive_radius_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_radius_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to radius_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_radius_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_radius_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_client_packet_t;
+	')
+
+	allow $1 radius_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_radius_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send radius_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_radius_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_radius_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_server_packet_t;
+	')
+
+	allow $1 radius_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_radius_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send radius_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_radius_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_radius_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_server_packet_t;
+	')
+
+	dontaudit $1 radius_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_radius_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive radius_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_radius_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_radius_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_server_packet_t;
+	')
+
+	allow $1 radius_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_radius_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive radius_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_radius_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_radius_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_server_packet_t;
+	')
+
+	dontaudit $1 radius_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_radius_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive radius_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_radius_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_radius_server_packets'($*)) dnl
+	
+	corenet_send_radius_server_packets($1)
+	corenet_receive_radius_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_radius_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive radius_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_radius_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_radius_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_radius_server_packets($1)
+	corenet_dontaudit_receive_radius_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_radius_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to radius_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_radius_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_radius_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radius_server_packet_t;
+	')
+
+	allow $1 radius_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_radius_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_radsec_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_radsec_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_radsec_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_radsec_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_radsec_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_radsec_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_radsec_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_radsec_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_radsec_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_radsec_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_radsec_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_radsec_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_radsec_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_radsec_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_radsec_port'($*)) dnl
+	
+	gen_require(`
+		type radsec_port_t;
+	')
+
+	allow $1 radsec_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_radsec_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_radsec_port'($*)) dnl
+	
+	gen_require(`
+		type radsec_port_t;
+	')
+
+	allow $1 radsec_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_radsec_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the radsec port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_radsec_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_radsec_port'($*)) dnl
+	
+	gen_require(`
+		type radsec_port_t;
+	')
+
+	allow $1 radsec_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_radsec_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send radsec_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_radsec_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_radsec_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_client_packet_t;
+	')
+
+	allow $1 radsec_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_radsec_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send radsec_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_radsec_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_radsec_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_client_packet_t;
+	')
+
+	dontaudit $1 radsec_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_radsec_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive radsec_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_radsec_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_radsec_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_client_packet_t;
+	')
+
+	allow $1 radsec_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_radsec_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive radsec_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_radsec_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_radsec_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_client_packet_t;
+	')
+
+	dontaudit $1 radsec_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_radsec_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive radsec_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_radsec_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_radsec_client_packets'($*)) dnl
+	
+	corenet_send_radsec_client_packets($1)
+	corenet_receive_radsec_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_radsec_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive radsec_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_radsec_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_radsec_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_radsec_client_packets($1)
+	corenet_dontaudit_receive_radsec_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_radsec_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to radsec_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_radsec_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_radsec_client_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_client_packet_t;
+	')
+
+	allow $1 radsec_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_radsec_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send radsec_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_radsec_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_radsec_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_server_packet_t;
+	')
+
+	allow $1 radsec_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_radsec_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send radsec_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_radsec_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_radsec_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_server_packet_t;
+	')
+
+	dontaudit $1 radsec_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_radsec_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive radsec_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_radsec_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_radsec_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_server_packet_t;
+	')
+
+	allow $1 radsec_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_radsec_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive radsec_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_radsec_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_radsec_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_server_packet_t;
+	')
+
+	dontaudit $1 radsec_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_radsec_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive radsec_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_radsec_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_radsec_server_packets'($*)) dnl
+	
+	corenet_send_radsec_server_packets($1)
+	corenet_receive_radsec_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_radsec_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive radsec_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_radsec_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_radsec_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_radsec_server_packets($1)
+	corenet_dontaudit_receive_radsec_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_radsec_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to radsec_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_radsec_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_radsec_server_packets'($*)) dnl
+	
+	gen_require(`
+		type radsec_server_packet_t;
+	')
+
+	allow $1 radsec_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_radsec_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_razor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_razor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_razor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_razor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_razor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_razor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_razor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_razor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_razor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_razor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_razor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_razor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_razor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_razor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_razor_port'($*)) dnl
+	
+	gen_require(`
+		type razor_port_t;
+	')
+
+	allow $1 razor_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_razor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_razor_port'($*)) dnl
+	
+	gen_require(`
+		type razor_port_t;
+	')
+
+	allow $1 razor_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_razor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the razor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_razor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_razor_port'($*)) dnl
+	
+	gen_require(`
+		type razor_port_t;
+	')
+
+	allow $1 razor_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_razor_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send razor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_razor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_razor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_client_packet_t;
+	')
+
+	allow $1 razor_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_razor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send razor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_razor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_razor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_client_packet_t;
+	')
+
+	dontaudit $1 razor_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_razor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive razor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_razor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_razor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_client_packet_t;
+	')
+
+	allow $1 razor_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_razor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive razor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_razor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_razor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_client_packet_t;
+	')
+
+	dontaudit $1 razor_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_razor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive razor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_razor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_razor_client_packets'($*)) dnl
+	
+	corenet_send_razor_client_packets($1)
+	corenet_receive_razor_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_razor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive razor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_razor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_razor_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_razor_client_packets($1)
+	corenet_dontaudit_receive_razor_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_razor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to razor_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_razor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_razor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_client_packet_t;
+	')
+
+	allow $1 razor_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_razor_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send razor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_razor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_razor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_server_packet_t;
+	')
+
+	allow $1 razor_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_razor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send razor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_razor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_razor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_server_packet_t;
+	')
+
+	dontaudit $1 razor_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_razor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive razor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_razor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_razor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_server_packet_t;
+	')
+
+	allow $1 razor_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_razor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive razor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_razor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_razor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_server_packet_t;
+	')
+
+	dontaudit $1 razor_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_razor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive razor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_razor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_razor_server_packets'($*)) dnl
+	
+	corenet_send_razor_server_packets($1)
+	corenet_receive_razor_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_razor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive razor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_razor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_razor_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_razor_server_packets($1)
+	corenet_dontaudit_receive_razor_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_razor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to razor_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_razor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_razor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type razor_server_packet_t;
+	')
+
+	allow $1 razor_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_razor_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_redis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_redis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_redis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_redis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_redis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_redis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_redis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_redis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_redis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_redis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_redis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_redis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_redis_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_redis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_redis_port'($*)) dnl
+	
+	gen_require(`
+		type redis_port_t;
+	')
+
+	allow $1 redis_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_redis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_redis_port'($*)) dnl
+	
+	gen_require(`
+		type redis_port_t;
+	')
+
+	allow $1 redis_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_redis_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the redis port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_redis_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_redis_port'($*)) dnl
+	
+	gen_require(`
+		type redis_port_t;
+	')
+
+	allow $1 redis_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_redis_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send redis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_redis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_redis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_client_packet_t;
+	')
+
+	allow $1 redis_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_redis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send redis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_redis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_redis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_client_packet_t;
+	')
+
+	dontaudit $1 redis_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_redis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive redis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_redis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_redis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_client_packet_t;
+	')
+
+	allow $1 redis_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_redis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive redis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_redis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_redis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_client_packet_t;
+	')
+
+	dontaudit $1 redis_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_redis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive redis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_redis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_redis_client_packets'($*)) dnl
+	
+	corenet_send_redis_client_packets($1)
+	corenet_receive_redis_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_redis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive redis_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_redis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_redis_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_redis_client_packets($1)
+	corenet_dontaudit_receive_redis_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_redis_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to redis_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_redis_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_redis_client_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_client_packet_t;
+	')
+
+	allow $1 redis_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_redis_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send redis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_redis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_redis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_server_packet_t;
+	')
+
+	allow $1 redis_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_redis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send redis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_redis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_redis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_server_packet_t;
+	')
+
+	dontaudit $1 redis_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_redis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive redis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_redis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_redis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_server_packet_t;
+	')
+
+	allow $1 redis_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_redis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive redis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_redis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_redis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_server_packet_t;
+	')
+
+	dontaudit $1 redis_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_redis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive redis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_redis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_redis_server_packets'($*)) dnl
+	
+	corenet_send_redis_server_packets($1)
+	corenet_receive_redis_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_redis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive redis_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_redis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_redis_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_redis_server_packets($1)
+	corenet_dontaudit_receive_redis_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_redis_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to redis_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_redis_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_redis_server_packets'($*)) dnl
+	
+	gen_require(`
+		type redis_server_packet_t;
+	')
+
+	allow $1 redis_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_redis_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_repository_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_repository_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_repository_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_repository_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_repository_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_repository_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_repository_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_repository_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_repository_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_repository_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_repository_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_repository_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_repository_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_repository_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_repository_port'($*)) dnl
+	
+	gen_require(`
+		type repository_port_t;
+	')
+
+	allow $1 repository_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_repository_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_repository_port'($*)) dnl
+	
+	gen_require(`
+		type repository_port_t;
+	')
+
+	allow $1 repository_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_repository_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the repository port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_repository_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_repository_port'($*)) dnl
+	
+	gen_require(`
+		type repository_port_t;
+	')
+
+	allow $1 repository_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_repository_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send repository_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_repository_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_repository_client_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_client_packet_t;
+	')
+
+	allow $1 repository_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_repository_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send repository_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_repository_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_repository_client_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_client_packet_t;
+	')
+
+	dontaudit $1 repository_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_repository_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive repository_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_repository_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_repository_client_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_client_packet_t;
+	')
+
+	allow $1 repository_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_repository_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive repository_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_repository_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_repository_client_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_client_packet_t;
+	')
+
+	dontaudit $1 repository_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_repository_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive repository_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_repository_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_repository_client_packets'($*)) dnl
+	
+	corenet_send_repository_client_packets($1)
+	corenet_receive_repository_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_repository_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive repository_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_repository_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_repository_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_repository_client_packets($1)
+	corenet_dontaudit_receive_repository_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_repository_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to repository_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_repository_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_repository_client_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_client_packet_t;
+	')
+
+	allow $1 repository_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_repository_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send repository_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_repository_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_repository_server_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_server_packet_t;
+	')
+
+	allow $1 repository_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_repository_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send repository_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_repository_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_repository_server_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_server_packet_t;
+	')
+
+	dontaudit $1 repository_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_repository_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive repository_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_repository_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_repository_server_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_server_packet_t;
+	')
+
+	allow $1 repository_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_repository_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive repository_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_repository_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_repository_server_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_server_packet_t;
+	')
+
+	dontaudit $1 repository_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_repository_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive repository_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_repository_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_repository_server_packets'($*)) dnl
+	
+	corenet_send_repository_server_packets($1)
+	corenet_receive_repository_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_repository_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive repository_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_repository_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_repository_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_repository_server_packets($1)
+	corenet_dontaudit_receive_repository_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_repository_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to repository_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_repository_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_repository_server_packets'($*)) dnl
+	
+	gen_require(`
+		type repository_server_packet_t;
+	')
+
+	allow $1 repository_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_repository_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ricci_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ricci_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ricci_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ricci_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ricci_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ricci_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ricci_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ricci_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ricci_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ricci_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ricci_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ricci_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ricci_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ricci_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ricci_port'($*)) dnl
+	
+	gen_require(`
+		type ricci_port_t;
+	')
+
+	allow $1 ricci_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ricci_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ricci_port'($*)) dnl
+	
+	gen_require(`
+		type ricci_port_t;
+	')
+
+	allow $1 ricci_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ricci_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ricci port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ricci_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ricci_port'($*)) dnl
+	
+	gen_require(`
+		type ricci_port_t;
+	')
+
+	allow $1 ricci_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ricci_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ricci_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ricci_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ricci_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_client_packet_t;
+	')
+
+	allow $1 ricci_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ricci_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ricci_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ricci_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ricci_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_client_packet_t;
+	')
+
+	dontaudit $1 ricci_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ricci_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ricci_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ricci_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ricci_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_client_packet_t;
+	')
+
+	allow $1 ricci_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ricci_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ricci_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ricci_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ricci_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_client_packet_t;
+	')
+
+	dontaudit $1 ricci_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ricci_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ricci_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ricci_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ricci_client_packets'($*)) dnl
+	
+	corenet_send_ricci_client_packets($1)
+	corenet_receive_ricci_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ricci_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ricci_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ricci_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ricci_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ricci_client_packets($1)
+	corenet_dontaudit_receive_ricci_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ricci_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ricci_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ricci_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ricci_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_client_packet_t;
+	')
+
+	allow $1 ricci_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ricci_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ricci_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ricci_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ricci_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_server_packet_t;
+	')
+
+	allow $1 ricci_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ricci_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ricci_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ricci_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ricci_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_server_packet_t;
+	')
+
+	dontaudit $1 ricci_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ricci_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ricci_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ricci_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ricci_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_server_packet_t;
+	')
+
+	allow $1 ricci_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ricci_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ricci_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ricci_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ricci_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_server_packet_t;
+	')
+
+	dontaudit $1 ricci_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ricci_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ricci_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ricci_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ricci_server_packets'($*)) dnl
+	
+	corenet_send_ricci_server_packets($1)
+	corenet_receive_ricci_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ricci_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ricci_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ricci_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ricci_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ricci_server_packets($1)
+	corenet_dontaudit_receive_ricci_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ricci_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ricci_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ricci_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ricci_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_server_packet_t;
+	')
+
+	allow $1 ricci_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ricci_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ricci_modcluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ricci_modcluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ricci_modcluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ricci_modcluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ricci_modcluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ricci_modcluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ricci_modcluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ricci_modcluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ricci_modcluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ricci_modcluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ricci_modcluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ricci_modcluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ricci_modcluster_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ricci_modcluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ricci_modcluster_port'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_port_t;
+	')
+
+	allow $1 ricci_modcluster_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ricci_modcluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ricci_modcluster_port'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_port_t;
+	')
+
+	allow $1 ricci_modcluster_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ricci_modcluster_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ricci_modcluster port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ricci_modcluster_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ricci_modcluster_port'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_port_t;
+	')
+
+	allow $1 ricci_modcluster_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ricci_modcluster_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ricci_modcluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ricci_modcluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ricci_modcluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_client_packet_t;
+	')
+
+	allow $1 ricci_modcluster_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ricci_modcluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ricci_modcluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ricci_modcluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ricci_modcluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_client_packet_t;
+	')
+
+	dontaudit $1 ricci_modcluster_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ricci_modcluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ricci_modcluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ricci_modcluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ricci_modcluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_client_packet_t;
+	')
+
+	allow $1 ricci_modcluster_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ricci_modcluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ricci_modcluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ricci_modcluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ricci_modcluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_client_packet_t;
+	')
+
+	dontaudit $1 ricci_modcluster_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ricci_modcluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ricci_modcluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ricci_modcluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ricci_modcluster_client_packets'($*)) dnl
+	
+	corenet_send_ricci_modcluster_client_packets($1)
+	corenet_receive_ricci_modcluster_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ricci_modcluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ricci_modcluster_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ricci_modcluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ricci_modcluster_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ricci_modcluster_client_packets($1)
+	corenet_dontaudit_receive_ricci_modcluster_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ricci_modcluster_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ricci_modcluster_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ricci_modcluster_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ricci_modcluster_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_client_packet_t;
+	')
+
+	allow $1 ricci_modcluster_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ricci_modcluster_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ricci_modcluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ricci_modcluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ricci_modcluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_server_packet_t;
+	')
+
+	allow $1 ricci_modcluster_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ricci_modcluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ricci_modcluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ricci_modcluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ricci_modcluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_server_packet_t;
+	')
+
+	dontaudit $1 ricci_modcluster_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ricci_modcluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ricci_modcluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ricci_modcluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ricci_modcluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_server_packet_t;
+	')
+
+	allow $1 ricci_modcluster_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ricci_modcluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ricci_modcluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ricci_modcluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ricci_modcluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_server_packet_t;
+	')
+
+	dontaudit $1 ricci_modcluster_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ricci_modcluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ricci_modcluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ricci_modcluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ricci_modcluster_server_packets'($*)) dnl
+	
+	corenet_send_ricci_modcluster_server_packets($1)
+	corenet_receive_ricci_modcluster_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ricci_modcluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ricci_modcluster_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ricci_modcluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ricci_modcluster_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ricci_modcluster_server_packets($1)
+	corenet_dontaudit_receive_ricci_modcluster_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ricci_modcluster_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ricci_modcluster_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ricci_modcluster_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ricci_modcluster_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_server_packet_t;
+	')
+
+	allow $1 ricci_modcluster_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ricci_modcluster_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_rlogind_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_rlogind_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_rlogind_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_rlogind_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_rlogind_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_rlogind_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_rlogind_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_rlogind_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_rlogind_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_rlogind_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_rlogind_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_rlogind_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_rlogind_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_rlogind_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_rlogind_port'($*)) dnl
+	
+	gen_require(`
+		type rlogind_port_t;
+	')
+
+	allow $1 rlogind_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_rlogind_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_rlogind_port'($*)) dnl
+	
+	gen_require(`
+		type rlogind_port_t;
+	')
+
+	allow $1 rlogind_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_rlogind_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the rlogind port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_rlogind_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_rlogind_port'($*)) dnl
+	
+	gen_require(`
+		type rlogind_port_t;
+	')
+
+	allow $1 rlogind_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_rlogind_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rlogind_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rlogind_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rlogind_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_client_packet_t;
+	')
+
+	allow $1 rlogind_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rlogind_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rlogind_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rlogind_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rlogind_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_client_packet_t;
+	')
+
+	dontaudit $1 rlogind_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rlogind_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rlogind_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rlogind_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rlogind_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_client_packet_t;
+	')
+
+	allow $1 rlogind_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rlogind_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rlogind_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rlogind_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rlogind_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_client_packet_t;
+	')
+
+	dontaudit $1 rlogind_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rlogind_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rlogind_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rlogind_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rlogind_client_packets'($*)) dnl
+	
+	corenet_send_rlogind_client_packets($1)
+	corenet_receive_rlogind_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rlogind_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rlogind_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rlogind_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rlogind_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rlogind_client_packets($1)
+	corenet_dontaudit_receive_rlogind_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rlogind_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rlogind_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rlogind_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rlogind_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_client_packet_t;
+	')
+
+	allow $1 rlogind_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rlogind_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rlogind_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rlogind_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rlogind_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_server_packet_t;
+	')
+
+	allow $1 rlogind_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rlogind_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rlogind_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rlogind_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rlogind_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_server_packet_t;
+	')
+
+	dontaudit $1 rlogind_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rlogind_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rlogind_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rlogind_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rlogind_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_server_packet_t;
+	')
+
+	allow $1 rlogind_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rlogind_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rlogind_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rlogind_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rlogind_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_server_packet_t;
+	')
+
+	dontaudit $1 rlogind_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rlogind_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rlogind_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rlogind_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rlogind_server_packets'($*)) dnl
+	
+	corenet_send_rlogind_server_packets($1)
+	corenet_receive_rlogind_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rlogind_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rlogind_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rlogind_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rlogind_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rlogind_server_packets($1)
+	corenet_dontaudit_receive_rlogind_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rlogind_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rlogind_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rlogind_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rlogind_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rlogind_server_packet_t;
+	')
+
+	allow $1 rlogind_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rlogind_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_rndc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_rndc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_rndc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_rndc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_rndc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_rndc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_rndc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_rndc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_rndc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_rndc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_rndc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_rndc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_rndc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_rndc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_rndc_port'($*)) dnl
+	
+	gen_require(`
+		type rndc_port_t;
+	')
+
+	allow $1 rndc_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_rndc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_rndc_port'($*)) dnl
+	
+	gen_require(`
+		type rndc_port_t;
+	')
+
+	allow $1 rndc_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_rndc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the rndc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_rndc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_rndc_port'($*)) dnl
+	
+	gen_require(`
+		type rndc_port_t;
+	')
+
+	allow $1 rndc_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_rndc_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rndc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rndc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rndc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_client_packet_t;
+	')
+
+	allow $1 rndc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rndc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rndc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rndc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rndc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_client_packet_t;
+	')
+
+	dontaudit $1 rndc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rndc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rndc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rndc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rndc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_client_packet_t;
+	')
+
+	allow $1 rndc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rndc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rndc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rndc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rndc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_client_packet_t;
+	')
+
+	dontaudit $1 rndc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rndc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rndc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rndc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rndc_client_packets'($*)) dnl
+	
+	corenet_send_rndc_client_packets($1)
+	corenet_receive_rndc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rndc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rndc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rndc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rndc_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rndc_client_packets($1)
+	corenet_dontaudit_receive_rndc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rndc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rndc_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rndc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rndc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_client_packet_t;
+	')
+
+	allow $1 rndc_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rndc_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rndc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rndc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rndc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_server_packet_t;
+	')
+
+	allow $1 rndc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rndc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rndc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rndc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rndc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_server_packet_t;
+	')
+
+	dontaudit $1 rndc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rndc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rndc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rndc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rndc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_server_packet_t;
+	')
+
+	allow $1 rndc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rndc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rndc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rndc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rndc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_server_packet_t;
+	')
+
+	dontaudit $1 rndc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rndc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rndc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rndc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rndc_server_packets'($*)) dnl
+	
+	corenet_send_rndc_server_packets($1)
+	corenet_receive_rndc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rndc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rndc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rndc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rndc_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rndc_server_packets($1)
+	corenet_dontaudit_receive_rndc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rndc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rndc_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rndc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rndc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rndc_server_packet_t;
+	')
+
+	allow $1 rndc_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rndc_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_router_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_router_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_router_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_router_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_router_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_router_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_router_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_router_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_router_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_router_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_router_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_router_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_router_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_router_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_router_port'($*)) dnl
+	
+	gen_require(`
+		type router_port_t;
+	')
+
+	allow $1 router_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_router_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_router_port'($*)) dnl
+	
+	gen_require(`
+		type router_port_t;
+	')
+
+	allow $1 router_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_router_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the router port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_router_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_router_port'($*)) dnl
+	
+	gen_require(`
+		type router_port_t;
+	')
+
+	allow $1 router_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_router_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send router_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_router_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_router_client_packets'($*)) dnl
+	
+	gen_require(`
+		type router_client_packet_t;
+	')
+
+	allow $1 router_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_router_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send router_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_router_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_router_client_packets'($*)) dnl
+	
+	gen_require(`
+		type router_client_packet_t;
+	')
+
+	dontaudit $1 router_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_router_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive router_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_router_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_router_client_packets'($*)) dnl
+	
+	gen_require(`
+		type router_client_packet_t;
+	')
+
+	allow $1 router_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_router_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive router_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_router_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_router_client_packets'($*)) dnl
+	
+	gen_require(`
+		type router_client_packet_t;
+	')
+
+	dontaudit $1 router_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_router_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive router_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_router_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_router_client_packets'($*)) dnl
+	
+	corenet_send_router_client_packets($1)
+	corenet_receive_router_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_router_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive router_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_router_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_router_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_router_client_packets($1)
+	corenet_dontaudit_receive_router_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_router_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to router_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_router_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_router_client_packets'($*)) dnl
+	
+	gen_require(`
+		type router_client_packet_t;
+	')
+
+	allow $1 router_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_router_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send router_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_router_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_router_server_packets'($*)) dnl
+	
+	gen_require(`
+		type router_server_packet_t;
+	')
+
+	allow $1 router_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_router_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send router_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_router_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_router_server_packets'($*)) dnl
+	
+	gen_require(`
+		type router_server_packet_t;
+	')
+
+	dontaudit $1 router_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_router_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive router_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_router_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_router_server_packets'($*)) dnl
+	
+	gen_require(`
+		type router_server_packet_t;
+	')
+
+	allow $1 router_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_router_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive router_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_router_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_router_server_packets'($*)) dnl
+	
+	gen_require(`
+		type router_server_packet_t;
+	')
+
+	dontaudit $1 router_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_router_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive router_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_router_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_router_server_packets'($*)) dnl
+	
+	corenet_send_router_server_packets($1)
+	corenet_receive_router_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_router_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive router_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_router_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_router_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_router_server_packets($1)
+	corenet_dontaudit_receive_router_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_router_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to router_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_router_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_router_server_packets'($*)) dnl
+	
+	gen_require(`
+		type router_server_packet_t;
+	')
+
+	allow $1 router_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_router_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_rsh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_rsh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_rsh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_rsh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_rsh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_rsh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_rsh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_rsh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_rsh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_rsh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_rsh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_rsh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_rsh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_rsh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_rsh_port'($*)) dnl
+	
+	gen_require(`
+		type rsh_port_t;
+	')
+
+	allow $1 rsh_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_rsh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_rsh_port'($*)) dnl
+	
+	gen_require(`
+		type rsh_port_t;
+	')
+
+	allow $1 rsh_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_rsh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the rsh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_rsh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_rsh_port'($*)) dnl
+	
+	gen_require(`
+		type rsh_port_t;
+	')
+
+	allow $1 rsh_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_rsh_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rsh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rsh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rsh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_client_packet_t;
+	')
+
+	allow $1 rsh_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rsh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rsh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rsh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rsh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_client_packet_t;
+	')
+
+	dontaudit $1 rsh_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rsh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rsh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rsh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rsh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_client_packet_t;
+	')
+
+	allow $1 rsh_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rsh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rsh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rsh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rsh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_client_packet_t;
+	')
+
+	dontaudit $1 rsh_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rsh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rsh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rsh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rsh_client_packets'($*)) dnl
+	
+	corenet_send_rsh_client_packets($1)
+	corenet_receive_rsh_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rsh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rsh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rsh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rsh_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rsh_client_packets($1)
+	corenet_dontaudit_receive_rsh_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rsh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rsh_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rsh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rsh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_client_packet_t;
+	')
+
+	allow $1 rsh_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rsh_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rsh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rsh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rsh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_server_packet_t;
+	')
+
+	allow $1 rsh_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rsh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rsh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rsh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rsh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_server_packet_t;
+	')
+
+	dontaudit $1 rsh_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rsh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rsh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rsh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rsh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_server_packet_t;
+	')
+
+	allow $1 rsh_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rsh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rsh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rsh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rsh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_server_packet_t;
+	')
+
+	dontaudit $1 rsh_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rsh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rsh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rsh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rsh_server_packets'($*)) dnl
+	
+	corenet_send_rsh_server_packets($1)
+	corenet_receive_rsh_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rsh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rsh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rsh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rsh_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rsh_server_packets($1)
+	corenet_dontaudit_receive_rsh_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rsh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rsh_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rsh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rsh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsh_server_packet_t;
+	')
+
+	allow $1 rsh_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rsh_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_rsync_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_rsync_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_rsync_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_rsync_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_rsync_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_rsync_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_rsync_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_rsync_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_rsync_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_rsync_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_rsync_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_rsync_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_rsync_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_rsync_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_rsync_port'($*)) dnl
+	
+	gen_require(`
+		type rsync_port_t;
+	')
+
+	allow $1 rsync_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_rsync_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_rsync_port'($*)) dnl
+	
+	gen_require(`
+		type rsync_port_t;
+	')
+
+	allow $1 rsync_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_rsync_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the rsync port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_rsync_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_rsync_port'($*)) dnl
+	
+	gen_require(`
+		type rsync_port_t;
+	')
+
+	allow $1 rsync_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_rsync_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rsync_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rsync_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rsync_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_client_packet_t;
+	')
+
+	allow $1 rsync_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rsync_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rsync_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rsync_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rsync_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_client_packet_t;
+	')
+
+	dontaudit $1 rsync_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rsync_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rsync_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rsync_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rsync_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_client_packet_t;
+	')
+
+	allow $1 rsync_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rsync_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rsync_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rsync_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rsync_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_client_packet_t;
+	')
+
+	dontaudit $1 rsync_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rsync_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rsync_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rsync_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rsync_client_packets'($*)) dnl
+	
+	corenet_send_rsync_client_packets($1)
+	corenet_receive_rsync_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rsync_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rsync_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rsync_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rsync_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rsync_client_packets($1)
+	corenet_dontaudit_receive_rsync_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rsync_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rsync_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rsync_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rsync_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_client_packet_t;
+	')
+
+	allow $1 rsync_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rsync_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rsync_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rsync_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rsync_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_server_packet_t;
+	')
+
+	allow $1 rsync_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rsync_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rsync_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rsync_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rsync_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_server_packet_t;
+	')
+
+	dontaudit $1 rsync_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rsync_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rsync_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rsync_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rsync_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_server_packet_t;
+	')
+
+	allow $1 rsync_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rsync_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rsync_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rsync_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rsync_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_server_packet_t;
+	')
+
+	dontaudit $1 rsync_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rsync_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rsync_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rsync_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rsync_server_packets'($*)) dnl
+	
+	corenet_send_rsync_server_packets($1)
+	corenet_receive_rsync_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rsync_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rsync_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rsync_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rsync_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rsync_server_packets($1)
+	corenet_dontaudit_receive_rsync_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rsync_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rsync_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rsync_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rsync_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rsync_server_packet_t;
+	')
+
+	allow $1 rsync_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rsync_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_rtorrent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_rtorrent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_rtorrent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_rtorrent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_rtorrent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_rtorrent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_rtorrent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_rtorrent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_rtorrent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_rtorrent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_rtorrent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_rtorrent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_rtorrent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_rtorrent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_rtorrent_port'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_port_t;
+	')
+
+	allow $1 rtorrent_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_rtorrent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_rtorrent_port'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_port_t;
+	')
+
+	allow $1 rtorrent_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_rtorrent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the rtorrent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_rtorrent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_rtorrent_port'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_port_t;
+	')
+
+	allow $1 rtorrent_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_rtorrent_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rtorrent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rtorrent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rtorrent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_client_packet_t;
+	')
+
+	allow $1 rtorrent_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rtorrent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rtorrent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rtorrent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rtorrent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_client_packet_t;
+	')
+
+	dontaudit $1 rtorrent_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rtorrent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rtorrent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rtorrent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rtorrent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_client_packet_t;
+	')
+
+	allow $1 rtorrent_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rtorrent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rtorrent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rtorrent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rtorrent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_client_packet_t;
+	')
+
+	dontaudit $1 rtorrent_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rtorrent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rtorrent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rtorrent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rtorrent_client_packets'($*)) dnl
+	
+	corenet_send_rtorrent_client_packets($1)
+	corenet_receive_rtorrent_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rtorrent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rtorrent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rtorrent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rtorrent_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rtorrent_client_packets($1)
+	corenet_dontaudit_receive_rtorrent_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rtorrent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rtorrent_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rtorrent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rtorrent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_client_packet_t;
+	')
+
+	allow $1 rtorrent_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rtorrent_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rtorrent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rtorrent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rtorrent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_server_packet_t;
+	')
+
+	allow $1 rtorrent_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rtorrent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rtorrent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rtorrent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rtorrent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_server_packet_t;
+	')
+
+	dontaudit $1 rtorrent_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rtorrent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rtorrent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rtorrent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rtorrent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_server_packet_t;
+	')
+
+	allow $1 rtorrent_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rtorrent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rtorrent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rtorrent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rtorrent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_server_packet_t;
+	')
+
+	dontaudit $1 rtorrent_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rtorrent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rtorrent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rtorrent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rtorrent_server_packets'($*)) dnl
+	
+	corenet_send_rtorrent_server_packets($1)
+	corenet_receive_rtorrent_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rtorrent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rtorrent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rtorrent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rtorrent_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rtorrent_server_packets($1)
+	corenet_dontaudit_receive_rtorrent_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rtorrent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rtorrent_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rtorrent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rtorrent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtorrent_server_packet_t;
+	')
+
+	allow $1 rtorrent_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rtorrent_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_rtsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_rtsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_rtsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_rtsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_rtsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_rtsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_rtsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_rtsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_rtsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_rtsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_rtsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_rtsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_rtsp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_rtsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_rtsp_port'($*)) dnl
+	
+	gen_require(`
+		type rtsp_port_t;
+	')
+
+	allow $1 rtsp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_rtsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_rtsp_port'($*)) dnl
+	
+	gen_require(`
+		type rtsp_port_t;
+	')
+
+	allow $1 rtsp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_rtsp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the rtsp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_rtsp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_rtsp_port'($*)) dnl
+	
+	gen_require(`
+		type rtsp_port_t;
+	')
+
+	allow $1 rtsp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_rtsp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rtsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rtsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rtsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_client_packet_t;
+	')
+
+	allow $1 rtsp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rtsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rtsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rtsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rtsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_client_packet_t;
+	')
+
+	dontaudit $1 rtsp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rtsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rtsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rtsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rtsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_client_packet_t;
+	')
+
+	allow $1 rtsp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rtsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rtsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rtsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rtsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_client_packet_t;
+	')
+
+	dontaudit $1 rtsp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rtsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rtsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rtsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rtsp_client_packets'($*)) dnl
+	
+	corenet_send_rtsp_client_packets($1)
+	corenet_receive_rtsp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rtsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rtsp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rtsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rtsp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rtsp_client_packets($1)
+	corenet_dontaudit_receive_rtsp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rtsp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rtsp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rtsp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rtsp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_client_packet_t;
+	')
+
+	allow $1 rtsp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rtsp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rtsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rtsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rtsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_server_packet_t;
+	')
+
+	allow $1 rtsp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rtsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rtsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rtsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rtsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_server_packet_t;
+	')
+
+	dontaudit $1 rtsp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rtsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rtsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rtsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rtsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_server_packet_t;
+	')
+
+	allow $1 rtsp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rtsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rtsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rtsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rtsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_server_packet_t;
+	')
+
+	dontaudit $1 rtsp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rtsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rtsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rtsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rtsp_server_packets'($*)) dnl
+	
+	corenet_send_rtsp_server_packets($1)
+	corenet_receive_rtsp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rtsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rtsp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rtsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rtsp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rtsp_server_packets($1)
+	corenet_dontaudit_receive_rtsp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rtsp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rtsp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rtsp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rtsp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rtsp_server_packet_t;
+	')
+
+	allow $1 rtsp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rtsp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_rwho_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_rwho_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_rwho_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_rwho_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_rwho_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_rwho_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_rwho_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_rwho_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_rwho_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_rwho_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_rwho_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_rwho_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_rwho_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_rwho_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_rwho_port'($*)) dnl
+	
+	gen_require(`
+		type rwho_port_t;
+	')
+
+	allow $1 rwho_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_rwho_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_rwho_port'($*)) dnl
+	
+	gen_require(`
+		type rwho_port_t;
+	')
+
+	allow $1 rwho_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_rwho_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the rwho port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_rwho_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_rwho_port'($*)) dnl
+	
+	gen_require(`
+		type rwho_port_t;
+	')
+
+	allow $1 rwho_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_rwho_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rwho_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rwho_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rwho_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_client_packet_t;
+	')
+
+	allow $1 rwho_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rwho_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rwho_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rwho_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rwho_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_client_packet_t;
+	')
+
+	dontaudit $1 rwho_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rwho_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rwho_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rwho_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rwho_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_client_packet_t;
+	')
+
+	allow $1 rwho_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rwho_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rwho_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rwho_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rwho_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_client_packet_t;
+	')
+
+	dontaudit $1 rwho_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rwho_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rwho_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rwho_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rwho_client_packets'($*)) dnl
+	
+	corenet_send_rwho_client_packets($1)
+	corenet_receive_rwho_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rwho_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rwho_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rwho_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rwho_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rwho_client_packets($1)
+	corenet_dontaudit_receive_rwho_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rwho_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rwho_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rwho_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rwho_client_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_client_packet_t;
+	')
+
+	allow $1 rwho_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rwho_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send rwho_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_rwho_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_rwho_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_server_packet_t;
+	')
+
+	allow $1 rwho_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_rwho_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send rwho_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_rwho_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_rwho_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_server_packet_t;
+	')
+
+	dontaudit $1 rwho_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_rwho_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive rwho_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_rwho_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_rwho_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_server_packet_t;
+	')
+
+	allow $1 rwho_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_rwho_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive rwho_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_rwho_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_rwho_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_server_packet_t;
+	')
+
+	dontaudit $1 rwho_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_rwho_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive rwho_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_rwho_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_rwho_server_packets'($*)) dnl
+	
+	corenet_send_rwho_server_packets($1)
+	corenet_receive_rwho_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_rwho_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive rwho_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_rwho_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_rwho_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_rwho_server_packets($1)
+	corenet_dontaudit_receive_rwho_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_rwho_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to rwho_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_rwho_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_rwho_server_packets'($*)) dnl
+	
+	gen_require(`
+		type rwho_server_packet_t;
+	')
+
+	allow $1 rwho_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_rwho_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_salt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_salt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_salt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_salt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_salt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_salt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_salt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_salt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_salt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_salt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_salt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_salt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_salt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_salt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_salt_port'($*)) dnl
+	
+	gen_require(`
+		type salt_port_t;
+	')
+
+	allow $1 salt_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_salt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_salt_port'($*)) dnl
+	
+	gen_require(`
+		type salt_port_t;
+	')
+
+	allow $1 salt_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_salt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the salt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_salt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_salt_port'($*)) dnl
+	
+	gen_require(`
+		type salt_port_t;
+	')
+
+	allow $1 salt_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_salt_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send salt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_salt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_salt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_client_packet_t;
+	')
+
+	allow $1 salt_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_salt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send salt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_salt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_salt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_client_packet_t;
+	')
+
+	dontaudit $1 salt_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_salt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive salt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_salt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_salt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_client_packet_t;
+	')
+
+	allow $1 salt_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_salt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive salt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_salt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_salt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_client_packet_t;
+	')
+
+	dontaudit $1 salt_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_salt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive salt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_salt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_salt_client_packets'($*)) dnl
+	
+	corenet_send_salt_client_packets($1)
+	corenet_receive_salt_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_salt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive salt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_salt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_salt_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_salt_client_packets($1)
+	corenet_dontaudit_receive_salt_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_salt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to salt_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_salt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_salt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_client_packet_t;
+	')
+
+	allow $1 salt_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_salt_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send salt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_salt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_salt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_server_packet_t;
+	')
+
+	allow $1 salt_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_salt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send salt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_salt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_salt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_server_packet_t;
+	')
+
+	dontaudit $1 salt_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_salt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive salt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_salt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_salt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_server_packet_t;
+	')
+
+	allow $1 salt_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_salt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive salt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_salt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_salt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_server_packet_t;
+	')
+
+	dontaudit $1 salt_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_salt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive salt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_salt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_salt_server_packets'($*)) dnl
+	
+	corenet_send_salt_server_packets($1)
+	corenet_receive_salt_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_salt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive salt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_salt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_salt_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_salt_server_packets($1)
+	corenet_dontaudit_receive_salt_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_salt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to salt_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_salt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_salt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type salt_server_packet_t;
+	')
+
+	allow $1 salt_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_salt_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_sap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_sap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_sap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_sap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_sap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_sap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_sap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_sap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_sap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_sap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_sap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_sap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_sap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_sap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_sap_port'($*)) dnl
+	
+	gen_require(`
+		type sap_port_t;
+	')
+
+	allow $1 sap_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_sap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_sap_port'($*)) dnl
+	
+	gen_require(`
+		type sap_port_t;
+	')
+
+	allow $1 sap_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_sap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the sap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_sap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_sap_port'($*)) dnl
+	
+	gen_require(`
+		type sap_port_t;
+	')
+
+	allow $1 sap_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_sap_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_client_packet_t;
+	')
+
+	allow $1 sap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_client_packet_t;
+	')
+
+	dontaudit $1 sap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_client_packet_t;
+	')
+
+	allow $1 sap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_client_packet_t;
+	')
+
+	dontaudit $1 sap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sap_client_packets'($*)) dnl
+	
+	corenet_send_sap_client_packets($1)
+	corenet_receive_sap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sap_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sap_client_packets($1)
+	corenet_dontaudit_receive_sap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sap_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_client_packet_t;
+	')
+
+	allow $1 sap_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sap_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_server_packet_t;
+	')
+
+	allow $1 sap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_server_packet_t;
+	')
+
+	dontaudit $1 sap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_server_packet_t;
+	')
+
+	allow $1 sap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_server_packet_t;
+	')
+
+	dontaudit $1 sap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sap_server_packets'($*)) dnl
+	
+	corenet_send_sap_server_packets($1)
+	corenet_receive_sap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sap_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sap_server_packets($1)
+	corenet_dontaudit_receive_sap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sap_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sap_server_packet_t;
+	')
+
+	allow $1 sap_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sap_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_servistaitsm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_servistaitsm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_servistaitsm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_servistaitsm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_servistaitsm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_servistaitsm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_servistaitsm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_servistaitsm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_servistaitsm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_servistaitsm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_servistaitsm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_servistaitsm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_servistaitsm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_servistaitsm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_servistaitsm_port'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_port_t;
+	')
+
+	allow $1 servistaitsm_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_servistaitsm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_servistaitsm_port'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_port_t;
+	')
+
+	allow $1 servistaitsm_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_servistaitsm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the servistaitsm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_servistaitsm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_servistaitsm_port'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_port_t;
+	')
+
+	allow $1 servistaitsm_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_servistaitsm_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send servistaitsm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_servistaitsm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_servistaitsm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_client_packet_t;
+	')
+
+	allow $1 servistaitsm_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_servistaitsm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send servistaitsm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_servistaitsm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_servistaitsm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_client_packet_t;
+	')
+
+	dontaudit $1 servistaitsm_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_servistaitsm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive servistaitsm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_servistaitsm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_servistaitsm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_client_packet_t;
+	')
+
+	allow $1 servistaitsm_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_servistaitsm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive servistaitsm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_servistaitsm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_servistaitsm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_client_packet_t;
+	')
+
+	dontaudit $1 servistaitsm_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_servistaitsm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive servistaitsm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_servistaitsm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_servistaitsm_client_packets'($*)) dnl
+	
+	corenet_send_servistaitsm_client_packets($1)
+	corenet_receive_servistaitsm_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_servistaitsm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive servistaitsm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_servistaitsm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_servistaitsm_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_servistaitsm_client_packets($1)
+	corenet_dontaudit_receive_servistaitsm_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_servistaitsm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to servistaitsm_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_servistaitsm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_servistaitsm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_client_packet_t;
+	')
+
+	allow $1 servistaitsm_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_servistaitsm_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send servistaitsm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_servistaitsm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_servistaitsm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_server_packet_t;
+	')
+
+	allow $1 servistaitsm_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_servistaitsm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send servistaitsm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_servistaitsm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_servistaitsm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_server_packet_t;
+	')
+
+	dontaudit $1 servistaitsm_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_servistaitsm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive servistaitsm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_servistaitsm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_servistaitsm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_server_packet_t;
+	')
+
+	allow $1 servistaitsm_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_servistaitsm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive servistaitsm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_servistaitsm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_servistaitsm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_server_packet_t;
+	')
+
+	dontaudit $1 servistaitsm_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_servistaitsm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive servistaitsm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_servistaitsm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_servistaitsm_server_packets'($*)) dnl
+	
+	corenet_send_servistaitsm_server_packets($1)
+	corenet_receive_servistaitsm_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_servistaitsm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive servistaitsm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_servistaitsm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_servistaitsm_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_servistaitsm_server_packets($1)
+	corenet_dontaudit_receive_servistaitsm_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_servistaitsm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to servistaitsm_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_servistaitsm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_servistaitsm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type servistaitsm_server_packet_t;
+	')
+
+	allow $1 servistaitsm_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_servistaitsm_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_sieve_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_sieve_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_sieve_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_sieve_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_sieve_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_sieve_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_sieve_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_sieve_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_sieve_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_sieve_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_sieve_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_sieve_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_sieve_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_sieve_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_sieve_port'($*)) dnl
+	
+	gen_require(`
+		type sieve_port_t;
+	')
+
+	allow $1 sieve_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_sieve_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_sieve_port'($*)) dnl
+	
+	gen_require(`
+		type sieve_port_t;
+	')
+
+	allow $1 sieve_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_sieve_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the sieve port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_sieve_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_sieve_port'($*)) dnl
+	
+	gen_require(`
+		type sieve_port_t;
+	')
+
+	allow $1 sieve_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_sieve_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sieve_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sieve_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sieve_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_client_packet_t;
+	')
+
+	allow $1 sieve_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sieve_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sieve_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sieve_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sieve_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_client_packet_t;
+	')
+
+	dontaudit $1 sieve_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sieve_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sieve_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sieve_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sieve_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_client_packet_t;
+	')
+
+	allow $1 sieve_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sieve_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sieve_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sieve_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sieve_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_client_packet_t;
+	')
+
+	dontaudit $1 sieve_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sieve_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sieve_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sieve_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sieve_client_packets'($*)) dnl
+	
+	corenet_send_sieve_client_packets($1)
+	corenet_receive_sieve_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sieve_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sieve_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sieve_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sieve_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sieve_client_packets($1)
+	corenet_dontaudit_receive_sieve_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sieve_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sieve_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sieve_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sieve_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_client_packet_t;
+	')
+
+	allow $1 sieve_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sieve_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sieve_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sieve_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sieve_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_server_packet_t;
+	')
+
+	allow $1 sieve_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sieve_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sieve_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sieve_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sieve_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_server_packet_t;
+	')
+
+	dontaudit $1 sieve_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sieve_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sieve_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sieve_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sieve_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_server_packet_t;
+	')
+
+	allow $1 sieve_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sieve_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sieve_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sieve_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sieve_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_server_packet_t;
+	')
+
+	dontaudit $1 sieve_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sieve_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sieve_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sieve_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sieve_server_packets'($*)) dnl
+	
+	corenet_send_sieve_server_packets($1)
+	corenet_receive_sieve_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sieve_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sieve_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sieve_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sieve_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sieve_server_packets($1)
+	corenet_dontaudit_receive_sieve_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sieve_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sieve_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sieve_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sieve_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sieve_server_packet_t;
+	')
+
+	allow $1 sieve_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sieve_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_sip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_sip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_sip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_sip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_sip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_sip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_sip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_sip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_sip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_sip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_sip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_sip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_sip_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_sip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_sip_port'($*)) dnl
+	
+	gen_require(`
+		type sip_port_t;
+	')
+
+	allow $1 sip_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_sip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_sip_port'($*)) dnl
+	
+	gen_require(`
+		type sip_port_t;
+	')
+
+	allow $1 sip_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_sip_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the sip port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_sip_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_sip_port'($*)) dnl
+	
+	gen_require(`
+		type sip_port_t;
+	')
+
+	allow $1 sip_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_sip_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_client_packet_t;
+	')
+
+	allow $1 sip_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_client_packet_t;
+	')
+
+	dontaudit $1 sip_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_client_packet_t;
+	')
+
+	allow $1 sip_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_client_packet_t;
+	')
+
+	dontaudit $1 sip_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sip_client_packets'($*)) dnl
+	
+	corenet_send_sip_client_packets($1)
+	corenet_receive_sip_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sip_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sip_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sip_client_packets($1)
+	corenet_dontaudit_receive_sip_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sip_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sip_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sip_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sip_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_client_packet_t;
+	')
+
+	allow $1 sip_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sip_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_server_packet_t;
+	')
+
+	allow $1 sip_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_server_packet_t;
+	')
+
+	dontaudit $1 sip_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_server_packet_t;
+	')
+
+	allow $1 sip_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_server_packet_t;
+	')
+
+	dontaudit $1 sip_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sip_server_packets'($*)) dnl
+	
+	corenet_send_sip_server_packets($1)
+	corenet_receive_sip_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sip_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sip_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sip_server_packets($1)
+	corenet_dontaudit_receive_sip_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sip_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sip_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sip_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sip_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sip_server_packet_t;
+	')
+
+	allow $1 sip_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sip_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_sixxsconfig_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_sixxsconfig_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_sixxsconfig_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_sixxsconfig_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_sixxsconfig_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_sixxsconfig_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_sixxsconfig_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_sixxsconfig_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_sixxsconfig_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_sixxsconfig_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_sixxsconfig_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_sixxsconfig_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_sixxsconfig_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_sixxsconfig_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_sixxsconfig_port'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_port_t;
+	')
+
+	allow $1 sixxsconfig_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_sixxsconfig_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_sixxsconfig_port'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_port_t;
+	')
+
+	allow $1 sixxsconfig_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_sixxsconfig_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the sixxsconfig port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_sixxsconfig_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_sixxsconfig_port'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_port_t;
+	')
+
+	allow $1 sixxsconfig_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_sixxsconfig_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sixxsconfig_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sixxsconfig_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sixxsconfig_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_client_packet_t;
+	')
+
+	allow $1 sixxsconfig_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sixxsconfig_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sixxsconfig_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sixxsconfig_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sixxsconfig_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_client_packet_t;
+	')
+
+	dontaudit $1 sixxsconfig_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sixxsconfig_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sixxsconfig_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sixxsconfig_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sixxsconfig_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_client_packet_t;
+	')
+
+	allow $1 sixxsconfig_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sixxsconfig_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sixxsconfig_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sixxsconfig_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sixxsconfig_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_client_packet_t;
+	')
+
+	dontaudit $1 sixxsconfig_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sixxsconfig_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sixxsconfig_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sixxsconfig_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sixxsconfig_client_packets'($*)) dnl
+	
+	corenet_send_sixxsconfig_client_packets($1)
+	corenet_receive_sixxsconfig_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sixxsconfig_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sixxsconfig_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sixxsconfig_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sixxsconfig_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sixxsconfig_client_packets($1)
+	corenet_dontaudit_receive_sixxsconfig_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sixxsconfig_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sixxsconfig_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sixxsconfig_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sixxsconfig_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_client_packet_t;
+	')
+
+	allow $1 sixxsconfig_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sixxsconfig_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sixxsconfig_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sixxsconfig_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sixxsconfig_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_server_packet_t;
+	')
+
+	allow $1 sixxsconfig_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sixxsconfig_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sixxsconfig_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sixxsconfig_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sixxsconfig_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_server_packet_t;
+	')
+
+	dontaudit $1 sixxsconfig_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sixxsconfig_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sixxsconfig_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sixxsconfig_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sixxsconfig_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_server_packet_t;
+	')
+
+	allow $1 sixxsconfig_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sixxsconfig_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sixxsconfig_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sixxsconfig_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sixxsconfig_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_server_packet_t;
+	')
+
+	dontaudit $1 sixxsconfig_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sixxsconfig_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sixxsconfig_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sixxsconfig_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sixxsconfig_server_packets'($*)) dnl
+	
+	corenet_send_sixxsconfig_server_packets($1)
+	corenet_receive_sixxsconfig_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sixxsconfig_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sixxsconfig_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sixxsconfig_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sixxsconfig_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sixxsconfig_server_packets($1)
+	corenet_dontaudit_receive_sixxsconfig_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sixxsconfig_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sixxsconfig_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sixxsconfig_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sixxsconfig_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sixxsconfig_server_packet_t;
+	')
+
+	allow $1 sixxsconfig_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sixxsconfig_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_smbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_smbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_smbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_smbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_smbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_smbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_smbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_smbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_smbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_smbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_smbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_smbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_smbd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_smbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_smbd_port'($*)) dnl
+	
+	gen_require(`
+		type smbd_port_t;
+	')
+
+	allow $1 smbd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_smbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_smbd_port'($*)) dnl
+	
+	gen_require(`
+		type smbd_port_t;
+	')
+
+	allow $1 smbd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_smbd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the smbd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_smbd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_smbd_port'($*)) dnl
+	
+	gen_require(`
+		type smbd_port_t;
+	')
+
+	allow $1 smbd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_smbd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send smbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_smbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_smbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_client_packet_t;
+	')
+
+	allow $1 smbd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_smbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send smbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_smbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_smbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_client_packet_t;
+	')
+
+	dontaudit $1 smbd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_smbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive smbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_smbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_smbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_client_packet_t;
+	')
+
+	allow $1 smbd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_smbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive smbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_smbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_smbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_client_packet_t;
+	')
+
+	dontaudit $1 smbd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_smbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive smbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_smbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_smbd_client_packets'($*)) dnl
+	
+	corenet_send_smbd_client_packets($1)
+	corenet_receive_smbd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_smbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive smbd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_smbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_smbd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_smbd_client_packets($1)
+	corenet_dontaudit_receive_smbd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_smbd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to smbd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_smbd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_smbd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_client_packet_t;
+	')
+
+	allow $1 smbd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_smbd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send smbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_smbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_smbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_server_packet_t;
+	')
+
+	allow $1 smbd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_smbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send smbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_smbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_smbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_server_packet_t;
+	')
+
+	dontaudit $1 smbd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_smbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive smbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_smbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_smbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_server_packet_t;
+	')
+
+	allow $1 smbd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_smbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive smbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_smbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_smbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_server_packet_t;
+	')
+
+	dontaudit $1 smbd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_smbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive smbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_smbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_smbd_server_packets'($*)) dnl
+	
+	corenet_send_smbd_server_packets($1)
+	corenet_receive_smbd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_smbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive smbd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_smbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_smbd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_smbd_server_packets($1)
+	corenet_dontaudit_receive_smbd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_smbd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to smbd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_smbd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_smbd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smbd_server_packet_t;
+	')
+
+	allow $1 smbd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_smbd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_smtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_smtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_smtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_smtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_smtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_smtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_smtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_smtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_smtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_smtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_smtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_smtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_smtp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_smtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_smtp_port'($*)) dnl
+	
+	gen_require(`
+		type smtp_port_t;
+	')
+
+	allow $1 smtp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_smtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_smtp_port'($*)) dnl
+	
+	gen_require(`
+		type smtp_port_t;
+	')
+
+	allow $1 smtp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_smtp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the smtp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_smtp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_smtp_port'($*)) dnl
+	
+	gen_require(`
+		type smtp_port_t;
+	')
+
+	allow $1 smtp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_smtp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send smtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_smtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_smtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_client_packet_t;
+	')
+
+	allow $1 smtp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_smtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send smtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_smtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_smtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_client_packet_t;
+	')
+
+	dontaudit $1 smtp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_smtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive smtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_smtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_smtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_client_packet_t;
+	')
+
+	allow $1 smtp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_smtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive smtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_smtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_smtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_client_packet_t;
+	')
+
+	dontaudit $1 smtp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_smtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive smtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_smtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_smtp_client_packets'($*)) dnl
+	
+	corenet_send_smtp_client_packets($1)
+	corenet_receive_smtp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_smtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive smtp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_smtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_smtp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_smtp_client_packets($1)
+	corenet_dontaudit_receive_smtp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_smtp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to smtp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_smtp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_smtp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_client_packet_t;
+	')
+
+	allow $1 smtp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_smtp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send smtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_smtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_smtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_server_packet_t;
+	')
+
+	allow $1 smtp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_smtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send smtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_smtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_smtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_server_packet_t;
+	')
+
+	dontaudit $1 smtp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_smtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive smtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_smtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_smtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_server_packet_t;
+	')
+
+	allow $1 smtp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_smtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive smtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_smtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_smtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_server_packet_t;
+	')
+
+	dontaudit $1 smtp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_smtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive smtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_smtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_smtp_server_packets'($*)) dnl
+	
+	corenet_send_smtp_server_packets($1)
+	corenet_receive_smtp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_smtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive smtp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_smtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_smtp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_smtp_server_packets($1)
+	corenet_dontaudit_receive_smtp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_smtp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to smtp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_smtp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_smtp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type smtp_server_packet_t;
+	')
+
+	allow $1 smtp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_smtp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_snmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_snmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_snmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_snmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_snmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_snmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_snmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_snmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_snmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_snmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_snmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_snmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_snmp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_snmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_snmp_port'($*)) dnl
+	
+	gen_require(`
+		type snmp_port_t;
+	')
+
+	allow $1 snmp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_snmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_snmp_port'($*)) dnl
+	
+	gen_require(`
+		type snmp_port_t;
+	')
+
+	allow $1 snmp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_snmp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the snmp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_snmp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_snmp_port'($*)) dnl
+	
+	gen_require(`
+		type snmp_port_t;
+	')
+
+	allow $1 snmp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_snmp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send snmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_snmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_snmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_client_packet_t;
+	')
+
+	allow $1 snmp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_snmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send snmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_snmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_snmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_client_packet_t;
+	')
+
+	dontaudit $1 snmp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_snmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive snmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_snmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_snmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_client_packet_t;
+	')
+
+	allow $1 snmp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_snmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive snmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_snmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_snmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_client_packet_t;
+	')
+
+	dontaudit $1 snmp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_snmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive snmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_snmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_snmp_client_packets'($*)) dnl
+	
+	corenet_send_snmp_client_packets($1)
+	corenet_receive_snmp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_snmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive snmp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_snmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_snmp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_snmp_client_packets($1)
+	corenet_dontaudit_receive_snmp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_snmp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to snmp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_snmp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_snmp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_client_packet_t;
+	')
+
+	allow $1 snmp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_snmp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send snmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_snmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_snmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_server_packet_t;
+	')
+
+	allow $1 snmp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_snmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send snmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_snmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_snmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_server_packet_t;
+	')
+
+	dontaudit $1 snmp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_snmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive snmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_snmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_snmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_server_packet_t;
+	')
+
+	allow $1 snmp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_snmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive snmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_snmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_snmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_server_packet_t;
+	')
+
+	dontaudit $1 snmp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_snmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive snmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_snmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_snmp_server_packets'($*)) dnl
+	
+	corenet_send_snmp_server_packets($1)
+	corenet_receive_snmp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_snmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive snmp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_snmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_snmp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_snmp_server_packets($1)
+	corenet_dontaudit_receive_snmp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_snmp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to snmp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_snmp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_snmp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type snmp_server_packet_t;
+	')
+
+	allow $1 snmp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_snmp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_socks_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_socks_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_socks_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_socks_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_socks_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_socks_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_socks_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_socks_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_socks_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_socks_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_socks_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_socks_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_socks_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_socks_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_socks_port'($*)) dnl
+	
+	gen_require(`
+		type socks_port_t;
+	')
+
+	allow $1 socks_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_socks_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_socks_port'($*)) dnl
+	
+	gen_require(`
+		type socks_port_t;
+	')
+
+	allow $1 socks_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_socks_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the socks port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_socks_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_socks_port'($*)) dnl
+	
+	gen_require(`
+		type socks_port_t;
+	')
+
+	allow $1 socks_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_socks_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send socks_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_socks_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_socks_client_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_client_packet_t;
+	')
+
+	allow $1 socks_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_socks_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send socks_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_socks_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_socks_client_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_client_packet_t;
+	')
+
+	dontaudit $1 socks_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_socks_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive socks_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_socks_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_socks_client_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_client_packet_t;
+	')
+
+	allow $1 socks_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_socks_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive socks_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_socks_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_socks_client_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_client_packet_t;
+	')
+
+	dontaudit $1 socks_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_socks_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive socks_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_socks_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_socks_client_packets'($*)) dnl
+	
+	corenet_send_socks_client_packets($1)
+	corenet_receive_socks_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_socks_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive socks_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_socks_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_socks_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_socks_client_packets($1)
+	corenet_dontaudit_receive_socks_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_socks_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to socks_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_socks_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_socks_client_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_client_packet_t;
+	')
+
+	allow $1 socks_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_socks_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send socks_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_socks_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_socks_server_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_server_packet_t;
+	')
+
+	allow $1 socks_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_socks_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send socks_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_socks_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_socks_server_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_server_packet_t;
+	')
+
+	dontaudit $1 socks_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_socks_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive socks_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_socks_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_socks_server_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_server_packet_t;
+	')
+
+	allow $1 socks_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_socks_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive socks_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_socks_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_socks_server_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_server_packet_t;
+	')
+
+	dontaudit $1 socks_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_socks_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive socks_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_socks_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_socks_server_packets'($*)) dnl
+	
+	corenet_send_socks_server_packets($1)
+	corenet_receive_socks_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_socks_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive socks_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_socks_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_socks_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_socks_server_packets($1)
+	corenet_dontaudit_receive_socks_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_socks_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to socks_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_socks_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_socks_server_packets'($*)) dnl
+	
+	gen_require(`
+		type socks_server_packet_t;
+	')
+
+	allow $1 socks_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_socks_server_packets'($*)) dnl
+	')
+
+
+ # no defined portcon
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_soundd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_soundd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_soundd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_soundd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_soundd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_soundd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_soundd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_soundd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_soundd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_soundd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_soundd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_soundd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_soundd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_soundd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_soundd_port'($*)) dnl
+	
+	gen_require(`
+		type soundd_port_t;
+	')
+
+	allow $1 soundd_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_soundd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_soundd_port'($*)) dnl
+	
+	gen_require(`
+		type soundd_port_t;
+	')
+
+	allow $1 soundd_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_soundd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the soundd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_soundd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_soundd_port'($*)) dnl
+	
+	gen_require(`
+		type soundd_port_t;
+	')
+
+	allow $1 soundd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_soundd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send soundd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_soundd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_soundd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_client_packet_t;
+	')
+
+	allow $1 soundd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_soundd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send soundd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_soundd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_soundd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_client_packet_t;
+	')
+
+	dontaudit $1 soundd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_soundd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive soundd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_soundd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_soundd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_client_packet_t;
+	')
+
+	allow $1 soundd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_soundd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive soundd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_soundd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_soundd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_client_packet_t;
+	')
+
+	dontaudit $1 soundd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_soundd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive soundd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_soundd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_soundd_client_packets'($*)) dnl
+	
+	corenet_send_soundd_client_packets($1)
+	corenet_receive_soundd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_soundd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive soundd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_soundd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_soundd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_soundd_client_packets($1)
+	corenet_dontaudit_receive_soundd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_soundd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to soundd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_soundd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_soundd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_client_packet_t;
+	')
+
+	allow $1 soundd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_soundd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send soundd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_soundd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_soundd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_server_packet_t;
+	')
+
+	allow $1 soundd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_soundd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send soundd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_soundd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_soundd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_server_packet_t;
+	')
+
+	dontaudit $1 soundd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_soundd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive soundd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_soundd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_soundd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_server_packet_t;
+	')
+
+	allow $1 soundd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_soundd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive soundd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_soundd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_soundd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_server_packet_t;
+	')
+
+	dontaudit $1 soundd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_soundd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive soundd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_soundd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_soundd_server_packets'($*)) dnl
+	
+	corenet_send_soundd_server_packets($1)
+	corenet_receive_soundd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_soundd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive soundd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_soundd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_soundd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_soundd_server_packets($1)
+	corenet_dontaudit_receive_soundd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_soundd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to soundd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_soundd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_soundd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type soundd_server_packet_t;
+	')
+
+	allow $1 soundd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_soundd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_spamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_spamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_spamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_spamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_spamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_spamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_spamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_spamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_spamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_spamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_spamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_spamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_spamd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_spamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_spamd_port'($*)) dnl
+	
+	gen_require(`
+		type spamd_port_t;
+	')
+
+	allow $1 spamd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_spamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_spamd_port'($*)) dnl
+	
+	gen_require(`
+		type spamd_port_t;
+	')
+
+	allow $1 spamd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_spamd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the spamd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_spamd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_spamd_port'($*)) dnl
+	
+	gen_require(`
+		type spamd_port_t;
+	')
+
+	allow $1 spamd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_spamd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send spamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_spamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_spamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_client_packet_t;
+	')
+
+	allow $1 spamd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_spamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send spamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_spamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_spamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_client_packet_t;
+	')
+
+	dontaudit $1 spamd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_spamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive spamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_spamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_spamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_client_packet_t;
+	')
+
+	allow $1 spamd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_spamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive spamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_spamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_spamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_client_packet_t;
+	')
+
+	dontaudit $1 spamd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_spamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive spamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_spamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_spamd_client_packets'($*)) dnl
+	
+	corenet_send_spamd_client_packets($1)
+	corenet_receive_spamd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_spamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive spamd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_spamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_spamd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_spamd_client_packets($1)
+	corenet_dontaudit_receive_spamd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_spamd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to spamd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_spamd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_spamd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_client_packet_t;
+	')
+
+	allow $1 spamd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_spamd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send spamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_spamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_spamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_server_packet_t;
+	')
+
+	allow $1 spamd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_spamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send spamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_spamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_spamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_server_packet_t;
+	')
+
+	dontaudit $1 spamd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_spamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive spamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_spamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_spamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_server_packet_t;
+	')
+
+	allow $1 spamd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_spamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive spamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_spamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_spamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_server_packet_t;
+	')
+
+	dontaudit $1 spamd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_spamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive spamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_spamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_spamd_server_packets'($*)) dnl
+	
+	corenet_send_spamd_server_packets($1)
+	corenet_receive_spamd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_spamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive spamd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_spamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_spamd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_spamd_server_packets($1)
+	corenet_dontaudit_receive_spamd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_spamd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to spamd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_spamd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_spamd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type spamd_server_packet_t;
+	')
+
+	allow $1 spamd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_spamd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_speech_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_speech_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_speech_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_speech_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_speech_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_speech_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_speech_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_speech_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_speech_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_speech_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_speech_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_speech_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_speech_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_speech_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_speech_port'($*)) dnl
+	
+	gen_require(`
+		type speech_port_t;
+	')
+
+	allow $1 speech_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_speech_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_speech_port'($*)) dnl
+	
+	gen_require(`
+		type speech_port_t;
+	')
+
+	allow $1 speech_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_speech_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the speech port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_speech_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_speech_port'($*)) dnl
+	
+	gen_require(`
+		type speech_port_t;
+	')
+
+	allow $1 speech_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_speech_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send speech_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_speech_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_speech_client_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_client_packet_t;
+	')
+
+	allow $1 speech_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_speech_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send speech_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_speech_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_speech_client_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_client_packet_t;
+	')
+
+	dontaudit $1 speech_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_speech_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive speech_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_speech_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_speech_client_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_client_packet_t;
+	')
+
+	allow $1 speech_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_speech_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive speech_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_speech_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_speech_client_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_client_packet_t;
+	')
+
+	dontaudit $1 speech_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_speech_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive speech_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_speech_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_speech_client_packets'($*)) dnl
+	
+	corenet_send_speech_client_packets($1)
+	corenet_receive_speech_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_speech_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive speech_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_speech_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_speech_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_speech_client_packets($1)
+	corenet_dontaudit_receive_speech_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_speech_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to speech_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_speech_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_speech_client_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_client_packet_t;
+	')
+
+	allow $1 speech_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_speech_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send speech_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_speech_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_speech_server_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_server_packet_t;
+	')
+
+	allow $1 speech_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_speech_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send speech_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_speech_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_speech_server_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_server_packet_t;
+	')
+
+	dontaudit $1 speech_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_speech_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive speech_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_speech_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_speech_server_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_server_packet_t;
+	')
+
+	allow $1 speech_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_speech_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive speech_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_speech_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_speech_server_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_server_packet_t;
+	')
+
+	dontaudit $1 speech_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_speech_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive speech_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_speech_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_speech_server_packets'($*)) dnl
+	
+	corenet_send_speech_server_packets($1)
+	corenet_receive_speech_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_speech_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive speech_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_speech_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_speech_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_speech_server_packets($1)
+	corenet_dontaudit_receive_speech_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_speech_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to speech_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_speech_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_speech_server_packets'($*)) dnl
+	
+	gen_require(`
+		type speech_server_packet_t;
+	')
+
+	allow $1 speech_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_speech_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_squid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_squid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_squid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_squid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_squid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_squid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_squid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_squid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_squid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_squid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_squid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_squid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_squid_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_squid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_squid_port'($*)) dnl
+	
+	gen_require(`
+		type squid_port_t;
+	')
+
+	allow $1 squid_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_squid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_squid_port'($*)) dnl
+	
+	gen_require(`
+		type squid_port_t;
+	')
+
+	allow $1 squid_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_squid_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the squid port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_squid_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_squid_port'($*)) dnl
+	
+	gen_require(`
+		type squid_port_t;
+	')
+
+	allow $1 squid_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_squid_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send squid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_squid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_squid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_client_packet_t;
+	')
+
+	allow $1 squid_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_squid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send squid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_squid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_squid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_client_packet_t;
+	')
+
+	dontaudit $1 squid_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_squid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive squid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_squid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_squid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_client_packet_t;
+	')
+
+	allow $1 squid_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_squid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive squid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_squid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_squid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_client_packet_t;
+	')
+
+	dontaudit $1 squid_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_squid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive squid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_squid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_squid_client_packets'($*)) dnl
+	
+	corenet_send_squid_client_packets($1)
+	corenet_receive_squid_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_squid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive squid_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_squid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_squid_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_squid_client_packets($1)
+	corenet_dontaudit_receive_squid_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_squid_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to squid_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_squid_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_squid_client_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_client_packet_t;
+	')
+
+	allow $1 squid_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_squid_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send squid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_squid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_squid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_server_packet_t;
+	')
+
+	allow $1 squid_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_squid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send squid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_squid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_squid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_server_packet_t;
+	')
+
+	dontaudit $1 squid_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_squid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive squid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_squid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_squid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_server_packet_t;
+	')
+
+	allow $1 squid_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_squid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive squid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_squid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_squid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_server_packet_t;
+	')
+
+	dontaudit $1 squid_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_squid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive squid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_squid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_squid_server_packets'($*)) dnl
+	
+	corenet_send_squid_server_packets($1)
+	corenet_receive_squid_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_squid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive squid_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_squid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_squid_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_squid_server_packets($1)
+	corenet_dontaudit_receive_squid_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_squid_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to squid_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_squid_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_squid_server_packets'($*)) dnl
+	
+	gen_require(`
+		type squid_server_packet_t;
+	')
+
+	allow $1 squid_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_squid_server_packets'($*)) dnl
+	')
+
+
+ # snmp and htcp
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ssdp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ssdp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ssdp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ssdp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ssdp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ssdp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ssdp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ssdp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ssdp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ssdp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ssdp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ssdp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ssdp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ssdp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ssdp_port'($*)) dnl
+	
+	gen_require(`
+		type ssdp_port_t;
+	')
+
+	allow $1 ssdp_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ssdp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ssdp_port'($*)) dnl
+	
+	gen_require(`
+		type ssdp_port_t;
+	')
+
+	allow $1 ssdp_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ssdp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ssdp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ssdp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ssdp_port'($*)) dnl
+	
+	gen_require(`
+		type ssdp_port_t;
+	')
+
+	allow $1 ssdp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ssdp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ssdp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ssdp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ssdp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_client_packet_t;
+	')
+
+	allow $1 ssdp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ssdp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ssdp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ssdp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ssdp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_client_packet_t;
+	')
+
+	dontaudit $1 ssdp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ssdp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ssdp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ssdp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ssdp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_client_packet_t;
+	')
+
+	allow $1 ssdp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ssdp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ssdp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ssdp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ssdp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_client_packet_t;
+	')
+
+	dontaudit $1 ssdp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ssdp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ssdp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ssdp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ssdp_client_packets'($*)) dnl
+	
+	corenet_send_ssdp_client_packets($1)
+	corenet_receive_ssdp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ssdp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ssdp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ssdp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ssdp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ssdp_client_packets($1)
+	corenet_dontaudit_receive_ssdp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ssdp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ssdp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ssdp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ssdp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_client_packet_t;
+	')
+
+	allow $1 ssdp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ssdp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ssdp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ssdp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ssdp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_server_packet_t;
+	')
+
+	allow $1 ssdp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ssdp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ssdp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ssdp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ssdp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_server_packet_t;
+	')
+
+	dontaudit $1 ssdp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ssdp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ssdp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ssdp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ssdp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_server_packet_t;
+	')
+
+	allow $1 ssdp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ssdp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ssdp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ssdp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ssdp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_server_packet_t;
+	')
+
+	dontaudit $1 ssdp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ssdp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ssdp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ssdp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ssdp_server_packets'($*)) dnl
+	
+	corenet_send_ssdp_server_packets($1)
+	corenet_receive_ssdp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ssdp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ssdp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ssdp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ssdp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ssdp_server_packets($1)
+	corenet_dontaudit_receive_ssdp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ssdp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ssdp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ssdp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ssdp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssdp_server_packet_t;
+	')
+
+	allow $1 ssdp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ssdp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ssh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ssh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ssh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ssh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ssh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ssh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ssh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ssh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ssh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ssh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ssh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ssh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ssh_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ssh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ssh_port'($*)) dnl
+	
+	gen_require(`
+		type ssh_port_t;
+	')
+
+	allow $1 ssh_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ssh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ssh_port'($*)) dnl
+	
+	gen_require(`
+		type ssh_port_t;
+	')
+
+	allow $1 ssh_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ssh_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ssh port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ssh_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ssh_port'($*)) dnl
+	
+	gen_require(`
+		type ssh_port_t;
+	')
+
+	allow $1 ssh_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ssh_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ssh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ssh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ssh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_client_packet_t;
+	')
+
+	allow $1 ssh_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ssh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ssh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ssh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ssh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_client_packet_t;
+	')
+
+	dontaudit $1 ssh_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ssh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ssh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ssh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ssh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_client_packet_t;
+	')
+
+	allow $1 ssh_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ssh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ssh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ssh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ssh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_client_packet_t;
+	')
+
+	dontaudit $1 ssh_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ssh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ssh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ssh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ssh_client_packets'($*)) dnl
+	
+	corenet_send_ssh_client_packets($1)
+	corenet_receive_ssh_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ssh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ssh_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ssh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ssh_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ssh_client_packets($1)
+	corenet_dontaudit_receive_ssh_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ssh_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ssh_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ssh_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ssh_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_client_packet_t;
+	')
+
+	allow $1 ssh_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ssh_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ssh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ssh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ssh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_server_packet_t;
+	')
+
+	allow $1 ssh_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ssh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ssh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ssh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ssh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_server_packet_t;
+	')
+
+	dontaudit $1 ssh_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ssh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ssh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ssh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ssh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_server_packet_t;
+	')
+
+	allow $1 ssh_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ssh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ssh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ssh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ssh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_server_packet_t;
+	')
+
+	dontaudit $1 ssh_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ssh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ssh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ssh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ssh_server_packets'($*)) dnl
+	
+	corenet_send_ssh_server_packets($1)
+	corenet_receive_ssh_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ssh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ssh_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ssh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ssh_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ssh_server_packets($1)
+	corenet_dontaudit_receive_ssh_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ssh_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ssh_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ssh_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ssh_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ssh_server_packet_t;
+	')
+
+	allow $1 ssh_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ssh_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_stunnel_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_stunnel_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_stunnel_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_stunnel_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_stunnel_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_stunnel_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_stunnel_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_stunnel_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_stunnel_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_stunnel_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_stunnel_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_stunnel_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_stunnel_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_stunnel_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_stunnel_port'($*)) dnl
+	
+	gen_require(`
+		type stunnel_port_t;
+	')
+
+	allow $1 stunnel_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_stunnel_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_stunnel_port'($*)) dnl
+	
+	gen_require(`
+		type stunnel_port_t;
+	')
+
+	allow $1 stunnel_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_stunnel_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the stunnel port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_stunnel_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_stunnel_port'($*)) dnl
+	
+	gen_require(`
+		type stunnel_port_t;
+	')
+
+	allow $1 stunnel_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_stunnel_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send stunnel_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_stunnel_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_stunnel_client_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_client_packet_t;
+	')
+
+	allow $1 stunnel_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_stunnel_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send stunnel_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_stunnel_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_stunnel_client_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_client_packet_t;
+	')
+
+	dontaudit $1 stunnel_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_stunnel_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive stunnel_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_stunnel_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_stunnel_client_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_client_packet_t;
+	')
+
+	allow $1 stunnel_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_stunnel_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive stunnel_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_stunnel_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_stunnel_client_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_client_packet_t;
+	')
+
+	dontaudit $1 stunnel_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_stunnel_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive stunnel_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_stunnel_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_stunnel_client_packets'($*)) dnl
+	
+	corenet_send_stunnel_client_packets($1)
+	corenet_receive_stunnel_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_stunnel_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive stunnel_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_stunnel_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_stunnel_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_stunnel_client_packets($1)
+	corenet_dontaudit_receive_stunnel_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_stunnel_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to stunnel_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_stunnel_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_stunnel_client_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_client_packet_t;
+	')
+
+	allow $1 stunnel_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_stunnel_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send stunnel_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_stunnel_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_stunnel_server_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_server_packet_t;
+	')
+
+	allow $1 stunnel_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_stunnel_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send stunnel_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_stunnel_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_stunnel_server_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_server_packet_t;
+	')
+
+	dontaudit $1 stunnel_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_stunnel_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive stunnel_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_stunnel_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_stunnel_server_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_server_packet_t;
+	')
+
+	allow $1 stunnel_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_stunnel_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive stunnel_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_stunnel_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_stunnel_server_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_server_packet_t;
+	')
+
+	dontaudit $1 stunnel_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_stunnel_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive stunnel_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_stunnel_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_stunnel_server_packets'($*)) dnl
+	
+	corenet_send_stunnel_server_packets($1)
+	corenet_receive_stunnel_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_stunnel_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive stunnel_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_stunnel_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_stunnel_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_stunnel_server_packets($1)
+	corenet_dontaudit_receive_stunnel_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_stunnel_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to stunnel_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_stunnel_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_stunnel_server_packets'($*)) dnl
+	
+	gen_require(`
+		type stunnel_server_packet_t;
+	')
+
+	allow $1 stunnel_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_stunnel_server_packets'($*)) dnl
+	')
+
+
+ # no defined portcon
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_svn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_svn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_svn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_svn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_svn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_svn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_svn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_svn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_svn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_svn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_svn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_svn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_svn_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_svn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_svn_port'($*)) dnl
+	
+	gen_require(`
+		type svn_port_t;
+	')
+
+	allow $1 svn_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_svn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_svn_port'($*)) dnl
+	
+	gen_require(`
+		type svn_port_t;
+	')
+
+	allow $1 svn_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_svn_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the svn port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_svn_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_svn_port'($*)) dnl
+	
+	gen_require(`
+		type svn_port_t;
+	')
+
+	allow $1 svn_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_svn_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send svn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_svn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_svn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_client_packet_t;
+	')
+
+	allow $1 svn_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_svn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send svn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_svn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_svn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_client_packet_t;
+	')
+
+	dontaudit $1 svn_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_svn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive svn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_svn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_svn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_client_packet_t;
+	')
+
+	allow $1 svn_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_svn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive svn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_svn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_svn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_client_packet_t;
+	')
+
+	dontaudit $1 svn_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_svn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive svn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_svn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_svn_client_packets'($*)) dnl
+	
+	corenet_send_svn_client_packets($1)
+	corenet_receive_svn_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_svn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive svn_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_svn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_svn_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_svn_client_packets($1)
+	corenet_dontaudit_receive_svn_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_svn_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to svn_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_svn_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_svn_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_client_packet_t;
+	')
+
+	allow $1 svn_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_svn_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send svn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_svn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_svn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_server_packet_t;
+	')
+
+	allow $1 svn_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_svn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send svn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_svn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_svn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_server_packet_t;
+	')
+
+	dontaudit $1 svn_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_svn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive svn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_svn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_svn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_server_packet_t;
+	')
+
+	allow $1 svn_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_svn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive svn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_svn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_svn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_server_packet_t;
+	')
+
+	dontaudit $1 svn_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_svn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive svn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_svn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_svn_server_packets'($*)) dnl
+	
+	corenet_send_svn_server_packets($1)
+	corenet_receive_svn_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_svn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive svn_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_svn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_svn_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_svn_server_packets($1)
+	corenet_dontaudit_receive_svn_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_svn_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to svn_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_svn_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_svn_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svn_server_packet_t;
+	')
+
+	allow $1 svn_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_svn_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_svrloc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_svrloc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_svrloc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_svrloc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_svrloc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_svrloc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_svrloc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_svrloc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_svrloc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_svrloc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_svrloc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_svrloc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_svrloc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_svrloc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_svrloc_port'($*)) dnl
+	
+	gen_require(`
+		type svrloc_port_t;
+	')
+
+	allow $1 svrloc_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_svrloc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_svrloc_port'($*)) dnl
+	
+	gen_require(`
+		type svrloc_port_t;
+	')
+
+	allow $1 svrloc_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_svrloc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the svrloc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_svrloc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_svrloc_port'($*)) dnl
+	
+	gen_require(`
+		type svrloc_port_t;
+	')
+
+	allow $1 svrloc_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_svrloc_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send svrloc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_svrloc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_svrloc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_client_packet_t;
+	')
+
+	allow $1 svrloc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_svrloc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send svrloc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_svrloc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_svrloc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_client_packet_t;
+	')
+
+	dontaudit $1 svrloc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_svrloc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive svrloc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_svrloc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_svrloc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_client_packet_t;
+	')
+
+	allow $1 svrloc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_svrloc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive svrloc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_svrloc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_svrloc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_client_packet_t;
+	')
+
+	dontaudit $1 svrloc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_svrloc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive svrloc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_svrloc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_svrloc_client_packets'($*)) dnl
+	
+	corenet_send_svrloc_client_packets($1)
+	corenet_receive_svrloc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_svrloc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive svrloc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_svrloc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_svrloc_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_svrloc_client_packets($1)
+	corenet_dontaudit_receive_svrloc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_svrloc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to svrloc_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_svrloc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_svrloc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_client_packet_t;
+	')
+
+	allow $1 svrloc_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_svrloc_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send svrloc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_svrloc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_svrloc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_server_packet_t;
+	')
+
+	allow $1 svrloc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_svrloc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send svrloc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_svrloc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_svrloc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_server_packet_t;
+	')
+
+	dontaudit $1 svrloc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_svrloc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive svrloc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_svrloc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_svrloc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_server_packet_t;
+	')
+
+	allow $1 svrloc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_svrloc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive svrloc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_svrloc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_svrloc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_server_packet_t;
+	')
+
+	dontaudit $1 svrloc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_svrloc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive svrloc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_svrloc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_svrloc_server_packets'($*)) dnl
+	
+	corenet_send_svrloc_server_packets($1)
+	corenet_receive_svrloc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_svrloc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive svrloc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_svrloc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_svrloc_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_svrloc_server_packets($1)
+	corenet_dontaudit_receive_svrloc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_svrloc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to svrloc_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_svrloc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_svrloc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type svrloc_server_packet_t;
+	')
+
+	allow $1 svrloc_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_svrloc_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_swat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_swat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_swat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_swat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_swat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_swat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_swat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_swat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_swat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_swat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_swat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_swat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_swat_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_swat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_swat_port'($*)) dnl
+	
+	gen_require(`
+		type swat_port_t;
+	')
+
+	allow $1 swat_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_swat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_swat_port'($*)) dnl
+	
+	gen_require(`
+		type swat_port_t;
+	')
+
+	allow $1 swat_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_swat_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the swat port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_swat_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_swat_port'($*)) dnl
+	
+	gen_require(`
+		type swat_port_t;
+	')
+
+	allow $1 swat_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_swat_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send swat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_swat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_swat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_client_packet_t;
+	')
+
+	allow $1 swat_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_swat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send swat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_swat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_swat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_client_packet_t;
+	')
+
+	dontaudit $1 swat_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_swat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive swat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_swat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_swat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_client_packet_t;
+	')
+
+	allow $1 swat_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_swat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive swat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_swat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_swat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_client_packet_t;
+	')
+
+	dontaudit $1 swat_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_swat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive swat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_swat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_swat_client_packets'($*)) dnl
+	
+	corenet_send_swat_client_packets($1)
+	corenet_receive_swat_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_swat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive swat_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_swat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_swat_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_swat_client_packets($1)
+	corenet_dontaudit_receive_swat_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_swat_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to swat_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_swat_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_swat_client_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_client_packet_t;
+	')
+
+	allow $1 swat_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_swat_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send swat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_swat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_swat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_server_packet_t;
+	')
+
+	allow $1 swat_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_swat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send swat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_swat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_swat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_server_packet_t;
+	')
+
+	dontaudit $1 swat_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_swat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive swat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_swat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_swat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_server_packet_t;
+	')
+
+	allow $1 swat_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_swat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive swat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_swat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_swat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_server_packet_t;
+	')
+
+	dontaudit $1 swat_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_swat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive swat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_swat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_swat_server_packets'($*)) dnl
+	
+	corenet_send_swat_server_packets($1)
+	corenet_receive_swat_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_swat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive swat_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_swat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_swat_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_swat_server_packets($1)
+	corenet_dontaudit_receive_swat_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_swat_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to swat_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_swat_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_swat_server_packets'($*)) dnl
+	
+	gen_require(`
+		type swat_server_packet_t;
+	')
+
+	allow $1 swat_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_swat_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_syncthing_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_syncthing_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_syncthing_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_syncthing_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_syncthing_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_syncthing_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_syncthing_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_syncthing_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_syncthing_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_syncthing_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_syncthing_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_syncthing_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_syncthing_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_syncthing_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_syncthing_port'($*)) dnl
+	
+	gen_require(`
+		type syncthing_port_t;
+	')
+
+	allow $1 syncthing_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_syncthing_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_syncthing_port'($*)) dnl
+	
+	gen_require(`
+		type syncthing_port_t;
+	')
+
+	allow $1 syncthing_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_syncthing_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the syncthing port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_syncthing_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_syncthing_port'($*)) dnl
+	
+	gen_require(`
+		type syncthing_port_t;
+	')
+
+	allow $1 syncthing_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_syncthing_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syncthing_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syncthing_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syncthing_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_client_packet_t;
+	')
+
+	allow $1 syncthing_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syncthing_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syncthing_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syncthing_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syncthing_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_client_packet_t;
+	')
+
+	dontaudit $1 syncthing_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syncthing_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syncthing_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syncthing_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syncthing_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_client_packet_t;
+	')
+
+	allow $1 syncthing_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syncthing_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syncthing_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syncthing_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syncthing_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_client_packet_t;
+	')
+
+	dontaudit $1 syncthing_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syncthing_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syncthing_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syncthing_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syncthing_client_packets'($*)) dnl
+	
+	corenet_send_syncthing_client_packets($1)
+	corenet_receive_syncthing_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syncthing_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syncthing_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syncthing_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syncthing_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syncthing_client_packets($1)
+	corenet_dontaudit_receive_syncthing_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syncthing_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syncthing_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syncthing_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syncthing_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_client_packet_t;
+	')
+
+	allow $1 syncthing_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syncthing_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syncthing_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syncthing_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syncthing_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_server_packet_t;
+	')
+
+	allow $1 syncthing_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syncthing_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syncthing_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syncthing_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syncthing_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_server_packet_t;
+	')
+
+	dontaudit $1 syncthing_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syncthing_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syncthing_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syncthing_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syncthing_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_server_packet_t;
+	')
+
+	allow $1 syncthing_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syncthing_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syncthing_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syncthing_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syncthing_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_server_packet_t;
+	')
+
+	dontaudit $1 syncthing_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syncthing_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syncthing_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syncthing_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syncthing_server_packets'($*)) dnl
+	
+	corenet_send_syncthing_server_packets($1)
+	corenet_receive_syncthing_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syncthing_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syncthing_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syncthing_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syncthing_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syncthing_server_packets($1)
+	corenet_dontaudit_receive_syncthing_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syncthing_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syncthing_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syncthing_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syncthing_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_server_packet_t;
+	')
+
+	allow $1 syncthing_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syncthing_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_syncthing_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_syncthing_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_syncthing_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_syncthing_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_syncthing_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_syncthing_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_syncthing_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_syncthing_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_syncthing_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_syncthing_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_syncthing_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_syncthing_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_syncthing_admin_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_syncthing_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_syncthing_admin_port'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_port_t;
+	')
+
+	allow $1 syncthing_admin_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_syncthing_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_syncthing_admin_port'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_port_t;
+	')
+
+	allow $1 syncthing_admin_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_syncthing_admin_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the syncthing_admin port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_syncthing_admin_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_syncthing_admin_port'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_port_t;
+	')
+
+	allow $1 syncthing_admin_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_syncthing_admin_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syncthing_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syncthing_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syncthing_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_client_packet_t;
+	')
+
+	allow $1 syncthing_admin_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syncthing_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syncthing_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syncthing_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syncthing_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_client_packet_t;
+	')
+
+	dontaudit $1 syncthing_admin_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syncthing_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syncthing_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syncthing_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syncthing_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_client_packet_t;
+	')
+
+	allow $1 syncthing_admin_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syncthing_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syncthing_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syncthing_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syncthing_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_client_packet_t;
+	')
+
+	dontaudit $1 syncthing_admin_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syncthing_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syncthing_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syncthing_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syncthing_admin_client_packets'($*)) dnl
+	
+	corenet_send_syncthing_admin_client_packets($1)
+	corenet_receive_syncthing_admin_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syncthing_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syncthing_admin_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syncthing_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syncthing_admin_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syncthing_admin_client_packets($1)
+	corenet_dontaudit_receive_syncthing_admin_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syncthing_admin_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syncthing_admin_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syncthing_admin_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syncthing_admin_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_client_packet_t;
+	')
+
+	allow $1 syncthing_admin_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syncthing_admin_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syncthing_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syncthing_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syncthing_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_server_packet_t;
+	')
+
+	allow $1 syncthing_admin_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syncthing_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syncthing_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syncthing_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syncthing_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_server_packet_t;
+	')
+
+	dontaudit $1 syncthing_admin_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syncthing_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syncthing_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syncthing_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syncthing_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_server_packet_t;
+	')
+
+	allow $1 syncthing_admin_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syncthing_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syncthing_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syncthing_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syncthing_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_server_packet_t;
+	')
+
+	dontaudit $1 syncthing_admin_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syncthing_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syncthing_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syncthing_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syncthing_admin_server_packets'($*)) dnl
+	
+	corenet_send_syncthing_admin_server_packets($1)
+	corenet_receive_syncthing_admin_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syncthing_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syncthing_admin_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syncthing_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syncthing_admin_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syncthing_admin_server_packets($1)
+	corenet_dontaudit_receive_syncthing_admin_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syncthing_admin_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syncthing_admin_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syncthing_admin_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syncthing_admin_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_admin_server_packet_t;
+	')
+
+	allow $1 syncthing_admin_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syncthing_admin_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_syncthing_discovery_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_syncthing_discovery_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_syncthing_discovery_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_syncthing_discovery_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_syncthing_discovery_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_syncthing_discovery_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_syncthing_discovery_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_syncthing_discovery_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_syncthing_discovery_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_syncthing_discovery_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_syncthing_discovery_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_syncthing_discovery_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_syncthing_discovery_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_syncthing_discovery_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_syncthing_discovery_port'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_port_t;
+	')
+
+	allow $1 syncthing_discovery_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_syncthing_discovery_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_syncthing_discovery_port'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_port_t;
+	')
+
+	allow $1 syncthing_discovery_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_syncthing_discovery_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the syncthing_discovery port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_syncthing_discovery_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_syncthing_discovery_port'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_port_t;
+	')
+
+	allow $1 syncthing_discovery_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_syncthing_discovery_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syncthing_discovery_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syncthing_discovery_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syncthing_discovery_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_client_packet_t;
+	')
+
+	allow $1 syncthing_discovery_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syncthing_discovery_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syncthing_discovery_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syncthing_discovery_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syncthing_discovery_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_client_packet_t;
+	')
+
+	dontaudit $1 syncthing_discovery_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syncthing_discovery_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syncthing_discovery_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syncthing_discovery_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syncthing_discovery_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_client_packet_t;
+	')
+
+	allow $1 syncthing_discovery_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syncthing_discovery_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syncthing_discovery_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syncthing_discovery_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syncthing_discovery_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_client_packet_t;
+	')
+
+	dontaudit $1 syncthing_discovery_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syncthing_discovery_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syncthing_discovery_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syncthing_discovery_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syncthing_discovery_client_packets'($*)) dnl
+	
+	corenet_send_syncthing_discovery_client_packets($1)
+	corenet_receive_syncthing_discovery_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syncthing_discovery_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syncthing_discovery_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syncthing_discovery_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syncthing_discovery_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syncthing_discovery_client_packets($1)
+	corenet_dontaudit_receive_syncthing_discovery_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syncthing_discovery_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syncthing_discovery_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syncthing_discovery_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syncthing_discovery_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_client_packet_t;
+	')
+
+	allow $1 syncthing_discovery_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syncthing_discovery_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syncthing_discovery_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syncthing_discovery_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syncthing_discovery_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_server_packet_t;
+	')
+
+	allow $1 syncthing_discovery_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syncthing_discovery_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syncthing_discovery_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syncthing_discovery_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syncthing_discovery_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_server_packet_t;
+	')
+
+	dontaudit $1 syncthing_discovery_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syncthing_discovery_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syncthing_discovery_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syncthing_discovery_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syncthing_discovery_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_server_packet_t;
+	')
+
+	allow $1 syncthing_discovery_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syncthing_discovery_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syncthing_discovery_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syncthing_discovery_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syncthing_discovery_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_server_packet_t;
+	')
+
+	dontaudit $1 syncthing_discovery_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syncthing_discovery_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syncthing_discovery_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syncthing_discovery_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syncthing_discovery_server_packets'($*)) dnl
+	
+	corenet_send_syncthing_discovery_server_packets($1)
+	corenet_receive_syncthing_discovery_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syncthing_discovery_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syncthing_discovery_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syncthing_discovery_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syncthing_discovery_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syncthing_discovery_server_packets($1)
+	corenet_dontaudit_receive_syncthing_discovery_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syncthing_discovery_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syncthing_discovery_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syncthing_discovery_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syncthing_discovery_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syncthing_discovery_server_packet_t;
+	')
+
+	allow $1 syncthing_discovery_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syncthing_discovery_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_sype_transport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_sype_transport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_sype_transport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_sype_transport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_sype_transport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_sype_transport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_sype_transport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_sype_transport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_sype_transport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_sype_transport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_sype_transport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_sype_transport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_sype_transport_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_sype_transport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_sype_transport_port'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_port_t;
+	')
+
+	allow $1 sype_transport_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_sype_transport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_sype_transport_port'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_port_t;
+	')
+
+	allow $1 sype_transport_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_sype_transport_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the sype_transport port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_sype_transport_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_sype_transport_port'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_port_t;
+	')
+
+	allow $1 sype_transport_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_sype_transport_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sype_transport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sype_transport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sype_transport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_client_packet_t;
+	')
+
+	allow $1 sype_transport_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sype_transport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sype_transport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sype_transport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sype_transport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_client_packet_t;
+	')
+
+	dontaudit $1 sype_transport_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sype_transport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sype_transport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sype_transport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sype_transport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_client_packet_t;
+	')
+
+	allow $1 sype_transport_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sype_transport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sype_transport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sype_transport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sype_transport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_client_packet_t;
+	')
+
+	dontaudit $1 sype_transport_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sype_transport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sype_transport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sype_transport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sype_transport_client_packets'($*)) dnl
+	
+	corenet_send_sype_transport_client_packets($1)
+	corenet_receive_sype_transport_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sype_transport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sype_transport_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sype_transport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sype_transport_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sype_transport_client_packets($1)
+	corenet_dontaudit_receive_sype_transport_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sype_transport_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sype_transport_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sype_transport_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sype_transport_client_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_client_packet_t;
+	')
+
+	allow $1 sype_transport_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sype_transport_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send sype_transport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_sype_transport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_sype_transport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_server_packet_t;
+	')
+
+	allow $1 sype_transport_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_sype_transport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send sype_transport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_sype_transport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_sype_transport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_server_packet_t;
+	')
+
+	dontaudit $1 sype_transport_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_sype_transport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive sype_transport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_sype_transport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_sype_transport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_server_packet_t;
+	')
+
+	allow $1 sype_transport_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_sype_transport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive sype_transport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_sype_transport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_sype_transport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_server_packet_t;
+	')
+
+	dontaudit $1 sype_transport_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_sype_transport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive sype_transport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_sype_transport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_sype_transport_server_packets'($*)) dnl
+	
+	corenet_send_sype_transport_server_packets($1)
+	corenet_receive_sype_transport_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_sype_transport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive sype_transport_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_sype_transport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_sype_transport_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_sype_transport_server_packets($1)
+	corenet_dontaudit_receive_sype_transport_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_sype_transport_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to sype_transport_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_sype_transport_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_sype_transport_server_packets'($*)) dnl
+	
+	gen_require(`
+		type sype_transport_server_packet_t;
+	')
+
+	allow $1 sype_transport_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_sype_transport_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_syslogd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_syslogd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_syslogd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_syslogd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_syslogd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_syslogd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_syslogd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_syslogd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_syslogd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_syslogd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_syslogd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_syslogd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_syslogd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_syslogd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_syslogd_port'($*)) dnl
+	
+	gen_require(`
+		type syslogd_port_t;
+	')
+
+	allow $1 syslogd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_syslogd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_syslogd_port'($*)) dnl
+	
+	gen_require(`
+		type syslogd_port_t;
+	')
+
+	allow $1 syslogd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_syslogd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the syslogd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_syslogd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_syslogd_port'($*)) dnl
+	
+	gen_require(`
+		type syslogd_port_t;
+	')
+
+	allow $1 syslogd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_syslogd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syslogd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syslogd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syslogd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_client_packet_t;
+	')
+
+	allow $1 syslogd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syslogd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syslogd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syslogd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syslogd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_client_packet_t;
+	')
+
+	dontaudit $1 syslogd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syslogd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syslogd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syslogd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syslogd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_client_packet_t;
+	')
+
+	allow $1 syslogd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syslogd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syslogd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syslogd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syslogd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_client_packet_t;
+	')
+
+	dontaudit $1 syslogd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syslogd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syslogd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syslogd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syslogd_client_packets'($*)) dnl
+	
+	corenet_send_syslogd_client_packets($1)
+	corenet_receive_syslogd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syslogd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syslogd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syslogd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syslogd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syslogd_client_packets($1)
+	corenet_dontaudit_receive_syslogd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syslogd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syslogd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syslogd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syslogd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_client_packet_t;
+	')
+
+	allow $1 syslogd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syslogd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syslogd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syslogd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syslogd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_server_packet_t;
+	')
+
+	allow $1 syslogd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syslogd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syslogd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syslogd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syslogd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_server_packet_t;
+	')
+
+	dontaudit $1 syslogd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syslogd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syslogd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syslogd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syslogd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_server_packet_t;
+	')
+
+	allow $1 syslogd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syslogd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syslogd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syslogd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syslogd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_server_packet_t;
+	')
+
+	dontaudit $1 syslogd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syslogd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syslogd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syslogd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syslogd_server_packets'($*)) dnl
+	
+	corenet_send_syslogd_server_packets($1)
+	corenet_receive_syslogd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syslogd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syslogd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syslogd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syslogd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syslogd_server_packets($1)
+	corenet_dontaudit_receive_syslogd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syslogd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syslogd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syslogd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syslogd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_server_packet_t;
+	')
+
+	allow $1 syslogd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syslogd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_syslog_tls_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_syslog_tls_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_syslog_tls_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_syslog_tls_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_syslog_tls_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_syslog_tls_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_syslog_tls_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_syslog_tls_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_syslog_tls_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_syslog_tls_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_syslog_tls_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_syslog_tls_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_syslog_tls_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_syslog_tls_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_syslog_tls_port'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_port_t;
+	')
+
+	allow $1 syslog_tls_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_syslog_tls_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_syslog_tls_port'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_port_t;
+	')
+
+	allow $1 syslog_tls_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_syslog_tls_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the syslog_tls port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_syslog_tls_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_syslog_tls_port'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_port_t;
+	')
+
+	allow $1 syslog_tls_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_syslog_tls_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syslog_tls_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syslog_tls_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syslog_tls_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_client_packet_t;
+	')
+
+	allow $1 syslog_tls_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syslog_tls_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syslog_tls_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syslog_tls_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syslog_tls_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_client_packet_t;
+	')
+
+	dontaudit $1 syslog_tls_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syslog_tls_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syslog_tls_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syslog_tls_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syslog_tls_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_client_packet_t;
+	')
+
+	allow $1 syslog_tls_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syslog_tls_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syslog_tls_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syslog_tls_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syslog_tls_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_client_packet_t;
+	')
+
+	dontaudit $1 syslog_tls_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syslog_tls_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syslog_tls_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syslog_tls_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syslog_tls_client_packets'($*)) dnl
+	
+	corenet_send_syslog_tls_client_packets($1)
+	corenet_receive_syslog_tls_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syslog_tls_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syslog_tls_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syslog_tls_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syslog_tls_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syslog_tls_client_packets($1)
+	corenet_dontaudit_receive_syslog_tls_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syslog_tls_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syslog_tls_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syslog_tls_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syslog_tls_client_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_client_packet_t;
+	')
+
+	allow $1 syslog_tls_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syslog_tls_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send syslog_tls_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_syslog_tls_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_syslog_tls_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_server_packet_t;
+	')
+
+	allow $1 syslog_tls_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_syslog_tls_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send syslog_tls_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_syslog_tls_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_syslog_tls_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_server_packet_t;
+	')
+
+	dontaudit $1 syslog_tls_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_syslog_tls_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive syslog_tls_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_syslog_tls_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_syslog_tls_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_server_packet_t;
+	')
+
+	allow $1 syslog_tls_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_syslog_tls_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive syslog_tls_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_syslog_tls_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_syslog_tls_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_server_packet_t;
+	')
+
+	dontaudit $1 syslog_tls_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_syslog_tls_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive syslog_tls_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_syslog_tls_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_syslog_tls_server_packets'($*)) dnl
+	
+	corenet_send_syslog_tls_server_packets($1)
+	corenet_receive_syslog_tls_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_syslog_tls_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive syslog_tls_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_syslog_tls_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_syslog_tls_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_syslog_tls_server_packets($1)
+	corenet_dontaudit_receive_syslog_tls_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_syslog_tls_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to syslog_tls_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_syslog_tls_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_syslog_tls_server_packets'($*)) dnl
+	
+	gen_require(`
+		type syslog_tls_server_packet_t;
+	')
+
+	allow $1 syslog_tls_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_syslog_tls_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_tcs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_tcs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_tcs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_tcs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_tcs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_tcs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_tcs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_tcs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_tcs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_tcs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_tcs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_tcs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_tcs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_tcs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_tcs_port'($*)) dnl
+	
+	gen_require(`
+		type tcs_port_t;
+	')
+
+	allow $1 tcs_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_tcs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_tcs_port'($*)) dnl
+	
+	gen_require(`
+		type tcs_port_t;
+	')
+
+	allow $1 tcs_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_tcs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the tcs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_tcs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_tcs_port'($*)) dnl
+	
+	gen_require(`
+		type tcs_port_t;
+	')
+
+	allow $1 tcs_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_tcs_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send tcs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_tcs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_tcs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_client_packet_t;
+	')
+
+	allow $1 tcs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_tcs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send tcs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_tcs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_tcs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_client_packet_t;
+	')
+
+	dontaudit $1 tcs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_tcs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive tcs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_tcs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_tcs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_client_packet_t;
+	')
+
+	allow $1 tcs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_tcs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive tcs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_tcs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_tcs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_client_packet_t;
+	')
+
+	dontaudit $1 tcs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_tcs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive tcs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_tcs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_tcs_client_packets'($*)) dnl
+	
+	corenet_send_tcs_client_packets($1)
+	corenet_receive_tcs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_tcs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive tcs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_tcs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_tcs_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_tcs_client_packets($1)
+	corenet_dontaudit_receive_tcs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_tcs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to tcs_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_tcs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_tcs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_client_packet_t;
+	')
+
+	allow $1 tcs_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_tcs_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send tcs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_tcs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_tcs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_server_packet_t;
+	')
+
+	allow $1 tcs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_tcs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send tcs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_tcs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_tcs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_server_packet_t;
+	')
+
+	dontaudit $1 tcs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_tcs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive tcs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_tcs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_tcs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_server_packet_t;
+	')
+
+	allow $1 tcs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_tcs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive tcs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_tcs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_tcs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_server_packet_t;
+	')
+
+	dontaudit $1 tcs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_tcs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive tcs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_tcs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_tcs_server_packets'($*)) dnl
+	
+	corenet_send_tcs_server_packets($1)
+	corenet_receive_tcs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_tcs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive tcs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_tcs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_tcs_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_tcs_server_packets($1)
+	corenet_dontaudit_receive_tcs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_tcs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to tcs_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_tcs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_tcs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tcs_server_packet_t;
+	')
+
+	allow $1 tcs_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_tcs_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_telnetd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_telnetd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_telnetd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_telnetd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_telnetd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_telnetd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_telnetd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_telnetd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_telnetd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_telnetd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_telnetd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_telnetd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_telnetd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_telnetd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_telnetd_port'($*)) dnl
+	
+	gen_require(`
+		type telnetd_port_t;
+	')
+
+	allow $1 telnetd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_telnetd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_telnetd_port'($*)) dnl
+	
+	gen_require(`
+		type telnetd_port_t;
+	')
+
+	allow $1 telnetd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_telnetd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the telnetd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_telnetd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_telnetd_port'($*)) dnl
+	
+	gen_require(`
+		type telnetd_port_t;
+	')
+
+	allow $1 telnetd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_telnetd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send telnetd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_telnetd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_telnetd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_client_packet_t;
+	')
+
+	allow $1 telnetd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_telnetd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send telnetd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_telnetd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_telnetd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_client_packet_t;
+	')
+
+	dontaudit $1 telnetd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_telnetd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive telnetd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_telnetd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_telnetd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_client_packet_t;
+	')
+
+	allow $1 telnetd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_telnetd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive telnetd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_telnetd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_telnetd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_client_packet_t;
+	')
+
+	dontaudit $1 telnetd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_telnetd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive telnetd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_telnetd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_telnetd_client_packets'($*)) dnl
+	
+	corenet_send_telnetd_client_packets($1)
+	corenet_receive_telnetd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_telnetd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive telnetd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_telnetd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_telnetd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_telnetd_client_packets($1)
+	corenet_dontaudit_receive_telnetd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_telnetd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to telnetd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_telnetd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_telnetd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_client_packet_t;
+	')
+
+	allow $1 telnetd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_telnetd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send telnetd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_telnetd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_telnetd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_server_packet_t;
+	')
+
+	allow $1 telnetd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_telnetd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send telnetd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_telnetd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_telnetd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_server_packet_t;
+	')
+
+	dontaudit $1 telnetd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_telnetd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive telnetd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_telnetd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_telnetd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_server_packet_t;
+	')
+
+	allow $1 telnetd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_telnetd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive telnetd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_telnetd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_telnetd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_server_packet_t;
+	')
+
+	dontaudit $1 telnetd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_telnetd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive telnetd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_telnetd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_telnetd_server_packets'($*)) dnl
+	
+	corenet_send_telnetd_server_packets($1)
+	corenet_receive_telnetd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_telnetd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive telnetd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_telnetd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_telnetd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_telnetd_server_packets($1)
+	corenet_dontaudit_receive_telnetd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_telnetd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to telnetd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_telnetd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_telnetd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type telnetd_server_packet_t;
+	')
+
+	allow $1 telnetd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_telnetd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_tftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_tftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_tftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_tftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_tftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_tftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_tftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_tftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_tftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_tftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_tftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_tftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_tftp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_tftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_tftp_port'($*)) dnl
+	
+	gen_require(`
+		type tftp_port_t;
+	')
+
+	allow $1 tftp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_tftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_tftp_port'($*)) dnl
+	
+	gen_require(`
+		type tftp_port_t;
+	')
+
+	allow $1 tftp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_tftp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the tftp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_tftp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_tftp_port'($*)) dnl
+	
+	gen_require(`
+		type tftp_port_t;
+	')
+
+	allow $1 tftp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_tftp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send tftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_tftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_tftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_client_packet_t;
+	')
+
+	allow $1 tftp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_tftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send tftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_tftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_tftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_client_packet_t;
+	')
+
+	dontaudit $1 tftp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_tftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive tftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_tftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_tftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_client_packet_t;
+	')
+
+	allow $1 tftp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_tftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive tftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_tftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_tftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_client_packet_t;
+	')
+
+	dontaudit $1 tftp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_tftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive tftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_tftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_tftp_client_packets'($*)) dnl
+	
+	corenet_send_tftp_client_packets($1)
+	corenet_receive_tftp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_tftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive tftp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_tftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_tftp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_tftp_client_packets($1)
+	corenet_dontaudit_receive_tftp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_tftp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to tftp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_tftp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_tftp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_client_packet_t;
+	')
+
+	allow $1 tftp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_tftp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send tftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_tftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_tftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_server_packet_t;
+	')
+
+	allow $1 tftp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_tftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send tftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_tftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_tftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_server_packet_t;
+	')
+
+	dontaudit $1 tftp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_tftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive tftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_tftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_tftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_server_packet_t;
+	')
+
+	allow $1 tftp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_tftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive tftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_tftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_tftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_server_packet_t;
+	')
+
+	dontaudit $1 tftp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_tftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive tftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_tftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_tftp_server_packets'($*)) dnl
+	
+	corenet_send_tftp_server_packets($1)
+	corenet_receive_tftp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_tftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive tftp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_tftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_tftp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_tftp_server_packets($1)
+	corenet_dontaudit_receive_tftp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_tftp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to tftp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_tftp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_tftp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tftp_server_packet_t;
+	')
+
+	allow $1 tftp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_tftp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_tor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_tor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_tor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_tor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_tor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_tor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_tor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_tor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_tor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_tor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_tor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_tor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_tor_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_tor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_tor_port'($*)) dnl
+	
+	gen_require(`
+		type tor_port_t;
+	')
+
+	allow $1 tor_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_tor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_tor_port'($*)) dnl
+	
+	gen_require(`
+		type tor_port_t;
+	')
+
+	allow $1 tor_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_tor_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the tor port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_tor_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_tor_port'($*)) dnl
+	
+	gen_require(`
+		type tor_port_t;
+	')
+
+	allow $1 tor_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_tor_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send tor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_tor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_tor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_client_packet_t;
+	')
+
+	allow $1 tor_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_tor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send tor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_tor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_tor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_client_packet_t;
+	')
+
+	dontaudit $1 tor_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_tor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive tor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_tor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_tor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_client_packet_t;
+	')
+
+	allow $1 tor_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_tor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive tor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_tor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_tor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_client_packet_t;
+	')
+
+	dontaudit $1 tor_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_tor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive tor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_tor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_tor_client_packets'($*)) dnl
+	
+	corenet_send_tor_client_packets($1)
+	corenet_receive_tor_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_tor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive tor_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_tor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_tor_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_tor_client_packets($1)
+	corenet_dontaudit_receive_tor_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_tor_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to tor_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_tor_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_tor_client_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_client_packet_t;
+	')
+
+	allow $1 tor_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_tor_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send tor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_tor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_tor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_server_packet_t;
+	')
+
+	allow $1 tor_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_tor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send tor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_tor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_tor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_server_packet_t;
+	')
+
+	dontaudit $1 tor_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_tor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive tor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_tor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_tor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_server_packet_t;
+	')
+
+	allow $1 tor_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_tor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive tor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_tor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_tor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_server_packet_t;
+	')
+
+	dontaudit $1 tor_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_tor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive tor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_tor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_tor_server_packets'($*)) dnl
+	
+	corenet_send_tor_server_packets($1)
+	corenet_receive_tor_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_tor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive tor_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_tor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_tor_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_tor_server_packets($1)
+	corenet_dontaudit_receive_tor_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_tor_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to tor_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_tor_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_tor_server_packets'($*)) dnl
+	
+	gen_require(`
+		type tor_server_packet_t;
+	')
+
+	allow $1 tor_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_tor_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_traceroute_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_traceroute_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_traceroute_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_traceroute_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_traceroute_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_traceroute_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_traceroute_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_traceroute_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_traceroute_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_traceroute_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_traceroute_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_traceroute_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_traceroute_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_traceroute_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_traceroute_port'($*)) dnl
+	
+	gen_require(`
+		type traceroute_port_t;
+	')
+
+	allow $1 traceroute_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_traceroute_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_traceroute_port'($*)) dnl
+	
+	gen_require(`
+		type traceroute_port_t;
+	')
+
+	allow $1 traceroute_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_traceroute_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the traceroute port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_traceroute_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_traceroute_port'($*)) dnl
+	
+	gen_require(`
+		type traceroute_port_t;
+	')
+
+	allow $1 traceroute_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_traceroute_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send traceroute_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_traceroute_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_traceroute_client_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_client_packet_t;
+	')
+
+	allow $1 traceroute_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_traceroute_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send traceroute_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_traceroute_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_traceroute_client_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_client_packet_t;
+	')
+
+	dontaudit $1 traceroute_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_traceroute_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive traceroute_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_traceroute_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_traceroute_client_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_client_packet_t;
+	')
+
+	allow $1 traceroute_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_traceroute_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive traceroute_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_traceroute_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_traceroute_client_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_client_packet_t;
+	')
+
+	dontaudit $1 traceroute_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_traceroute_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive traceroute_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_traceroute_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_traceroute_client_packets'($*)) dnl
+	
+	corenet_send_traceroute_client_packets($1)
+	corenet_receive_traceroute_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_traceroute_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive traceroute_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_traceroute_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_traceroute_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_traceroute_client_packets($1)
+	corenet_dontaudit_receive_traceroute_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_traceroute_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to traceroute_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_traceroute_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_traceroute_client_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_client_packet_t;
+	')
+
+	allow $1 traceroute_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_traceroute_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send traceroute_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_traceroute_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_traceroute_server_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_server_packet_t;
+	')
+
+	allow $1 traceroute_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_traceroute_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send traceroute_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_traceroute_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_traceroute_server_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_server_packet_t;
+	')
+
+	dontaudit $1 traceroute_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_traceroute_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive traceroute_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_traceroute_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_traceroute_server_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_server_packet_t;
+	')
+
+	allow $1 traceroute_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_traceroute_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive traceroute_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_traceroute_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_traceroute_server_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_server_packet_t;
+	')
+
+	dontaudit $1 traceroute_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_traceroute_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive traceroute_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_traceroute_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_traceroute_server_packets'($*)) dnl
+	
+	corenet_send_traceroute_server_packets($1)
+	corenet_receive_traceroute_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_traceroute_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive traceroute_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_traceroute_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_traceroute_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_traceroute_server_packets($1)
+	corenet_dontaudit_receive_traceroute_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_traceroute_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to traceroute_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_traceroute_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_traceroute_server_packets'($*)) dnl
+	
+	gen_require(`
+		type traceroute_server_packet_t;
+	')
+
+	allow $1 traceroute_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_traceroute_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_transproxy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_transproxy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_transproxy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_transproxy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_transproxy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_transproxy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_transproxy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_transproxy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_transproxy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_transproxy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_transproxy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_transproxy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_transproxy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_transproxy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_transproxy_port'($*)) dnl
+	
+	gen_require(`
+		type transproxy_port_t;
+	')
+
+	allow $1 transproxy_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_transproxy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_transproxy_port'($*)) dnl
+	
+	gen_require(`
+		type transproxy_port_t;
+	')
+
+	allow $1 transproxy_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_transproxy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the transproxy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_transproxy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_transproxy_port'($*)) dnl
+	
+	gen_require(`
+		type transproxy_port_t;
+	')
+
+	allow $1 transproxy_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_transproxy_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send transproxy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_transproxy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_transproxy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_client_packet_t;
+	')
+
+	allow $1 transproxy_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_transproxy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send transproxy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_transproxy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_transproxy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_client_packet_t;
+	')
+
+	dontaudit $1 transproxy_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_transproxy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive transproxy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_transproxy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_transproxy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_client_packet_t;
+	')
+
+	allow $1 transproxy_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_transproxy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive transproxy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_transproxy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_transproxy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_client_packet_t;
+	')
+
+	dontaudit $1 transproxy_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_transproxy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive transproxy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_transproxy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_transproxy_client_packets'($*)) dnl
+	
+	corenet_send_transproxy_client_packets($1)
+	corenet_receive_transproxy_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_transproxy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive transproxy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_transproxy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_transproxy_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_transproxy_client_packets($1)
+	corenet_dontaudit_receive_transproxy_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_transproxy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to transproxy_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_transproxy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_transproxy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_client_packet_t;
+	')
+
+	allow $1 transproxy_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_transproxy_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send transproxy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_transproxy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_transproxy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_server_packet_t;
+	')
+
+	allow $1 transproxy_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_transproxy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send transproxy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_transproxy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_transproxy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_server_packet_t;
+	')
+
+	dontaudit $1 transproxy_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_transproxy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive transproxy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_transproxy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_transproxy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_server_packet_t;
+	')
+
+	allow $1 transproxy_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_transproxy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive transproxy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_transproxy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_transproxy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_server_packet_t;
+	')
+
+	dontaudit $1 transproxy_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_transproxy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive transproxy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_transproxy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_transproxy_server_packets'($*)) dnl
+	
+	corenet_send_transproxy_server_packets($1)
+	corenet_receive_transproxy_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_transproxy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive transproxy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_transproxy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_transproxy_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_transproxy_server_packets($1)
+	corenet_dontaudit_receive_transproxy_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_transproxy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to transproxy_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_transproxy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_transproxy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type transproxy_server_packet_t;
+	')
+
+	allow $1 transproxy_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_transproxy_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_trisoap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_trisoap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_trisoap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_trisoap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_trisoap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_trisoap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_trisoap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_trisoap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_trisoap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_trisoap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_trisoap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_trisoap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_trisoap_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_trisoap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_trisoap_port'($*)) dnl
+	
+	gen_require(`
+		type trisoap_port_t;
+	')
+
+	allow $1 trisoap_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_trisoap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_trisoap_port'($*)) dnl
+	
+	gen_require(`
+		type trisoap_port_t;
+	')
+
+	allow $1 trisoap_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_trisoap_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the trisoap port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_trisoap_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_trisoap_port'($*)) dnl
+	
+	gen_require(`
+		type trisoap_port_t;
+	')
+
+	allow $1 trisoap_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_trisoap_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send trisoap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_trisoap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_trisoap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_client_packet_t;
+	')
+
+	allow $1 trisoap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_trisoap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send trisoap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_trisoap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_trisoap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_client_packet_t;
+	')
+
+	dontaudit $1 trisoap_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_trisoap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive trisoap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_trisoap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_trisoap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_client_packet_t;
+	')
+
+	allow $1 trisoap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_trisoap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive trisoap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_trisoap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_trisoap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_client_packet_t;
+	')
+
+	dontaudit $1 trisoap_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_trisoap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive trisoap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_trisoap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_trisoap_client_packets'($*)) dnl
+	
+	corenet_send_trisoap_client_packets($1)
+	corenet_receive_trisoap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_trisoap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive trisoap_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_trisoap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_trisoap_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_trisoap_client_packets($1)
+	corenet_dontaudit_receive_trisoap_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_trisoap_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to trisoap_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_trisoap_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_trisoap_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_client_packet_t;
+	')
+
+	allow $1 trisoap_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_trisoap_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send trisoap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_trisoap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_trisoap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_server_packet_t;
+	')
+
+	allow $1 trisoap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_trisoap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send trisoap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_trisoap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_trisoap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_server_packet_t;
+	')
+
+	dontaudit $1 trisoap_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_trisoap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive trisoap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_trisoap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_trisoap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_server_packet_t;
+	')
+
+	allow $1 trisoap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_trisoap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive trisoap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_trisoap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_trisoap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_server_packet_t;
+	')
+
+	dontaudit $1 trisoap_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_trisoap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive trisoap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_trisoap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_trisoap_server_packets'($*)) dnl
+	
+	corenet_send_trisoap_server_packets($1)
+	corenet_receive_trisoap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_trisoap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive trisoap_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_trisoap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_trisoap_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_trisoap_server_packets($1)
+	corenet_dontaudit_receive_trisoap_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_trisoap_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to trisoap_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_trisoap_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_trisoap_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trisoap_server_packet_t;
+	')
+
+	allow $1 trisoap_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_trisoap_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_trivnet1_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_trivnet1_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_trivnet1_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_trivnet1_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_trivnet1_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_trivnet1_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_trivnet1_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_trivnet1_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_trivnet1_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_trivnet1_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_trivnet1_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_trivnet1_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_trivnet1_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_trivnet1_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_trivnet1_port'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_port_t;
+	')
+
+	allow $1 trivnet1_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_trivnet1_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_trivnet1_port'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_port_t;
+	')
+
+	allow $1 trivnet1_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_trivnet1_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the trivnet1 port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_trivnet1_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_trivnet1_port'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_port_t;
+	')
+
+	allow $1 trivnet1_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_trivnet1_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send trivnet1_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_trivnet1_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_trivnet1_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_client_packet_t;
+	')
+
+	allow $1 trivnet1_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_trivnet1_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send trivnet1_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_trivnet1_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_trivnet1_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_client_packet_t;
+	')
+
+	dontaudit $1 trivnet1_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_trivnet1_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive trivnet1_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_trivnet1_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_trivnet1_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_client_packet_t;
+	')
+
+	allow $1 trivnet1_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_trivnet1_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive trivnet1_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_trivnet1_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_trivnet1_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_client_packet_t;
+	')
+
+	dontaudit $1 trivnet1_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_trivnet1_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive trivnet1_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_trivnet1_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_trivnet1_client_packets'($*)) dnl
+	
+	corenet_send_trivnet1_client_packets($1)
+	corenet_receive_trivnet1_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_trivnet1_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive trivnet1_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_trivnet1_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_trivnet1_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_trivnet1_client_packets($1)
+	corenet_dontaudit_receive_trivnet1_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_trivnet1_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to trivnet1_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_trivnet1_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_trivnet1_client_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_client_packet_t;
+	')
+
+	allow $1 trivnet1_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_trivnet1_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send trivnet1_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_trivnet1_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_trivnet1_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_server_packet_t;
+	')
+
+	allow $1 trivnet1_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_trivnet1_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send trivnet1_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_trivnet1_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_trivnet1_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_server_packet_t;
+	')
+
+	dontaudit $1 trivnet1_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_trivnet1_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive trivnet1_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_trivnet1_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_trivnet1_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_server_packet_t;
+	')
+
+	allow $1 trivnet1_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_trivnet1_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive trivnet1_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_trivnet1_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_trivnet1_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_server_packet_t;
+	')
+
+	dontaudit $1 trivnet1_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_trivnet1_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive trivnet1_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_trivnet1_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_trivnet1_server_packets'($*)) dnl
+	
+	corenet_send_trivnet1_server_packets($1)
+	corenet_receive_trivnet1_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_trivnet1_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive trivnet1_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_trivnet1_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_trivnet1_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_trivnet1_server_packets($1)
+	corenet_dontaudit_receive_trivnet1_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_trivnet1_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to trivnet1_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_trivnet1_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_trivnet1_server_packets'($*)) dnl
+	
+	gen_require(`
+		type trivnet1_server_packet_t;
+	')
+
+	allow $1 trivnet1_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_trivnet1_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_ups_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_ups_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_ups_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_ups_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_ups_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_ups_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_ups_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_ups_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_ups_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_ups_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_ups_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_ups_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_ups_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_ups_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_ups_port'($*)) dnl
+	
+	gen_require(`
+		type ups_port_t;
+	')
+
+	allow $1 ups_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_ups_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_ups_port'($*)) dnl
+	
+	gen_require(`
+		type ups_port_t;
+	')
+
+	allow $1 ups_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_ups_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the ups port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_ups_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_ups_port'($*)) dnl
+	
+	gen_require(`
+		type ups_port_t;
+	')
+
+	allow $1 ups_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_ups_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ups_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ups_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ups_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_client_packet_t;
+	')
+
+	allow $1 ups_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ups_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ups_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ups_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ups_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_client_packet_t;
+	')
+
+	dontaudit $1 ups_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ups_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ups_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ups_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ups_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_client_packet_t;
+	')
+
+	allow $1 ups_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ups_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ups_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ups_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ups_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_client_packet_t;
+	')
+
+	dontaudit $1 ups_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ups_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ups_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ups_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ups_client_packets'($*)) dnl
+	
+	corenet_send_ups_client_packets($1)
+	corenet_receive_ups_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ups_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ups_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ups_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ups_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ups_client_packets($1)
+	corenet_dontaudit_receive_ups_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ups_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ups_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ups_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ups_client_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_client_packet_t;
+	')
+
+	allow $1 ups_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ups_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send ups_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_ups_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_ups_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_server_packet_t;
+	')
+
+	allow $1 ups_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_ups_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send ups_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_ups_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_ups_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_server_packet_t;
+	')
+
+	dontaudit $1 ups_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_ups_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive ups_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_ups_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_ups_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_server_packet_t;
+	')
+
+	allow $1 ups_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_ups_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive ups_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_ups_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_ups_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_server_packet_t;
+	')
+
+	dontaudit $1 ups_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_ups_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive ups_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_ups_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_ups_server_packets'($*)) dnl
+	
+	corenet_send_ups_server_packets($1)
+	corenet_receive_ups_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_ups_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive ups_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_ups_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_ups_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_ups_server_packets($1)
+	corenet_dontaudit_receive_ups_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_ups_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to ups_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_ups_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_ups_server_packets'($*)) dnl
+	
+	gen_require(`
+		type ups_server_packet_t;
+	')
+
+	allow $1 ups_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_ups_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_utcpserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_utcpserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_utcpserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_utcpserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_utcpserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_utcpserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_utcpserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_utcpserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_utcpserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_utcpserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_utcpserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_utcpserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_utcpserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_utcpserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_utcpserver_port'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_port_t;
+	')
+
+	allow $1 utcpserver_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_utcpserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_utcpserver_port'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_port_t;
+	')
+
+	allow $1 utcpserver_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_utcpserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the utcpserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_utcpserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_utcpserver_port'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_port_t;
+	')
+
+	allow $1 utcpserver_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_utcpserver_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send utcpserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_utcpserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_utcpserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_client_packet_t;
+	')
+
+	allow $1 utcpserver_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_utcpserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send utcpserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_utcpserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_utcpserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_client_packet_t;
+	')
+
+	dontaudit $1 utcpserver_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_utcpserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive utcpserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_utcpserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_utcpserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_client_packet_t;
+	')
+
+	allow $1 utcpserver_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_utcpserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive utcpserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_utcpserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_utcpserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_client_packet_t;
+	')
+
+	dontaudit $1 utcpserver_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_utcpserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive utcpserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_utcpserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_utcpserver_client_packets'($*)) dnl
+	
+	corenet_send_utcpserver_client_packets($1)
+	corenet_receive_utcpserver_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_utcpserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive utcpserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_utcpserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_utcpserver_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_utcpserver_client_packets($1)
+	corenet_dontaudit_receive_utcpserver_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_utcpserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to utcpserver_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_utcpserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_utcpserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_client_packet_t;
+	')
+
+	allow $1 utcpserver_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_utcpserver_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send utcpserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_utcpserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_utcpserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_server_packet_t;
+	')
+
+	allow $1 utcpserver_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_utcpserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send utcpserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_utcpserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_utcpserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_server_packet_t;
+	')
+
+	dontaudit $1 utcpserver_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_utcpserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive utcpserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_utcpserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_utcpserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_server_packet_t;
+	')
+
+	allow $1 utcpserver_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_utcpserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive utcpserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_utcpserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_utcpserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_server_packet_t;
+	')
+
+	dontaudit $1 utcpserver_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_utcpserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive utcpserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_utcpserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_utcpserver_server_packets'($*)) dnl
+	
+	corenet_send_utcpserver_server_packets($1)
+	corenet_receive_utcpserver_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_utcpserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive utcpserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_utcpserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_utcpserver_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_utcpserver_server_packets($1)
+	corenet_dontaudit_receive_utcpserver_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_utcpserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to utcpserver_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_utcpserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_utcpserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type utcpserver_server_packet_t;
+	')
+
+	allow $1 utcpserver_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_utcpserver_server_packets'($*)) dnl
+	')
+
+
+ # no defined portcon
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_uucpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_uucpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_uucpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_uucpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_uucpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_uucpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_uucpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_uucpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_uucpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_uucpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_uucpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_uucpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_uucpd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_uucpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_uucpd_port'($*)) dnl
+	
+	gen_require(`
+		type uucpd_port_t;
+	')
+
+	allow $1 uucpd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_uucpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_uucpd_port'($*)) dnl
+	
+	gen_require(`
+		type uucpd_port_t;
+	')
+
+	allow $1 uucpd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_uucpd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the uucpd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_uucpd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_uucpd_port'($*)) dnl
+	
+	gen_require(`
+		type uucpd_port_t;
+	')
+
+	allow $1 uucpd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_uucpd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send uucpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_uucpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_uucpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_client_packet_t;
+	')
+
+	allow $1 uucpd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_uucpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send uucpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_uucpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_uucpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_client_packet_t;
+	')
+
+	dontaudit $1 uucpd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_uucpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive uucpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_uucpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_uucpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_client_packet_t;
+	')
+
+	allow $1 uucpd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_uucpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive uucpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_uucpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_uucpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_client_packet_t;
+	')
+
+	dontaudit $1 uucpd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_uucpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive uucpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_uucpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_uucpd_client_packets'($*)) dnl
+	
+	corenet_send_uucpd_client_packets($1)
+	corenet_receive_uucpd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_uucpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive uucpd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_uucpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_uucpd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_uucpd_client_packets($1)
+	corenet_dontaudit_receive_uucpd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_uucpd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to uucpd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_uucpd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_uucpd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_client_packet_t;
+	')
+
+	allow $1 uucpd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_uucpd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send uucpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_uucpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_uucpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_server_packet_t;
+	')
+
+	allow $1 uucpd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_uucpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send uucpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_uucpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_uucpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_server_packet_t;
+	')
+
+	dontaudit $1 uucpd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_uucpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive uucpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_uucpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_uucpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_server_packet_t;
+	')
+
+	allow $1 uucpd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_uucpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive uucpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_uucpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_uucpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_server_packet_t;
+	')
+
+	dontaudit $1 uucpd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_uucpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive uucpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_uucpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_uucpd_server_packets'($*)) dnl
+	
+	corenet_send_uucpd_server_packets($1)
+	corenet_receive_uucpd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_uucpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive uucpd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_uucpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_uucpd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_uucpd_server_packets($1)
+	corenet_dontaudit_receive_uucpd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_uucpd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to uucpd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_uucpd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_uucpd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type uucpd_server_packet_t;
+	')
+
+	allow $1 uucpd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_uucpd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_varnishd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_varnishd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_varnishd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_varnishd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_varnishd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_varnishd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_varnishd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_varnishd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_varnishd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_varnishd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_varnishd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_varnishd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_varnishd_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_varnishd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_varnishd_port'($*)) dnl
+	
+	gen_require(`
+		type varnishd_port_t;
+	')
+
+	allow $1 varnishd_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_varnishd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_varnishd_port'($*)) dnl
+	
+	gen_require(`
+		type varnishd_port_t;
+	')
+
+	allow $1 varnishd_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_varnishd_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the varnishd port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_varnishd_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_varnishd_port'($*)) dnl
+	
+	gen_require(`
+		type varnishd_port_t;
+	')
+
+	allow $1 varnishd_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_varnishd_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send varnishd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_varnishd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_varnishd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_client_packet_t;
+	')
+
+	allow $1 varnishd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_varnishd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send varnishd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_varnishd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_varnishd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_client_packet_t;
+	')
+
+	dontaudit $1 varnishd_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_varnishd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive varnishd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_varnishd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_varnishd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_client_packet_t;
+	')
+
+	allow $1 varnishd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_varnishd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive varnishd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_varnishd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_varnishd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_client_packet_t;
+	')
+
+	dontaudit $1 varnishd_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_varnishd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive varnishd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_varnishd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_varnishd_client_packets'($*)) dnl
+	
+	corenet_send_varnishd_client_packets($1)
+	corenet_receive_varnishd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_varnishd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive varnishd_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_varnishd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_varnishd_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_varnishd_client_packets($1)
+	corenet_dontaudit_receive_varnishd_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_varnishd_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to varnishd_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_varnishd_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_varnishd_client_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_client_packet_t;
+	')
+
+	allow $1 varnishd_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_varnishd_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send varnishd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_varnishd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_varnishd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_server_packet_t;
+	')
+
+	allow $1 varnishd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_varnishd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send varnishd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_varnishd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_varnishd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_server_packet_t;
+	')
+
+	dontaudit $1 varnishd_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_varnishd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive varnishd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_varnishd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_varnishd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_server_packet_t;
+	')
+
+	allow $1 varnishd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_varnishd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive varnishd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_varnishd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_varnishd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_server_packet_t;
+	')
+
+	dontaudit $1 varnishd_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_varnishd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive varnishd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_varnishd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_varnishd_server_packets'($*)) dnl
+	
+	corenet_send_varnishd_server_packets($1)
+	corenet_receive_varnishd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_varnishd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive varnishd_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_varnishd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_varnishd_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_varnishd_server_packets($1)
+	corenet_dontaudit_receive_varnishd_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_varnishd_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to varnishd_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_varnishd_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_varnishd_server_packets'($*)) dnl
+	
+	gen_require(`
+		type varnishd_server_packet_t;
+	')
+
+	allow $1 varnishd_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_varnishd_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_virt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_virt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_virt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_virt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_virt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_virt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_virt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_virt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_virt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_virt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_virt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_virt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_virt_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_virt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_virt_port'($*)) dnl
+	
+	gen_require(`
+		type virt_port_t;
+	')
+
+	allow $1 virt_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_virt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_virt_port'($*)) dnl
+	
+	gen_require(`
+		type virt_port_t;
+	')
+
+	allow $1 virt_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_virt_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the virt port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_virt_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_virt_port'($*)) dnl
+	
+	gen_require(`
+		type virt_port_t;
+	')
+
+	allow $1 virt_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_virt_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send virt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_virt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_virt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_client_packet_t;
+	')
+
+	allow $1 virt_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_virt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send virt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_virt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_virt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_client_packet_t;
+	')
+
+	dontaudit $1 virt_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_virt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive virt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_virt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_virt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_client_packet_t;
+	')
+
+	allow $1 virt_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_virt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive virt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_virt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_virt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_client_packet_t;
+	')
+
+	dontaudit $1 virt_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_virt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive virt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_virt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_virt_client_packets'($*)) dnl
+	
+	corenet_send_virt_client_packets($1)
+	corenet_receive_virt_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_virt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive virt_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_virt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_virt_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_virt_client_packets($1)
+	corenet_dontaudit_receive_virt_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_virt_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to virt_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_virt_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_virt_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_client_packet_t;
+	')
+
+	allow $1 virt_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_virt_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send virt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_virt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_virt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_server_packet_t;
+	')
+
+	allow $1 virt_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_virt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send virt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_virt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_virt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_server_packet_t;
+	')
+
+	dontaudit $1 virt_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_virt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive virt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_virt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_virt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_server_packet_t;
+	')
+
+	allow $1 virt_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_virt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive virt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_virt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_virt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_server_packet_t;
+	')
+
+	dontaudit $1 virt_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_virt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive virt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_virt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_virt_server_packets'($*)) dnl
+	
+	corenet_send_virt_server_packets($1)
+	corenet_receive_virt_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_virt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive virt_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_virt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_virt_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_virt_server_packets($1)
+	corenet_dontaudit_receive_virt_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_virt_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to virt_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_virt_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_virt_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_server_packet_t;
+	')
+
+	allow $1 virt_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_virt_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_virtual_places_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_virtual_places_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_virtual_places_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_virtual_places_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_virtual_places_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_virtual_places_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_virtual_places_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_virtual_places_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_virtual_places_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_virtual_places_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_virtual_places_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_virtual_places_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_virtual_places_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_virtual_places_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_virtual_places_port'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_port_t;
+	')
+
+	allow $1 virtual_places_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_virtual_places_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_virtual_places_port'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_port_t;
+	')
+
+	allow $1 virtual_places_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_virtual_places_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the virtual_places port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_virtual_places_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_virtual_places_port'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_port_t;
+	')
+
+	allow $1 virtual_places_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_virtual_places_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send virtual_places_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_virtual_places_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_virtual_places_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_client_packet_t;
+	')
+
+	allow $1 virtual_places_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_virtual_places_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send virtual_places_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_virtual_places_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_virtual_places_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_client_packet_t;
+	')
+
+	dontaudit $1 virtual_places_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_virtual_places_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive virtual_places_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_virtual_places_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_virtual_places_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_client_packet_t;
+	')
+
+	allow $1 virtual_places_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_virtual_places_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive virtual_places_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_virtual_places_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_virtual_places_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_client_packet_t;
+	')
+
+	dontaudit $1 virtual_places_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_virtual_places_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive virtual_places_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_virtual_places_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_virtual_places_client_packets'($*)) dnl
+	
+	corenet_send_virtual_places_client_packets($1)
+	corenet_receive_virtual_places_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_virtual_places_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive virtual_places_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_virtual_places_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_virtual_places_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_virtual_places_client_packets($1)
+	corenet_dontaudit_receive_virtual_places_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_virtual_places_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to virtual_places_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_virtual_places_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_virtual_places_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_client_packet_t;
+	')
+
+	allow $1 virtual_places_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_virtual_places_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send virtual_places_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_virtual_places_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_virtual_places_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_server_packet_t;
+	')
+
+	allow $1 virtual_places_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_virtual_places_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send virtual_places_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_virtual_places_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_virtual_places_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_server_packet_t;
+	')
+
+	dontaudit $1 virtual_places_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_virtual_places_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive virtual_places_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_virtual_places_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_virtual_places_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_server_packet_t;
+	')
+
+	allow $1 virtual_places_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_virtual_places_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive virtual_places_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_virtual_places_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_virtual_places_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_server_packet_t;
+	')
+
+	dontaudit $1 virtual_places_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_virtual_places_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive virtual_places_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_virtual_places_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_virtual_places_server_packets'($*)) dnl
+	
+	corenet_send_virtual_places_server_packets($1)
+	corenet_receive_virtual_places_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_virtual_places_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive virtual_places_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_virtual_places_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_virtual_places_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_virtual_places_server_packets($1)
+	corenet_dontaudit_receive_virtual_places_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_virtual_places_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to virtual_places_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_virtual_places_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_virtual_places_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virtual_places_server_packet_t;
+	')
+
+	allow $1 virtual_places_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_virtual_places_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_virt_migration_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_virt_migration_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_virt_migration_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_virt_migration_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_virt_migration_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_virt_migration_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_virt_migration_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_virt_migration_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_virt_migration_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_virt_migration_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_virt_migration_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_virt_migration_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_virt_migration_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_virt_migration_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_virt_migration_port'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_port_t;
+	')
+
+	allow $1 virt_migration_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_virt_migration_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_virt_migration_port'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_port_t;
+	')
+
+	allow $1 virt_migration_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_virt_migration_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the virt_migration port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_virt_migration_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_virt_migration_port'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_port_t;
+	')
+
+	allow $1 virt_migration_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_virt_migration_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send virt_migration_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_virt_migration_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_virt_migration_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_client_packet_t;
+	')
+
+	allow $1 virt_migration_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_virt_migration_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send virt_migration_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_virt_migration_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_virt_migration_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_client_packet_t;
+	')
+
+	dontaudit $1 virt_migration_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_virt_migration_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive virt_migration_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_virt_migration_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_virt_migration_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_client_packet_t;
+	')
+
+	allow $1 virt_migration_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_virt_migration_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive virt_migration_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_virt_migration_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_virt_migration_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_client_packet_t;
+	')
+
+	dontaudit $1 virt_migration_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_virt_migration_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive virt_migration_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_virt_migration_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_virt_migration_client_packets'($*)) dnl
+	
+	corenet_send_virt_migration_client_packets($1)
+	corenet_receive_virt_migration_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_virt_migration_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive virt_migration_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_virt_migration_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_virt_migration_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_virt_migration_client_packets($1)
+	corenet_dontaudit_receive_virt_migration_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_virt_migration_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to virt_migration_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_virt_migration_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_virt_migration_client_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_client_packet_t;
+	')
+
+	allow $1 virt_migration_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_virt_migration_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send virt_migration_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_virt_migration_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_virt_migration_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_server_packet_t;
+	')
+
+	allow $1 virt_migration_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_virt_migration_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send virt_migration_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_virt_migration_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_virt_migration_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_server_packet_t;
+	')
+
+	dontaudit $1 virt_migration_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_virt_migration_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive virt_migration_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_virt_migration_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_virt_migration_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_server_packet_t;
+	')
+
+	allow $1 virt_migration_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_virt_migration_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive virt_migration_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_virt_migration_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_virt_migration_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_server_packet_t;
+	')
+
+	dontaudit $1 virt_migration_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_virt_migration_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive virt_migration_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_virt_migration_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_virt_migration_server_packets'($*)) dnl
+	
+	corenet_send_virt_migration_server_packets($1)
+	corenet_receive_virt_migration_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_virt_migration_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive virt_migration_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_virt_migration_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_virt_migration_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_virt_migration_server_packets($1)
+	corenet_dontaudit_receive_virt_migration_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_virt_migration_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to virt_migration_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_virt_migration_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_virt_migration_server_packets'($*)) dnl
+	
+	gen_require(`
+		type virt_migration_server_packet_t;
+	')
+
+	allow $1 virt_migration_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_virt_migration_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_vnc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_vnc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_vnc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_vnc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_vnc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_vnc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_vnc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_vnc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_vnc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_vnc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_vnc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_vnc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_vnc_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_vnc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_vnc_port'($*)) dnl
+	
+	gen_require(`
+		type vnc_port_t;
+	')
+
+	allow $1 vnc_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_vnc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_vnc_port'($*)) dnl
+	
+	gen_require(`
+		type vnc_port_t;
+	')
+
+	allow $1 vnc_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_vnc_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the vnc port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_vnc_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_vnc_port'($*)) dnl
+	
+	gen_require(`
+		type vnc_port_t;
+	')
+
+	allow $1 vnc_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_vnc_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send vnc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_vnc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_vnc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_client_packet_t;
+	')
+
+	allow $1 vnc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_vnc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send vnc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_vnc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_vnc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_client_packet_t;
+	')
+
+	dontaudit $1 vnc_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_vnc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive vnc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_vnc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_vnc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_client_packet_t;
+	')
+
+	allow $1 vnc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_vnc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive vnc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_vnc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_vnc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_client_packet_t;
+	')
+
+	dontaudit $1 vnc_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_vnc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive vnc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_vnc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_vnc_client_packets'($*)) dnl
+	
+	corenet_send_vnc_client_packets($1)
+	corenet_receive_vnc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_vnc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive vnc_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_vnc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_vnc_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_vnc_client_packets($1)
+	corenet_dontaudit_receive_vnc_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_vnc_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to vnc_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_vnc_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_vnc_client_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_client_packet_t;
+	')
+
+	allow $1 vnc_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_vnc_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send vnc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_vnc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_vnc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_server_packet_t;
+	')
+
+	allow $1 vnc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_vnc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send vnc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_vnc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_vnc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_server_packet_t;
+	')
+
+	dontaudit $1 vnc_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_vnc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive vnc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_vnc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_vnc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_server_packet_t;
+	')
+
+	allow $1 vnc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_vnc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive vnc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_vnc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_vnc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_server_packet_t;
+	')
+
+	dontaudit $1 vnc_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_vnc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive vnc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_vnc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_vnc_server_packets'($*)) dnl
+	
+	corenet_send_vnc_server_packets($1)
+	corenet_receive_vnc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_vnc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive vnc_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_vnc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_vnc_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_vnc_server_packets($1)
+	corenet_dontaudit_receive_vnc_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_vnc_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to vnc_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_vnc_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_vnc_server_packets'($*)) dnl
+	
+	gen_require(`
+		type vnc_server_packet_t;
+	')
+
+	allow $1 vnc_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_vnc_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_wccp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_wccp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_wccp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_wccp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_wccp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_wccp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_wccp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_wccp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_wccp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_wccp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_wccp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_wccp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_wccp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_wccp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_wccp_port'($*)) dnl
+	
+	gen_require(`
+		type wccp_port_t;
+	')
+
+	allow $1 wccp_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_wccp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_wccp_port'($*)) dnl
+	
+	gen_require(`
+		type wccp_port_t;
+	')
+
+	allow $1 wccp_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_wccp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the wccp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_wccp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_wccp_port'($*)) dnl
+	
+	gen_require(`
+		type wccp_port_t;
+	')
+
+	allow $1 wccp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_wccp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send wccp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_wccp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_wccp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_client_packet_t;
+	')
+
+	allow $1 wccp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_wccp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send wccp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_wccp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_wccp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_client_packet_t;
+	')
+
+	dontaudit $1 wccp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_wccp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive wccp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_wccp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_wccp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_client_packet_t;
+	')
+
+	allow $1 wccp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_wccp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive wccp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_wccp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_wccp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_client_packet_t;
+	')
+
+	dontaudit $1 wccp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_wccp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive wccp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_wccp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_wccp_client_packets'($*)) dnl
+	
+	corenet_send_wccp_client_packets($1)
+	corenet_receive_wccp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_wccp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive wccp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_wccp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_wccp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_wccp_client_packets($1)
+	corenet_dontaudit_receive_wccp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_wccp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to wccp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_wccp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_wccp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_client_packet_t;
+	')
+
+	allow $1 wccp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_wccp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send wccp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_wccp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_wccp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_server_packet_t;
+	')
+
+	allow $1 wccp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_wccp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send wccp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_wccp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_wccp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_server_packet_t;
+	')
+
+	dontaudit $1 wccp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_wccp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive wccp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_wccp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_wccp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_server_packet_t;
+	')
+
+	allow $1 wccp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_wccp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive wccp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_wccp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_wccp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_server_packet_t;
+	')
+
+	dontaudit $1 wccp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_wccp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive wccp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_wccp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_wccp_server_packets'($*)) dnl
+	
+	corenet_send_wccp_server_packets($1)
+	corenet_receive_wccp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_wccp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive wccp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_wccp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_wccp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_wccp_server_packets($1)
+	corenet_dontaudit_receive_wccp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_wccp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to wccp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_wccp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_wccp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wccp_server_packet_t;
+	')
+
+	allow $1 wccp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_wccp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_websm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_websm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_websm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_websm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_websm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_websm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_websm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_websm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_websm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_websm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_websm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_websm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_websm_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_websm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_websm_port'($*)) dnl
+	
+	gen_require(`
+		type websm_port_t;
+	')
+
+	allow $1 websm_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_websm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_websm_port'($*)) dnl
+	
+	gen_require(`
+		type websm_port_t;
+	')
+
+	allow $1 websm_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_websm_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the websm port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_websm_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_websm_port'($*)) dnl
+	
+	gen_require(`
+		type websm_port_t;
+	')
+
+	allow $1 websm_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_websm_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send websm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_websm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_websm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_client_packet_t;
+	')
+
+	allow $1 websm_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_websm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send websm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_websm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_websm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_client_packet_t;
+	')
+
+	dontaudit $1 websm_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_websm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive websm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_websm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_websm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_client_packet_t;
+	')
+
+	allow $1 websm_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_websm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive websm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_websm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_websm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_client_packet_t;
+	')
+
+	dontaudit $1 websm_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_websm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive websm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_websm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_websm_client_packets'($*)) dnl
+	
+	corenet_send_websm_client_packets($1)
+	corenet_receive_websm_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_websm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive websm_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_websm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_websm_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_websm_client_packets($1)
+	corenet_dontaudit_receive_websm_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_websm_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to websm_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_websm_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_websm_client_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_client_packet_t;
+	')
+
+	allow $1 websm_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_websm_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send websm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_websm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_websm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_server_packet_t;
+	')
+
+	allow $1 websm_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_websm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send websm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_websm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_websm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_server_packet_t;
+	')
+
+	dontaudit $1 websm_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_websm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive websm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_websm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_websm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_server_packet_t;
+	')
+
+	allow $1 websm_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_websm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive websm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_websm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_websm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_server_packet_t;
+	')
+
+	dontaudit $1 websm_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_websm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive websm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_websm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_websm_server_packets'($*)) dnl
+	
+	corenet_send_websm_server_packets($1)
+	corenet_receive_websm_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_websm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive websm_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_websm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_websm_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_websm_server_packets($1)
+	corenet_dontaudit_receive_websm_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_websm_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to websm_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_websm_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_websm_server_packets'($*)) dnl
+	
+	gen_require(`
+		type websm_server_packet_t;
+	')
+
+	allow $1 websm_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_websm_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_whois_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_whois_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_whois_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_whois_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_whois_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_whois_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_whois_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_whois_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_whois_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_whois_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_whois_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_whois_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_whois_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_whois_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_whois_port'($*)) dnl
+	
+	gen_require(`
+		type whois_port_t;
+	')
+
+	allow $1 whois_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_whois_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_whois_port'($*)) dnl
+	
+	gen_require(`
+		type whois_port_t;
+	')
+
+	allow $1 whois_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_whois_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the whois port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_whois_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_whois_port'($*)) dnl
+	
+	gen_require(`
+		type whois_port_t;
+	')
+
+	allow $1 whois_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_whois_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send whois_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_whois_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_whois_client_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_client_packet_t;
+	')
+
+	allow $1 whois_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_whois_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send whois_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_whois_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_whois_client_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_client_packet_t;
+	')
+
+	dontaudit $1 whois_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_whois_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive whois_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_whois_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_whois_client_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_client_packet_t;
+	')
+
+	allow $1 whois_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_whois_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive whois_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_whois_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_whois_client_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_client_packet_t;
+	')
+
+	dontaudit $1 whois_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_whois_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive whois_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_whois_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_whois_client_packets'($*)) dnl
+	
+	corenet_send_whois_client_packets($1)
+	corenet_receive_whois_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_whois_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive whois_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_whois_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_whois_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_whois_client_packets($1)
+	corenet_dontaudit_receive_whois_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_whois_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to whois_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_whois_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_whois_client_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_client_packet_t;
+	')
+
+	allow $1 whois_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_whois_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send whois_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_whois_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_whois_server_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_server_packet_t;
+	')
+
+	allow $1 whois_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_whois_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send whois_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_whois_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_whois_server_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_server_packet_t;
+	')
+
+	dontaudit $1 whois_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_whois_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive whois_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_whois_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_whois_server_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_server_packet_t;
+	')
+
+	allow $1 whois_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_whois_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive whois_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_whois_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_whois_server_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_server_packet_t;
+	')
+
+	dontaudit $1 whois_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_whois_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive whois_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_whois_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_whois_server_packets'($*)) dnl
+	
+	corenet_send_whois_server_packets($1)
+	corenet_receive_whois_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_whois_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive whois_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_whois_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_whois_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_whois_server_packets($1)
+	corenet_dontaudit_receive_whois_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_whois_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to whois_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_whois_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_whois_server_packets'($*)) dnl
+	
+	gen_require(`
+		type whois_server_packet_t;
+	')
+
+	allow $1 whois_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_whois_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_winshadow_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_winshadow_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_winshadow_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_winshadow_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_winshadow_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_winshadow_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_winshadow_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_winshadow_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_winshadow_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_winshadow_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_winshadow_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_winshadow_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_winshadow_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_winshadow_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_winshadow_port'($*)) dnl
+	
+	gen_require(`
+		type winshadow_port_t;
+	')
+
+	allow $1 winshadow_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_winshadow_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_winshadow_port'($*)) dnl
+	
+	gen_require(`
+		type winshadow_port_t;
+	')
+
+	allow $1 winshadow_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_winshadow_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the winshadow port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_winshadow_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_winshadow_port'($*)) dnl
+	
+	gen_require(`
+		type winshadow_port_t;
+	')
+
+	allow $1 winshadow_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_winshadow_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send winshadow_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_winshadow_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_winshadow_client_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_client_packet_t;
+	')
+
+	allow $1 winshadow_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_winshadow_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send winshadow_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_winshadow_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_winshadow_client_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_client_packet_t;
+	')
+
+	dontaudit $1 winshadow_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_winshadow_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive winshadow_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_winshadow_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_winshadow_client_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_client_packet_t;
+	')
+
+	allow $1 winshadow_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_winshadow_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive winshadow_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_winshadow_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_winshadow_client_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_client_packet_t;
+	')
+
+	dontaudit $1 winshadow_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_winshadow_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive winshadow_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_winshadow_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_winshadow_client_packets'($*)) dnl
+	
+	corenet_send_winshadow_client_packets($1)
+	corenet_receive_winshadow_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_winshadow_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive winshadow_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_winshadow_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_winshadow_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_winshadow_client_packets($1)
+	corenet_dontaudit_receive_winshadow_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_winshadow_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to winshadow_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_winshadow_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_winshadow_client_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_client_packet_t;
+	')
+
+	allow $1 winshadow_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_winshadow_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send winshadow_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_winshadow_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_winshadow_server_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_server_packet_t;
+	')
+
+	allow $1 winshadow_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_winshadow_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send winshadow_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_winshadow_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_winshadow_server_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_server_packet_t;
+	')
+
+	dontaudit $1 winshadow_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_winshadow_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive winshadow_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_winshadow_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_winshadow_server_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_server_packet_t;
+	')
+
+	allow $1 winshadow_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_winshadow_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive winshadow_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_winshadow_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_winshadow_server_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_server_packet_t;
+	')
+
+	dontaudit $1 winshadow_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_winshadow_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive winshadow_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_winshadow_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_winshadow_server_packets'($*)) dnl
+	
+	corenet_send_winshadow_server_packets($1)
+	corenet_receive_winshadow_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_winshadow_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive winshadow_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_winshadow_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_winshadow_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_winshadow_server_packets($1)
+	corenet_dontaudit_receive_winshadow_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_winshadow_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to winshadow_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_winshadow_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_winshadow_server_packets'($*)) dnl
+	
+	gen_require(`
+		type winshadow_server_packet_t;
+	')
+
+	allow $1 winshadow_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_winshadow_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_wsdapi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_wsdapi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_wsdapi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_wsdapi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_wsdapi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_wsdapi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_wsdapi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_wsdapi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_wsdapi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_wsdapi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_wsdapi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_wsdapi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_wsdapi_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_wsdapi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_wsdapi_port'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_port_t;
+	')
+
+	allow $1 wsdapi_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_wsdapi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_wsdapi_port'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_port_t;
+	')
+
+	allow $1 wsdapi_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_wsdapi_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the wsdapi port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_wsdapi_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_wsdapi_port'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_port_t;
+	')
+
+	allow $1 wsdapi_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_wsdapi_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send wsdapi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_wsdapi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_wsdapi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_client_packet_t;
+	')
+
+	allow $1 wsdapi_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_wsdapi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send wsdapi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_wsdapi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_wsdapi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_client_packet_t;
+	')
+
+	dontaudit $1 wsdapi_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_wsdapi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive wsdapi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_wsdapi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_wsdapi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_client_packet_t;
+	')
+
+	allow $1 wsdapi_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_wsdapi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive wsdapi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_wsdapi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_wsdapi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_client_packet_t;
+	')
+
+	dontaudit $1 wsdapi_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_wsdapi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive wsdapi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_wsdapi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_wsdapi_client_packets'($*)) dnl
+	
+	corenet_send_wsdapi_client_packets($1)
+	corenet_receive_wsdapi_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_wsdapi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive wsdapi_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_wsdapi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_wsdapi_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_wsdapi_client_packets($1)
+	corenet_dontaudit_receive_wsdapi_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_wsdapi_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to wsdapi_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_wsdapi_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_wsdapi_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_client_packet_t;
+	')
+
+	allow $1 wsdapi_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_wsdapi_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send wsdapi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_wsdapi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_wsdapi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_server_packet_t;
+	')
+
+	allow $1 wsdapi_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_wsdapi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send wsdapi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_wsdapi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_wsdapi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_server_packet_t;
+	')
+
+	dontaudit $1 wsdapi_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_wsdapi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive wsdapi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_wsdapi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_wsdapi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_server_packet_t;
+	')
+
+	allow $1 wsdapi_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_wsdapi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive wsdapi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_wsdapi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_wsdapi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_server_packet_t;
+	')
+
+	dontaudit $1 wsdapi_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_wsdapi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive wsdapi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_wsdapi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_wsdapi_server_packets'($*)) dnl
+	
+	corenet_send_wsdapi_server_packets($1)
+	corenet_receive_wsdapi_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_wsdapi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive wsdapi_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_wsdapi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_wsdapi_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_wsdapi_server_packets($1)
+	corenet_dontaudit_receive_wsdapi_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_wsdapi_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to wsdapi_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_wsdapi_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_wsdapi_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsdapi_server_packet_t;
+	')
+
+	allow $1 wsdapi_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_wsdapi_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_wsicopy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_wsicopy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_wsicopy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_wsicopy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_wsicopy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_wsicopy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_wsicopy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_wsicopy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_wsicopy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_wsicopy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_wsicopy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_wsicopy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_wsicopy_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_wsicopy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_wsicopy_port'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_port_t;
+	')
+
+	allow $1 wsicopy_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_wsicopy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_wsicopy_port'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_port_t;
+	')
+
+	allow $1 wsicopy_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_wsicopy_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the wsicopy port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_wsicopy_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_wsicopy_port'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_port_t;
+	')
+
+	allow $1 wsicopy_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_wsicopy_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send wsicopy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_wsicopy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_wsicopy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_client_packet_t;
+	')
+
+	allow $1 wsicopy_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_wsicopy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send wsicopy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_wsicopy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_wsicopy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_client_packet_t;
+	')
+
+	dontaudit $1 wsicopy_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_wsicopy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive wsicopy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_wsicopy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_wsicopy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_client_packet_t;
+	')
+
+	allow $1 wsicopy_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_wsicopy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive wsicopy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_wsicopy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_wsicopy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_client_packet_t;
+	')
+
+	dontaudit $1 wsicopy_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_wsicopy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive wsicopy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_wsicopy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_wsicopy_client_packets'($*)) dnl
+	
+	corenet_send_wsicopy_client_packets($1)
+	corenet_receive_wsicopy_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_wsicopy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive wsicopy_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_wsicopy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_wsicopy_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_wsicopy_client_packets($1)
+	corenet_dontaudit_receive_wsicopy_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_wsicopy_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to wsicopy_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_wsicopy_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_wsicopy_client_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_client_packet_t;
+	')
+
+	allow $1 wsicopy_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_wsicopy_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send wsicopy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_wsicopy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_wsicopy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_server_packet_t;
+	')
+
+	allow $1 wsicopy_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_wsicopy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send wsicopy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_wsicopy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_wsicopy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_server_packet_t;
+	')
+
+	dontaudit $1 wsicopy_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_wsicopy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive wsicopy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_wsicopy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_wsicopy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_server_packet_t;
+	')
+
+	allow $1 wsicopy_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_wsicopy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive wsicopy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_wsicopy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_wsicopy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_server_packet_t;
+	')
+
+	dontaudit $1 wsicopy_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_wsicopy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive wsicopy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_wsicopy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_wsicopy_server_packets'($*)) dnl
+	
+	corenet_send_wsicopy_server_packets($1)
+	corenet_receive_wsicopy_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_wsicopy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive wsicopy_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_wsicopy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_wsicopy_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_wsicopy_server_packets($1)
+	corenet_dontaudit_receive_wsicopy_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_wsicopy_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to wsicopy_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_wsicopy_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_wsicopy_server_packets'($*)) dnl
+	
+	gen_require(`
+		type wsicopy_server_packet_t;
+	')
+
+	allow $1 wsicopy_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_wsicopy_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_xdmcp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_xdmcp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_xdmcp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_xdmcp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_xdmcp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_xdmcp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_xdmcp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_xdmcp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_xdmcp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_xdmcp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_xdmcp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_xdmcp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_xdmcp_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_xdmcp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_xdmcp_port'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_port_t;
+	')
+
+	allow $1 xdmcp_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_xdmcp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_xdmcp_port'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_port_t;
+	')
+
+	allow $1 xdmcp_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_xdmcp_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the xdmcp port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_xdmcp_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_xdmcp_port'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_port_t;
+	')
+
+	allow $1 xdmcp_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_xdmcp_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send xdmcp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_xdmcp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_xdmcp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_client_packet_t;
+	')
+
+	allow $1 xdmcp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_xdmcp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send xdmcp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_xdmcp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_xdmcp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_client_packet_t;
+	')
+
+	dontaudit $1 xdmcp_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_xdmcp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive xdmcp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_xdmcp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_xdmcp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_client_packet_t;
+	')
+
+	allow $1 xdmcp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_xdmcp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive xdmcp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_xdmcp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_xdmcp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_client_packet_t;
+	')
+
+	dontaudit $1 xdmcp_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_xdmcp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive xdmcp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_xdmcp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_xdmcp_client_packets'($*)) dnl
+	
+	corenet_send_xdmcp_client_packets($1)
+	corenet_receive_xdmcp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_xdmcp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive xdmcp_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_xdmcp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_xdmcp_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_xdmcp_client_packets($1)
+	corenet_dontaudit_receive_xdmcp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_xdmcp_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to xdmcp_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_xdmcp_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_xdmcp_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_client_packet_t;
+	')
+
+	allow $1 xdmcp_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_xdmcp_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send xdmcp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_xdmcp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_xdmcp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_server_packet_t;
+	')
+
+	allow $1 xdmcp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_xdmcp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send xdmcp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_xdmcp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_xdmcp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_server_packet_t;
+	')
+
+	dontaudit $1 xdmcp_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_xdmcp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive xdmcp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_xdmcp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_xdmcp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_server_packet_t;
+	')
+
+	allow $1 xdmcp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_xdmcp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive xdmcp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_xdmcp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_xdmcp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_server_packet_t;
+	')
+
+	dontaudit $1 xdmcp_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_xdmcp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive xdmcp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_xdmcp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_xdmcp_server_packets'($*)) dnl
+	
+	corenet_send_xdmcp_server_packets($1)
+	corenet_receive_xdmcp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_xdmcp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive xdmcp_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_xdmcp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_xdmcp_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_xdmcp_server_packets($1)
+	corenet_dontaudit_receive_xdmcp_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_xdmcp_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to xdmcp_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_xdmcp_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_xdmcp_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xdmcp_server_packet_t;
+	')
+
+	allow $1 xdmcp_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_xdmcp_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_xen_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_xen_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_xen_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_xen_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_xen_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_xen_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_xen_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_xen_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_xen_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_xen_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_xen_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_xen_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_xen_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_xen_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_xen_port'($*)) dnl
+	
+	gen_require(`
+		type xen_port_t;
+	')
+
+	allow $1 xen_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_xen_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_xen_port'($*)) dnl
+	
+	gen_require(`
+		type xen_port_t;
+	')
+
+	allow $1 xen_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_xen_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the xen port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_xen_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_xen_port'($*)) dnl
+	
+	gen_require(`
+		type xen_port_t;
+	')
+
+	allow $1 xen_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_xen_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send xen_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_xen_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_xen_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_client_packet_t;
+	')
+
+	allow $1 xen_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_xen_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send xen_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_xen_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_xen_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_client_packet_t;
+	')
+
+	dontaudit $1 xen_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_xen_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive xen_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_xen_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_xen_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_client_packet_t;
+	')
+
+	allow $1 xen_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_xen_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive xen_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_xen_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_xen_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_client_packet_t;
+	')
+
+	dontaudit $1 xen_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_xen_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive xen_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_xen_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_xen_client_packets'($*)) dnl
+	
+	corenet_send_xen_client_packets($1)
+	corenet_receive_xen_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_xen_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive xen_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_xen_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_xen_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_xen_client_packets($1)
+	corenet_dontaudit_receive_xen_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_xen_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to xen_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_xen_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_xen_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_client_packet_t;
+	')
+
+	allow $1 xen_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_xen_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send xen_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_xen_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_xen_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_server_packet_t;
+	')
+
+	allow $1 xen_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_xen_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send xen_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_xen_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_xen_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_server_packet_t;
+	')
+
+	dontaudit $1 xen_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_xen_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive xen_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_xen_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_xen_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_server_packet_t;
+	')
+
+	allow $1 xen_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_xen_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive xen_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_xen_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_xen_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_server_packet_t;
+	')
+
+	dontaudit $1 xen_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_xen_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive xen_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_xen_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_xen_server_packets'($*)) dnl
+	
+	corenet_send_xen_server_packets($1)
+	corenet_receive_xen_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_xen_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive xen_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_xen_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_xen_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_xen_server_packets($1)
+	corenet_dontaudit_receive_xen_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_xen_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to xen_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_xen_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_xen_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xen_server_packet_t;
+	')
+
+	allow $1 xen_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_xen_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_xfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_xfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_xfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_xfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_xfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_xfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_xfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_xfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_xfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_xfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_xfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_xfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_xfs_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_xfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_xfs_port'($*)) dnl
+	
+	gen_require(`
+		type xfs_port_t;
+	')
+
+	allow $1 xfs_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_xfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_xfs_port'($*)) dnl
+	
+	gen_require(`
+		type xfs_port_t;
+	')
+
+	allow $1 xfs_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_xfs_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the xfs port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_xfs_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_xfs_port'($*)) dnl
+	
+	gen_require(`
+		type xfs_port_t;
+	')
+
+	allow $1 xfs_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_xfs_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send xfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_xfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_xfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_client_packet_t;
+	')
+
+	allow $1 xfs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_xfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send xfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_xfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_xfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_client_packet_t;
+	')
+
+	dontaudit $1 xfs_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_xfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive xfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_xfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_xfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_client_packet_t;
+	')
+
+	allow $1 xfs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_xfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive xfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_xfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_xfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_client_packet_t;
+	')
+
+	dontaudit $1 xfs_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_xfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive xfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_xfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_xfs_client_packets'($*)) dnl
+	
+	corenet_send_xfs_client_packets($1)
+	corenet_receive_xfs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_xfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive xfs_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_xfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_xfs_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_xfs_client_packets($1)
+	corenet_dontaudit_receive_xfs_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_xfs_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to xfs_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_xfs_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_xfs_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_client_packet_t;
+	')
+
+	allow $1 xfs_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_xfs_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send xfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_xfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_xfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_server_packet_t;
+	')
+
+	allow $1 xfs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_xfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send xfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_xfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_xfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_server_packet_t;
+	')
+
+	dontaudit $1 xfs_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_xfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive xfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_xfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_xfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_server_packet_t;
+	')
+
+	allow $1 xfs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_xfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive xfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_xfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_xfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_server_packet_t;
+	')
+
+	dontaudit $1 xfs_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_xfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive xfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_xfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_xfs_server_packets'($*)) dnl
+	
+	corenet_send_xfs_server_packets($1)
+	corenet_receive_xfs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_xfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive xfs_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_xfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_xfs_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_xfs_server_packets($1)
+	corenet_dontaudit_receive_xfs_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_xfs_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to xfs_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_xfs_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_xfs_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xfs_server_packet_t;
+	')
+
+	allow $1 xfs_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_xfs_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_xserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_xserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_xserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_xserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_xserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_xserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_xserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_xserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_xserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_xserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_xserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_xserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_xserver_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_xserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_xserver_port'($*)) dnl
+	
+	gen_require(`
+		type xserver_port_t;
+	')
+
+	allow $1 xserver_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_xserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_xserver_port'($*)) dnl
+	
+	gen_require(`
+		type xserver_port_t;
+	')
+
+	allow $1 xserver_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_xserver_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the xserver port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_xserver_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_xserver_port'($*)) dnl
+	
+	gen_require(`
+		type xserver_port_t;
+	')
+
+	allow $1 xserver_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_xserver_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send xserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_xserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_xserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_client_packet_t;
+	')
+
+	allow $1 xserver_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_xserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send xserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_xserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_xserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_client_packet_t;
+	')
+
+	dontaudit $1 xserver_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_xserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive xserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_xserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_xserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_client_packet_t;
+	')
+
+	allow $1 xserver_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_xserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive xserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_xserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_xserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_client_packet_t;
+	')
+
+	dontaudit $1 xserver_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_xserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive xserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_xserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_xserver_client_packets'($*)) dnl
+	
+	corenet_send_xserver_client_packets($1)
+	corenet_receive_xserver_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_xserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive xserver_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_xserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_xserver_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_xserver_client_packets($1)
+	corenet_dontaudit_receive_xserver_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_xserver_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to xserver_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_xserver_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_xserver_client_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_client_packet_t;
+	')
+
+	allow $1 xserver_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_xserver_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send xserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_xserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_xserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_server_packet_t;
+	')
+
+	allow $1 xserver_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_xserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send xserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_xserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_xserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_server_packet_t;
+	')
+
+	dontaudit $1 xserver_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_xserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive xserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_xserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_xserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_server_packet_t;
+	')
+
+	allow $1 xserver_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_xserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive xserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_xserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_xserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_server_packet_t;
+	')
+
+	dontaudit $1 xserver_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_xserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive xserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_xserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_xserver_server_packets'($*)) dnl
+	
+	corenet_send_xserver_server_packets($1)
+	corenet_receive_xserver_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_xserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive xserver_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_xserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_xserver_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_xserver_server_packets($1)
+	corenet_dontaudit_receive_xserver_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_xserver_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to xserver_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_xserver_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_xserver_server_packets'($*)) dnl
+	
+	gen_require(`
+		type xserver_server_packet_t;
+	')
+
+	allow $1 xserver_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_xserver_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_zarafa_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_zarafa_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_zarafa_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_zarafa_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_zarafa_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_zarafa_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_zarafa_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_zarafa_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_zarafa_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_zarafa_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_zarafa_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_zarafa_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_zarafa_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_zarafa_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_zarafa_port'($*)) dnl
+	
+	gen_require(`
+		type zarafa_port_t;
+	')
+
+	allow $1 zarafa_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_zarafa_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_zarafa_port'($*)) dnl
+	
+	gen_require(`
+		type zarafa_port_t;
+	')
+
+	allow $1 zarafa_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_zarafa_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the zarafa port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_zarafa_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_zarafa_port'($*)) dnl
+	
+	gen_require(`
+		type zarafa_port_t;
+	')
+
+	allow $1 zarafa_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_zarafa_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zarafa_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zarafa_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zarafa_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_client_packet_t;
+	')
+
+	allow $1 zarafa_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zarafa_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zarafa_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zarafa_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zarafa_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_client_packet_t;
+	')
+
+	dontaudit $1 zarafa_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zarafa_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zarafa_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zarafa_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zarafa_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_client_packet_t;
+	')
+
+	allow $1 zarafa_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zarafa_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zarafa_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zarafa_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zarafa_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_client_packet_t;
+	')
+
+	dontaudit $1 zarafa_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zarafa_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zarafa_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zarafa_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zarafa_client_packets'($*)) dnl
+	
+	corenet_send_zarafa_client_packets($1)
+	corenet_receive_zarafa_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zarafa_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zarafa_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zarafa_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zarafa_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zarafa_client_packets($1)
+	corenet_dontaudit_receive_zarafa_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zarafa_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zarafa_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zarafa_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zarafa_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_client_packet_t;
+	')
+
+	allow $1 zarafa_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zarafa_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zarafa_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zarafa_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zarafa_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_server_packet_t;
+	')
+
+	allow $1 zarafa_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zarafa_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zarafa_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zarafa_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zarafa_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_server_packet_t;
+	')
+
+	dontaudit $1 zarafa_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zarafa_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zarafa_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zarafa_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zarafa_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_server_packet_t;
+	')
+
+	allow $1 zarafa_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zarafa_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zarafa_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zarafa_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zarafa_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_server_packet_t;
+	')
+
+	dontaudit $1 zarafa_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zarafa_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zarafa_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zarafa_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zarafa_server_packets'($*)) dnl
+	
+	corenet_send_zarafa_server_packets($1)
+	corenet_receive_zarafa_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zarafa_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zarafa_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zarafa_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zarafa_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zarafa_server_packets($1)
+	corenet_dontaudit_receive_zarafa_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zarafa_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zarafa_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zarafa_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zarafa_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zarafa_server_packet_t;
+	')
+
+	allow $1 zarafa_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zarafa_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_zabbix_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_zabbix_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_zabbix_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_zabbix_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_zabbix_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_zabbix_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_zabbix_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_zabbix_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_zabbix_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_zabbix_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_zabbix_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_zabbix_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_zabbix_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_zabbix_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_zabbix_port'($*)) dnl
+	
+	gen_require(`
+		type zabbix_port_t;
+	')
+
+	allow $1 zabbix_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_zabbix_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_zabbix_port'($*)) dnl
+	
+	gen_require(`
+		type zabbix_port_t;
+	')
+
+	allow $1 zabbix_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_zabbix_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the zabbix port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_zabbix_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_zabbix_port'($*)) dnl
+	
+	gen_require(`
+		type zabbix_port_t;
+	')
+
+	allow $1 zabbix_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_zabbix_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zabbix_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zabbix_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zabbix_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_client_packet_t;
+	')
+
+	allow $1 zabbix_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zabbix_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zabbix_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zabbix_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zabbix_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_client_packet_t;
+	')
+
+	dontaudit $1 zabbix_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zabbix_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zabbix_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zabbix_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zabbix_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_client_packet_t;
+	')
+
+	allow $1 zabbix_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zabbix_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zabbix_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zabbix_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zabbix_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_client_packet_t;
+	')
+
+	dontaudit $1 zabbix_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zabbix_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zabbix_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zabbix_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zabbix_client_packets'($*)) dnl
+	
+	corenet_send_zabbix_client_packets($1)
+	corenet_receive_zabbix_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zabbix_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zabbix_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zabbix_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zabbix_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zabbix_client_packets($1)
+	corenet_dontaudit_receive_zabbix_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zabbix_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zabbix_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zabbix_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zabbix_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_client_packet_t;
+	')
+
+	allow $1 zabbix_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zabbix_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zabbix_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zabbix_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zabbix_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_server_packet_t;
+	')
+
+	allow $1 zabbix_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zabbix_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zabbix_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zabbix_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zabbix_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_server_packet_t;
+	')
+
+	dontaudit $1 zabbix_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zabbix_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zabbix_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zabbix_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zabbix_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_server_packet_t;
+	')
+
+	allow $1 zabbix_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zabbix_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zabbix_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zabbix_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zabbix_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_server_packet_t;
+	')
+
+	dontaudit $1 zabbix_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zabbix_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zabbix_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zabbix_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zabbix_server_packets'($*)) dnl
+	
+	corenet_send_zabbix_server_packets($1)
+	corenet_receive_zabbix_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zabbix_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zabbix_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zabbix_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zabbix_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zabbix_server_packets($1)
+	corenet_dontaudit_receive_zabbix_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zabbix_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zabbix_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zabbix_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zabbix_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_server_packet_t;
+	')
+
+	allow $1 zabbix_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zabbix_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_zabbix_agent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_zabbix_agent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_zabbix_agent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_zabbix_agent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_zabbix_agent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_zabbix_agent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_zabbix_agent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_zabbix_agent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_zabbix_agent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_zabbix_agent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_zabbix_agent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_zabbix_agent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_zabbix_agent_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_zabbix_agent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_zabbix_agent_port'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_port_t;
+	')
+
+	allow $1 zabbix_agent_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_zabbix_agent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_zabbix_agent_port'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_port_t;
+	')
+
+	allow $1 zabbix_agent_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_zabbix_agent_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the zabbix_agent port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_zabbix_agent_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_zabbix_agent_port'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_port_t;
+	')
+
+	allow $1 zabbix_agent_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_zabbix_agent_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zabbix_agent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zabbix_agent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zabbix_agent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_client_packet_t;
+	')
+
+	allow $1 zabbix_agent_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zabbix_agent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zabbix_agent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zabbix_agent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zabbix_agent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_client_packet_t;
+	')
+
+	dontaudit $1 zabbix_agent_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zabbix_agent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zabbix_agent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zabbix_agent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zabbix_agent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_client_packet_t;
+	')
+
+	allow $1 zabbix_agent_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zabbix_agent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zabbix_agent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zabbix_agent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zabbix_agent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_client_packet_t;
+	')
+
+	dontaudit $1 zabbix_agent_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zabbix_agent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zabbix_agent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zabbix_agent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zabbix_agent_client_packets'($*)) dnl
+	
+	corenet_send_zabbix_agent_client_packets($1)
+	corenet_receive_zabbix_agent_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zabbix_agent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zabbix_agent_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zabbix_agent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zabbix_agent_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zabbix_agent_client_packets($1)
+	corenet_dontaudit_receive_zabbix_agent_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zabbix_agent_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zabbix_agent_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zabbix_agent_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zabbix_agent_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_client_packet_t;
+	')
+
+	allow $1 zabbix_agent_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zabbix_agent_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zabbix_agent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zabbix_agent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zabbix_agent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_server_packet_t;
+	')
+
+	allow $1 zabbix_agent_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zabbix_agent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zabbix_agent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zabbix_agent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zabbix_agent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_server_packet_t;
+	')
+
+	dontaudit $1 zabbix_agent_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zabbix_agent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zabbix_agent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zabbix_agent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zabbix_agent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_server_packet_t;
+	')
+
+	allow $1 zabbix_agent_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zabbix_agent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zabbix_agent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zabbix_agent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zabbix_agent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_server_packet_t;
+	')
+
+	dontaudit $1 zabbix_agent_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zabbix_agent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zabbix_agent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zabbix_agent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zabbix_agent_server_packets'($*)) dnl
+	
+	corenet_send_zabbix_agent_server_packets($1)
+	corenet_receive_zabbix_agent_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zabbix_agent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zabbix_agent_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zabbix_agent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zabbix_agent_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zabbix_agent_server_packets($1)
+	corenet_dontaudit_receive_zabbix_agent_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zabbix_agent_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zabbix_agent_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zabbix_agent_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zabbix_agent_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zabbix_agent_server_packet_t;
+	')
+
+	allow $1 zabbix_agent_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zabbix_agent_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_zookeeper_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_zookeeper_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_zookeeper_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_zookeeper_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_zookeeper_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_zookeeper_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_zookeeper_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_zookeeper_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_zookeeper_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_zookeeper_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_zookeeper_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_zookeeper_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_zookeeper_client_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_zookeeper_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_zookeeper_client_port'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_port_t;
+	')
+
+	allow $1 zookeeper_client_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_zookeeper_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_zookeeper_client_port'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_port_t;
+	')
+
+	allow $1 zookeeper_client_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_zookeeper_client_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the zookeeper_client port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_zookeeper_client_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_zookeeper_client_port'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_port_t;
+	')
+
+	allow $1 zookeeper_client_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_zookeeper_client_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zookeeper_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zookeeper_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zookeeper_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_client_packet_t;
+	')
+
+	allow $1 zookeeper_client_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zookeeper_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zookeeper_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zookeeper_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zookeeper_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_client_packet_t;
+	')
+
+	dontaudit $1 zookeeper_client_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zookeeper_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zookeeper_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zookeeper_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zookeeper_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_client_packet_t;
+	')
+
+	allow $1 zookeeper_client_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zookeeper_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zookeeper_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zookeeper_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zookeeper_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_client_packet_t;
+	')
+
+	dontaudit $1 zookeeper_client_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zookeeper_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zookeeper_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zookeeper_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zookeeper_client_client_packets'($*)) dnl
+	
+	corenet_send_zookeeper_client_client_packets($1)
+	corenet_receive_zookeeper_client_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zookeeper_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zookeeper_client_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zookeeper_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zookeeper_client_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zookeeper_client_client_packets($1)
+	corenet_dontaudit_receive_zookeeper_client_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zookeeper_client_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zookeeper_client_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zookeeper_client_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zookeeper_client_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_client_packet_t;
+	')
+
+	allow $1 zookeeper_client_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zookeeper_client_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zookeeper_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zookeeper_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zookeeper_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_server_packet_t;
+	')
+
+	allow $1 zookeeper_client_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zookeeper_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zookeeper_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zookeeper_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zookeeper_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_server_packet_t;
+	')
+
+	dontaudit $1 zookeeper_client_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zookeeper_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zookeeper_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zookeeper_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zookeeper_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_server_packet_t;
+	')
+
+	allow $1 zookeeper_client_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zookeeper_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zookeeper_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zookeeper_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zookeeper_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_server_packet_t;
+	')
+
+	dontaudit $1 zookeeper_client_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zookeeper_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zookeeper_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zookeeper_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zookeeper_client_server_packets'($*)) dnl
+	
+	corenet_send_zookeeper_client_server_packets($1)
+	corenet_receive_zookeeper_client_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zookeeper_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zookeeper_client_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zookeeper_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zookeeper_client_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zookeeper_client_server_packets($1)
+	corenet_dontaudit_receive_zookeeper_client_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zookeeper_client_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zookeeper_client_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zookeeper_client_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zookeeper_client_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_client_server_packet_t;
+	')
+
+	allow $1 zookeeper_client_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zookeeper_client_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_zookeeper_election_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_zookeeper_election_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_zookeeper_election_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_zookeeper_election_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_zookeeper_election_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_zookeeper_election_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_zookeeper_election_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_zookeeper_election_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_zookeeper_election_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_zookeeper_election_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_zookeeper_election_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_zookeeper_election_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_zookeeper_election_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_zookeeper_election_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_zookeeper_election_port'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_port_t;
+	')
+
+	allow $1 zookeeper_election_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_zookeeper_election_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_zookeeper_election_port'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_port_t;
+	')
+
+	allow $1 zookeeper_election_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_zookeeper_election_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the zookeeper_election port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_zookeeper_election_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_zookeeper_election_port'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_port_t;
+	')
+
+	allow $1 zookeeper_election_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_zookeeper_election_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zookeeper_election_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zookeeper_election_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zookeeper_election_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_client_packet_t;
+	')
+
+	allow $1 zookeeper_election_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zookeeper_election_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zookeeper_election_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zookeeper_election_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zookeeper_election_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_client_packet_t;
+	')
+
+	dontaudit $1 zookeeper_election_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zookeeper_election_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zookeeper_election_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zookeeper_election_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zookeeper_election_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_client_packet_t;
+	')
+
+	allow $1 zookeeper_election_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zookeeper_election_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zookeeper_election_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zookeeper_election_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zookeeper_election_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_client_packet_t;
+	')
+
+	dontaudit $1 zookeeper_election_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zookeeper_election_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zookeeper_election_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zookeeper_election_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zookeeper_election_client_packets'($*)) dnl
+	
+	corenet_send_zookeeper_election_client_packets($1)
+	corenet_receive_zookeeper_election_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zookeeper_election_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zookeeper_election_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zookeeper_election_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zookeeper_election_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zookeeper_election_client_packets($1)
+	corenet_dontaudit_receive_zookeeper_election_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zookeeper_election_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zookeeper_election_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zookeeper_election_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zookeeper_election_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_client_packet_t;
+	')
+
+	allow $1 zookeeper_election_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zookeeper_election_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zookeeper_election_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zookeeper_election_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zookeeper_election_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_server_packet_t;
+	')
+
+	allow $1 zookeeper_election_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zookeeper_election_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zookeeper_election_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zookeeper_election_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zookeeper_election_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_server_packet_t;
+	')
+
+	dontaudit $1 zookeeper_election_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zookeeper_election_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zookeeper_election_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zookeeper_election_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zookeeper_election_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_server_packet_t;
+	')
+
+	allow $1 zookeeper_election_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zookeeper_election_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zookeeper_election_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zookeeper_election_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zookeeper_election_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_server_packet_t;
+	')
+
+	dontaudit $1 zookeeper_election_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zookeeper_election_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zookeeper_election_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zookeeper_election_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zookeeper_election_server_packets'($*)) dnl
+	
+	corenet_send_zookeeper_election_server_packets($1)
+	corenet_receive_zookeeper_election_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zookeeper_election_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zookeeper_election_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zookeeper_election_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zookeeper_election_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zookeeper_election_server_packets($1)
+	corenet_dontaudit_receive_zookeeper_election_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zookeeper_election_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zookeeper_election_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zookeeper_election_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zookeeper_election_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_election_server_packet_t;
+	')
+
+	allow $1 zookeeper_election_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zookeeper_election_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_zookeeper_leader_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_zookeeper_leader_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_zookeeper_leader_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_zookeeper_leader_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_zookeeper_leader_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_zookeeper_leader_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_zookeeper_leader_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_zookeeper_leader_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_zookeeper_leader_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_zookeeper_leader_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_zookeeper_leader_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_zookeeper_leader_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_zookeeper_leader_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_zookeeper_leader_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_zookeeper_leader_port'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_port_t;
+	')
+
+	allow $1 zookeeper_leader_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_zookeeper_leader_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_zookeeper_leader_port'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_port_t;
+	')
+
+	allow $1 zookeeper_leader_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_zookeeper_leader_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the zookeeper_leader port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_zookeeper_leader_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_zookeeper_leader_port'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_port_t;
+	')
+
+	allow $1 zookeeper_leader_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_zookeeper_leader_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zookeeper_leader_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zookeeper_leader_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zookeeper_leader_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_client_packet_t;
+	')
+
+	allow $1 zookeeper_leader_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zookeeper_leader_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zookeeper_leader_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zookeeper_leader_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zookeeper_leader_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_client_packet_t;
+	')
+
+	dontaudit $1 zookeeper_leader_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zookeeper_leader_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zookeeper_leader_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zookeeper_leader_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zookeeper_leader_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_client_packet_t;
+	')
+
+	allow $1 zookeeper_leader_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zookeeper_leader_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zookeeper_leader_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zookeeper_leader_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zookeeper_leader_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_client_packet_t;
+	')
+
+	dontaudit $1 zookeeper_leader_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zookeeper_leader_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zookeeper_leader_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zookeeper_leader_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zookeeper_leader_client_packets'($*)) dnl
+	
+	corenet_send_zookeeper_leader_client_packets($1)
+	corenet_receive_zookeeper_leader_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zookeeper_leader_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zookeeper_leader_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zookeeper_leader_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zookeeper_leader_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zookeeper_leader_client_packets($1)
+	corenet_dontaudit_receive_zookeeper_leader_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zookeeper_leader_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zookeeper_leader_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zookeeper_leader_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zookeeper_leader_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_client_packet_t;
+	')
+
+	allow $1 zookeeper_leader_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zookeeper_leader_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zookeeper_leader_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zookeeper_leader_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zookeeper_leader_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_server_packet_t;
+	')
+
+	allow $1 zookeeper_leader_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zookeeper_leader_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zookeeper_leader_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zookeeper_leader_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zookeeper_leader_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_server_packet_t;
+	')
+
+	dontaudit $1 zookeeper_leader_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zookeeper_leader_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zookeeper_leader_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zookeeper_leader_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zookeeper_leader_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_server_packet_t;
+	')
+
+	allow $1 zookeeper_leader_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zookeeper_leader_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zookeeper_leader_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zookeeper_leader_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zookeeper_leader_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_server_packet_t;
+	')
+
+	dontaudit $1 zookeeper_leader_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zookeeper_leader_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zookeeper_leader_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zookeeper_leader_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zookeeper_leader_server_packets'($*)) dnl
+	
+	corenet_send_zookeeper_leader_server_packets($1)
+	corenet_receive_zookeeper_leader_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zookeeper_leader_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zookeeper_leader_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zookeeper_leader_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zookeeper_leader_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zookeeper_leader_server_packets($1)
+	corenet_dontaudit_receive_zookeeper_leader_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zookeeper_leader_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zookeeper_leader_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zookeeper_leader_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zookeeper_leader_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_leader_server_packet_t;
+	')
+
+	allow $1 zookeeper_leader_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zookeeper_leader_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_zebra_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_zebra_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_zebra_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_zebra_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_zebra_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_zebra_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_zebra_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_zebra_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_zebra_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_zebra_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_zebra_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_zebra_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_zebra_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_zebra_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_zebra_port'($*)) dnl
+	
+	gen_require(`
+		type zebra_port_t;
+	')
+
+	allow $1 zebra_port_t:tcp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_zebra_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_zebra_port'($*)) dnl
+	
+	gen_require(`
+		type zebra_port_t;
+	')
+
+	allow $1 zebra_port_t:udp_socket name_bind;
+	allow $1 self:capability net_bind_service;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_zebra_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the zebra port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_zebra_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_zebra_port'($*)) dnl
+	
+	gen_require(`
+		type zebra_port_t;
+	')
+
+	allow $1 zebra_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_zebra_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zebra_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zebra_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zebra_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_client_packet_t;
+	')
+
+	allow $1 zebra_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zebra_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zebra_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zebra_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zebra_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_client_packet_t;
+	')
+
+	dontaudit $1 zebra_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zebra_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zebra_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zebra_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zebra_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_client_packet_t;
+	')
+
+	allow $1 zebra_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zebra_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zebra_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zebra_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zebra_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_client_packet_t;
+	')
+
+	dontaudit $1 zebra_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zebra_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zebra_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zebra_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zebra_client_packets'($*)) dnl
+	
+	corenet_send_zebra_client_packets($1)
+	corenet_receive_zebra_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zebra_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zebra_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zebra_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zebra_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zebra_client_packets($1)
+	corenet_dontaudit_receive_zebra_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zebra_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zebra_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zebra_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zebra_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_client_packet_t;
+	')
+
+	allow $1 zebra_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zebra_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zebra_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zebra_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zebra_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_server_packet_t;
+	')
+
+	allow $1 zebra_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zebra_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zebra_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zebra_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zebra_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_server_packet_t;
+	')
+
+	dontaudit $1 zebra_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zebra_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zebra_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zebra_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zebra_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_server_packet_t;
+	')
+
+	allow $1 zebra_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zebra_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zebra_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zebra_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zebra_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_server_packet_t;
+	')
+
+	dontaudit $1 zebra_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zebra_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zebra_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zebra_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zebra_server_packets'($*)) dnl
+	
+	corenet_send_zebra_server_packets($1)
+	corenet_receive_zebra_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zebra_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zebra_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zebra_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zebra_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zebra_server_packets($1)
+	corenet_dontaudit_receive_zebra_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zebra_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zebra_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zebra_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zebra_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zebra_server_packet_t;
+	')
+
+	allow $1 zebra_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zebra_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_zented_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_zented_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_zented_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_zented_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_zented_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_zented_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_zented_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_zented_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_zented_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_zented_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_zented_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_zented_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_zented_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_zented_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_zented_port'($*)) dnl
+	
+	gen_require(`
+		type zented_port_t;
+	')
+
+	allow $1 zented_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_zented_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_zented_port'($*)) dnl
+	
+	gen_require(`
+		type zented_port_t;
+	')
+
+	allow $1 zented_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_zented_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the zented port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_zented_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_zented_port'($*)) dnl
+	
+	gen_require(`
+		type zented_port_t;
+	')
+
+	allow $1 zented_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_zented_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zented_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zented_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zented_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_client_packet_t;
+	')
+
+	allow $1 zented_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zented_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zented_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zented_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zented_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_client_packet_t;
+	')
+
+	dontaudit $1 zented_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zented_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zented_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zented_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zented_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_client_packet_t;
+	')
+
+	allow $1 zented_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zented_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zented_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zented_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zented_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_client_packet_t;
+	')
+
+	dontaudit $1 zented_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zented_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zented_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zented_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zented_client_packets'($*)) dnl
+	
+	corenet_send_zented_client_packets($1)
+	corenet_receive_zented_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zented_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zented_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zented_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zented_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zented_client_packets($1)
+	corenet_dontaudit_receive_zented_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zented_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zented_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zented_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zented_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_client_packet_t;
+	')
+
+	allow $1 zented_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zented_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zented_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zented_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zented_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_server_packet_t;
+	')
+
+	allow $1 zented_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zented_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zented_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zented_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zented_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_server_packet_t;
+	')
+
+	dontaudit $1 zented_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zented_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zented_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zented_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zented_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_server_packet_t;
+	')
+
+	allow $1 zented_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zented_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zented_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zented_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zented_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_server_packet_t;
+	')
+
+	dontaudit $1 zented_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zented_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zented_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zented_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zented_server_packets'($*)) dnl
+	
+	corenet_send_zented_server_packets($1)
+	corenet_receive_zented_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zented_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zented_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zented_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zented_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zented_server_packets($1)
+	corenet_dontaudit_receive_zented_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zented_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zented_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zented_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zented_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zented_server_packet_t;
+	')
+
+	allow $1 zented_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zented_server_packets'($*)) dnl
+	')
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP traffic on the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_zope_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_zope_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP traffic on the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_zope_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_zope_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_send_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_send_zope_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_send_zope_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP traffic on the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_zope_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_zope_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_receive_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_receive_zope_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_receive_zope_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_zope_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_zope_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_udp_sendrecv_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_udp_sendrecv_zope_port'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please remove.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_udp_sendrecv_zope_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind TCP sockets to the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_tcp_bind_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_bind_zope_port'($*)) dnl
+	
+	gen_require(`
+		type zope_port_t;
+	')
+
+	allow $1 zope_port_t:tcp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_bind_zope_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Bind UDP sockets to the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_udp_bind_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_bind_zope_port'($*)) dnl
+	
+	gen_require(`
+		type zope_port_t;
+	')
+
+	allow $1 zope_port_t:udp_socket name_bind;
+	
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_bind_zope_port'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make a TCP connection to the zope port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_tcp_connect_zope_port',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_connect_zope_port'($*)) dnl
+	
+	gen_require(`
+		type zope_port_t;
+	')
+
+	allow $1 zope_port_t:tcp_socket name_connect;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_connect_zope_port'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zope_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zope_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zope_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_client_packet_t;
+	')
+
+	allow $1 zope_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zope_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zope_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zope_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zope_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_client_packet_t;
+	')
+
+	dontaudit $1 zope_client_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zope_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zope_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zope_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zope_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_client_packet_t;
+	')
+
+	allow $1 zope_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zope_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zope_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zope_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zope_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_client_packet_t;
+	')
+
+	dontaudit $1 zope_client_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zope_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zope_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zope_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zope_client_packets'($*)) dnl
+	
+	corenet_send_zope_client_packets($1)
+	corenet_receive_zope_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zope_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zope_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zope_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zope_client_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zope_client_packets($1)
+	corenet_dontaudit_receive_zope_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zope_client_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zope_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zope_client_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zope_client_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_client_packet_t;
+	')
+
+	allow $1 zope_client_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zope_client_packets'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Send zope_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_send_zope_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_send_zope_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_server_packet_t;
+	')
+
+	allow $1 zope_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_send_zope_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send zope_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_send_zope_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_send_zope_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_server_packet_t;
+	')
+
+	dontaudit $1 zope_server_packet_t:packet send;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_send_zope_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive zope_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_receive_zope_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_receive_zope_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_server_packet_t;
+	')
+
+	allow $1 zope_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_receive_zope_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive zope_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_receive_zope_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_receive_zope_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_server_packet_t;
+	')
+
+	dontaudit $1 zope_server_packet_t:packet recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_receive_zope_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive zope_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_sendrecv_zope_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_sendrecv_zope_server_packets'($*)) dnl
+	
+	corenet_send_zope_server_packets($1)
+	corenet_receive_zope_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_sendrecv_zope_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive zope_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`corenet_dontaudit_sendrecv_zope_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_dontaudit_sendrecv_zope_server_packets'($*)) dnl
+	
+	corenet_dontaudit_send_zope_server_packets($1)
+	corenet_dontaudit_receive_zope_server_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_dontaudit_sendrecv_zope_server_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel packets to zope_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corenet_relabelto_zope_server_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_relabelto_zope_server_packets'($*)) dnl
+	
+	gen_require(`
+		type zope_server_packet_t;
+	')
+
+	allow $1 zope_server_packet_t:packet relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_relabelto_zope_server_packets'($*)) dnl
+	')
+
+
+
+
+
+
+########################################
+## <summary>
+##	Send and receive TCP network traffic on the lo interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_tcp_sendrecv_lo_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_tcp_sendrecv_lo_if'($*)) dnl
+	
+	gen_require(`
+		type lo_netif_t;
+	')
+
+	allow $1 lo_netif_t:netif { egress ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_tcp_sendrecv_lo_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send UDP network traffic on the lo interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_udp_send_lo_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_send_lo_if'($*)) dnl
+	
+	gen_require(`
+		type lo_netif_t;
+	')
+
+	allow $1 lo_netif_t:netif { egress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_send_lo_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP network traffic on the lo interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_udp_receive_lo_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_receive_lo_if'($*)) dnl
+	
+	gen_require(`
+		type lo_netif_t;
+	')
+
+	allow $1 lo_netif_t:netif { ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_receive_lo_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive UDP network traffic on the lo interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_udp_sendrecv_lo_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_udp_sendrecv_lo_if'($*)) dnl
+	
+	corenet_udp_send_lo_if($1)
+	corenet_udp_receive_lo_if($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_udp_sendrecv_lo_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send raw IP packets on the lo interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`corenet_raw_send_lo_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_send_lo_if'($*)) dnl
+	
+	gen_require(`
+		type lo_netif_t;
+	')
+
+	allow $1 lo_netif_t:netif { egress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_send_lo_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive raw IP packets on the lo interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`corenet_raw_receive_lo_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_receive_lo_if'($*)) dnl
+	
+	gen_require(`
+		type lo_netif_t;
+	')
+
+	allow $1 lo_netif_t:netif { ingress };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_receive_lo_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive raw IP packets on the lo interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`corenet_raw_sendrecv_lo_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corenet_raw_sendrecv_lo_if'($*)) dnl
+	
+	corenet_raw_send_lo_if($1)
+	corenet_raw_receive_lo_if($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corenet_raw_sendrecv_lo_if'($*)) dnl
+	')
+
+
+
+
+## <summary>
+##	Policy for kernel threads, proc filesystem,
+##	and unlabeled processes and objects.
+## </summary>
+## <required val="true">
+##	This module has initial SIDs.
+## </required>
+
+########################################
+## <summary>
+##	Allows the kernel to start userland processes
+##	by dynamic transitions to the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The process type entered by the kernel.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dyntrans_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dyntrans_to'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	domain_dyntrans_type(kernel_t)
+	allow kernel_t self:process setcurrent;
+	allow kernel_t $1:process dyntransition;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dyntrans_to'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows to start userland processes
+##	by transitioning to the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The process type entered by kernel.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The executable type for the entrypoint.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_domtrans_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_domtrans_to'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	domtrans_pattern(kernel_t, $2, $1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_domtrans_to'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows to start userland processes
+##	by transitioning to the specified domain,
+##	with a range transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The process type entered by kernel.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The executable type for the entrypoint.
+##	</summary>
+## </param>
+## <param name="range">
+##	<summary>
+##	Range for the domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_ranged_domtrans_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_ranged_domtrans_to'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	kernel_domtrans_to($1, $2)
+
+	ifdef(`enable_mcs',`
+		range_transition kernel_t $2:process $3;
+	')
+
+	ifdef(`enable_mls',`
+		range_transition kernel_t $2:process $3;
+		mls_rangetrans_target($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_ranged_domtrans_to'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows the kernel to mount filesystems on
+##	the specified directory type.
+## </summary>
+## <param name="directory_type">
+##	<summary>
+##	The type of the directory to use as a mountpoint.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_rootfs_mountpoint',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rootfs_mountpoint'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow kernel_t $1:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rootfs_mountpoint'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the process group of kernel threads.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_setpgid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_setpgid'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:process setpgid;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_setpgid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the priority of kernel threads.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_setsched',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_setsched'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:process setsched;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_setsched'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGCHLD signal to kernel threads.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_sigchld'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a kill signal to kernel threads.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_kill'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a generic signal to kernel threads.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_signal'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows the kernel to share state information with
+##	the caller.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process with which to share state information.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_share_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_share_state'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow kernel_t $1:process share;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_share_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Permits caller to use kernel file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_use_fds'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use
+##	kernel file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	dontaudit $1 kernel_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write kernel unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:fifo_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read/write to kernel using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:unix_stream_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to kernel using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:unix_stream_socket connectto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr on kernel unix datagram sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_getattr_dgram_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_getattr_dgram_sockets'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:unix_dgram_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_getattr_dgram_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write kernel unix datagram sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_rw_unix_dgram_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_unix_dgram_sockets'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:unix_dgram_socket { read write ioctl };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_unix_dgram_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send messages to kernel unix datagram sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dgram_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dgram_send'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:unix_dgram_socket sendto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dgram_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to load kernel modules
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_load_module',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_load_module'($*)) dnl
+	
+	gen_require(`
+		attribute can_load_kernmodule;
+	')
+
+	typeattribute $1 can_load_kernmodule;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_load_module'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow search the kernel key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_search_key',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_search_key'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:key search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_search_key'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit search the kernel key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_search_key',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_search_key'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	dontaudit $1 kernel_t:key search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_search_key'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow link to the kernel key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_link_key',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_link_key'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:key link;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_link_key'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit link to the kernel key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_link_key',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_link_key'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	dontaudit $1 kernel_t:key link;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_link_key'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow view the kernel key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_view_key',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_view_key'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:key view;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_view_key'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit view the kernel key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_view_key',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_view_key'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	dontaudit $1 kernel_t:key view;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_view_key'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to read the ring buffer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_ring_buffer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_ring_buffer'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 self:capability2 syslog;
+	allow $1 kernel_t:system syslog_read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_ring_buffer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read the ring buffer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_read_ring_buffer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_read_ring_buffer'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	dontaudit $1 kernel_t:system syslog_read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_read_ring_buffer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change the level of kernel messages logged to the console.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_change_ring_buffer_level',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_change_ring_buffer_level'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 self:capability2 syslog;
+	allow $1 kernel_t:system syslog_console;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_change_ring_buffer_level'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows the caller to clear the ring buffer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_clear_ring_buffer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_clear_ring_buffer'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 self:capability2 syslog;
+	allow $1 kernel_t:system syslog_mod;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_clear_ring_buffer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to request the kernel to load a module
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to request that the kernel
+##	load a kernel module.  An example of this is the
+##	auto-loading of network drivers when doing an
+##	ioctl() on a network interface.
+##	</p>
+##	<p>
+##	In the specific case of a module loading request
+##	on a network interface, the domain will also
+##	need the net_admin capability.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_request_load_module',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_request_load_module'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:system module_request;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_request_load_module'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit requests to the kernel to load a module.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_request_load_module',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_request_load_module'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	dontaudit $1 kernel_t:system module_request;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_request_load_module'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get information on all System V IPC objects.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_get_sysvipc_info',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_get_sysvipc_info'($*)) dnl
+	
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:system ipc_info;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_get_sysvipc_info'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a kernel debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_getattr_debugfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_getattr_debugfs'($*)) dnl
+	
+	gen_require(`
+		type debugfs_t;
+	')
+
+	allow $1 debugfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_getattr_debugfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a kernel debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_mount_debugfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mount_debugfs'($*)) dnl
+	
+	gen_require(`
+		type debugfs_t;
+	')
+
+	allow $1 debugfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mount_debugfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a kernel debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_unmount_debugfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_unmount_debugfs'($*)) dnl
+	
+	gen_require(`
+		type debugfs_t;
+	')
+
+	allow $1 debugfs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_unmount_debugfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount a kernel debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_remount_debugfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_remount_debugfs'($*)) dnl
+	
+	gen_require(`
+		type debugfs_t;
+	')
+
+	allow $1 debugfs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_remount_debugfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of a kernel debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_search_debugfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_search_debugfs'($*)) dnl
+	
+	gen_require(`
+		type debugfs_t;
+	')
+
+	search_dirs_pattern($1, debugfs_t, debugfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_search_debugfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the kernel debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_search_debugfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_search_debugfs'($*)) dnl
+	
+	gen_require(`
+		type debugfs_t;
+	')
+
+	dontaudit $1 debugfs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_search_debugfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read information from the debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_read_debugfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_debugfs'($*)) dnl
+	
+	gen_require(`
+		type debugfs_t;
+	')
+
+	read_files_pattern($1, debugfs_t, debugfs_t)
+	read_lnk_files_pattern($1, debugfs_t, debugfs_t)
+	list_dirs_pattern($1, debugfs_t, debugfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_debugfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write kernel debugging filesystem dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_write_debugfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_write_debugfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type debugfs_t;
+	')
+
+	dontaudit $1 debugfs_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_write_debugfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage information from the debugging filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_manage_debugfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_manage_debugfs'($*)) dnl
+	
+	gen_require(`
+		type debugfs_t;
+	')
+
+	manage_files_pattern($1, debugfs_t, debugfs_t)
+	read_lnk_files_pattern($1, debugfs_t, debugfs_t)
+	list_dirs_pattern($1, debugfs_t, debugfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_manage_debugfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a kernel VM filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_mount_kvmfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mount_kvmfs'($*)) dnl
+	
+	gen_require(`
+		type kvmfs_t;
+	')
+
+	allow $1 kvmfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mount_kvmfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	mount the proc filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_mount_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mount_proc'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	allow $1 proc_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mount_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	remount the proc filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_remount_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_remount_proc'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	allow $1 proc_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_remount_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount the proc filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_unmount_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_unmount_proc'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	allow $1 proc_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_unmount_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the proc filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_getattr_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_getattr_proc'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	allow $1 proc_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_getattr_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount on proc directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_mounton_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mounton_proc'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	allow $1 proc_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mounton_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the
+##	attributes of directories in /proc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_setattr_proc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_setattr_proc_dirs'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	dontaudit $1 proc_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_setattr_proc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search directories in /proc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_search_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_search_proc'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	search_dirs_pattern($1, proc_t, proc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_search_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of directories in /proc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_list_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_list_proc'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	list_dirs_pattern($1, proc_t, proc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_list_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list the
+##	contents of directories in /proc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_list_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_list_proc'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	dontaudit $1 proc_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_list_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write the
+##	directories in /proc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_write_proc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_write_proc_dirs'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	dontaudit $1 proc_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_write_proc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount the directories in /proc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_mounton_proc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mounton_proc_dirs'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	allow $1 proc_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mounton_proc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of files in /proc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_getattr_proc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_getattr_proc_files'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	getattr_files_pattern($1, proc_t, proc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_getattr_proc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic symbolic links in /proc.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read (follow) generic
+##	symbolic links (symlinks) in the proc filesystem (/proc).
+##	This interface does not include access to the targets of
+##	these links.  An example symlink is /proc/self.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`kernel_read_proc_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_proc_symlinks'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	read_lnk_files_pattern($1, proc_t, proc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_proc_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to read system state information in /proc.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read general system
+##	state information from the proc filesystem (/proc).
+##	</p>
+##	<p>
+##	Generally it should be safe to allow this access.  Some
+##	example files that can be read based on this interface:
+##	</p>
+##	<ul>
+##		<li>/proc/cpuinfo</li>
+##		<li>/proc/meminfo</li>
+##		<li>/proc/uptime</li>
+##	</ul>
+##	<p>
+##	This does not allow access to sysctl entries (/proc/sys/*)
+##	nor process state information (/proc/pid).
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_system_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_system_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	read_files_pattern($1, proc_t, proc_t)
+	read_lnk_files_pattern($1, proc_t, proc_t)
+
+	list_dirs_pattern($1, proc_t, proc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_system_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to generic proc entries.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+# cjp: this should probably go away.  any
+# file thats writable in proc should really
+# have its own label.
+#
+ 	 	define(`kernel_write_proc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_write_proc_files'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	write_files_pattern($1, proc_t, proc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_write_proc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to
+##	read system state information in proc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_read_system_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_read_system_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	dontaudit $1 proc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_read_system_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to
+##	read symbolic links in proc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_read_proc_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_read_proc_symlinks'($*)) dnl
+	
+	gen_require(`
+		type proc_t;
+	')
+
+	dontaudit $1 proc_t:lnk_file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_read_proc_symlinks'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow caller to read and write state information for AFS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_afs_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_afs_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_afs_t;
+	')
+
+	list_dirs_pattern($1, proc_t, proc_t)
+	rw_files_pattern($1, proc_afs_t, proc_afs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_afs_state'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow caller to read the state information for software raid.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_software_raid_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_software_raid_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_mdstat_t;
+	')
+
+	read_files_pattern($1, proc_t, proc_mdstat_t)
+
+	list_dirs_pattern($1, proc_t, proc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_software_raid_state'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow caller to read and set the state information for software raid.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_rw_software_raid_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_software_raid_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_mdstat_t;
+	')
+
+	rw_files_pattern($1, proc_t, proc_mdstat_t)
+
+	list_dirs_pattern($1, proc_t, proc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_software_raid_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to get attribues of core kernel interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_getattr_core_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_getattr_core_if'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_kcore_t;
+	')
+
+	getattr_files_pattern($1, proc_t, proc_kcore_t)
+
+	list_dirs_pattern($1, proc_t, proc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_getattr_core_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of
+##	core kernel interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_getattr_core_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_getattr_core_if'($*)) dnl
+	
+	gen_require(`
+		type proc_kcore_t;
+	')
+
+	dontaudit $1 proc_kcore_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_getattr_core_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to read the core kernel interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_read_core_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_core_if'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_kcore_t;
+		attribute can_dump_kernel;
+	')
+
+	allow $1 self:capability sys_rawio;
+	read_files_pattern($1, proc_t, proc_kcore_t)
+	list_dirs_pattern($1, proc_t, proc_t)
+
+	typeattribute $1 can_dump_kernel;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_core_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read kernel messages
+##	using the /proc/kmsg interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_read_messages',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_messages'($*)) dnl
+	
+	gen_require(`
+		attribute can_receive_kernel_messages;
+		type proc_kmsg_t, proc_t;
+	')
+
+	read_files_pattern($1, proc_t, proc_kmsg_t)
+
+	typeattribute $1 can_receive_kernel_messages;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_messages'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to get the attributes of kernel message
+##	interface (/proc/kmsg).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_getattr_message_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_getattr_message_if'($*)) dnl
+	
+	gen_require(`
+		type proc_kmsg_t, proc_t;
+	')
+
+	getattr_files_pattern($1, proc_t, proc_kmsg_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_getattr_message_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to get the attributes of kernel
+##	message interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_getattr_message_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_getattr_message_if'($*)) dnl
+	
+	gen_require(`
+		type proc_kmsg_t;
+	')
+
+	dontaudit $1 proc_kmsg_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_getattr_message_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount on kernel message interfaces files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_mounton_message_if',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mounton_message_if'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_kmsg_t;
+	')
+
+	allow $1 proc_t:dir list_dir_perms;
+	allow $1 proc_kmsg_t:file { getattr mounton };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mounton_message_if'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the network
+##	state directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`kernel_dontaudit_search_network_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_search_network_state'($*)) dnl
+	
+	gen_require(`
+		type proc_net_t;
+	')
+
+	dontaudit $1 proc_net_t:dir search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_search_network_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow searching of network state directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`kernel_search_network_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_search_network_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_net_t;
+	')
+
+	search_dirs_pattern($1, proc_t, proc_net_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_search_network_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the network state information.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read the networking
+##	state information. This includes several pieces
+##	of networking information, such as network interface
+##	names, netfilter (iptables) statistics, protocol
+##	information, routes, and remote procedure call (RPC)
+##	information.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_network_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_network_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_net_t;
+	')
+
+	read_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
+	read_lnk_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
+
+	list_dirs_pattern($1, proc_t, proc_net_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_network_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read the network state symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_read_network_state_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_network_state_symlinks'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_net_t;
+	')
+
+	read_lnk_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
+
+	list_dirs_pattern($1, proc_t, proc_net_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_network_state_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow searching of xen state directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`kernel_search_xen_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_search_xen_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_xen_t;
+	')
+
+	search_dirs_pattern($1, proc_t, proc_xen_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_search_xen_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the xen
+##	state directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`kernel_dontaudit_search_xen_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_search_xen_state'($*)) dnl
+	
+	gen_require(`
+		type proc_xen_t;
+	')
+
+	dontaudit $1 proc_xen_t:dir search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_search_xen_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read the xen state information.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`kernel_read_xen_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_xen_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_xen_t;
+	')
+
+	read_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
+	read_lnk_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
+
+	list_dirs_pattern($1, proc_t, proc_xen_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_xen_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read the xen state symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`kernel_read_xen_state_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_xen_state_symlinks'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_xen_t;
+	')
+
+	read_lnk_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
+
+	list_dirs_pattern($1, proc_t, proc_xen_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_xen_state_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to write xen state information.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`kernel_write_xen_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_write_xen_state'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_xen_t;
+	')
+
+	write_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_write_xen_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow attempts to list all proc directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_list_all_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_list_all_proc'($*)) dnl
+	
+	gen_require(`
+		attribute proc_type;
+	')
+
+	allow $1 proc_type:dir list_dir_perms;
+	allow $1 proc_type:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_list_all_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list all proc directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_list_all_proc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_list_all_proc'($*)) dnl
+	
+	gen_require(`
+		attribute proc_type;
+	')
+
+	dontaudit $1 proc_type:dir list_dir_perms;
+	dontaudit $1 proc_type:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_list_all_proc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to search
+##	the base directory of sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`kernel_dontaudit_search_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_search_sysctl'($*)) dnl
+	
+	gen_require(`
+		type sysctl_t;
+	')
+
+	dontaudit $1 sysctl_t:dir search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_search_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount on sysctl_t dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_mounton_sysctl_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mounton_sysctl_dirs'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t;
+	')
+
+	allow $1 proc_t:dir list_dir_perms;
+	allow $1 sysctl_t:dir { getattr mounton };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mounton_sysctl_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow access to read sysctl directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`kernel_read_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_sysctl'($*)) dnl
+	
+	gen_require(`
+		type sysctl_t, proc_t;
+	')
+
+	list_dirs_pattern($1, proc_t, sysctl_t)
+	read_files_pattern($1, sysctl_t, sysctl_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount on sysctl files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_mounton_sysctl_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mounton_sysctl_files'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t;
+	')
+
+	allow $1 { proc_t sysctl_t }:dir list_dir_perms;
+	allow $1 sysctl_t:file { getattr mounton };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mounton_sysctl_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read the device sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_device_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_device_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_dev_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_dev_t }, sysctl_dev_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_dev_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_device_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write device sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_device_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_device_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_dev_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_t sysctl_dev_t }, sysctl_dev_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_dev_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_device_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to search virtual memory sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_search_vm_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_search_vm_sysctl'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_vm_t;
+	')
+
+	search_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_search_vm_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read virtual memory sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_vm_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_vm_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_vm_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_vm_t }, sysctl_vm_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_vm_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write virtual memory sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_vm_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_vm_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_vm_t;
+	')
+
+	rw_files_pattern($1 ,{ proc_t sysctl_t sysctl_vm_t }, sysctl_vm_t)
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
+
+	# hal needs this
+	allow $1 sysctl_vm_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_vm_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search network sysctl directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_search_network_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_search_network_sysctl'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_net_t;
+	')
+
+	search_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_search_network_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to search network sysctl directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_search_network_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_search_network_sysctl'($*)) dnl
+	
+	gen_require(`
+		type sysctl_net_t;
+	')
+
+	dontaudit $1 sysctl_net_t:dir search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_search_network_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read network sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_net_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_net_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_net_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_net_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to modiry contents of sysctl network files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_net_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_net_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_net_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_net_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read unix domain
+##	socket sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_unix_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_unix_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, { sysctl_net_t sysctl_net_unix_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_unix_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write unix domain
+##	socket sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_unix_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_unix_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, { sysctl_net_t sysctl_net_unix_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_unix_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the hotplug sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_hotplug_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_hotplug_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_hotplug_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_hotplug_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the hotplug sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_hotplug_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_hotplug_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_hotplug_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_hotplug_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the modprobe sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_modprobe_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_modprobe_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_modprobe_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_modprobe_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the modprobe sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_modprobe_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_modprobe_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_modprobe_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_modprobe_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search generic kernel sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_search_kernel_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_search_kernel_sysctl'($*)) dnl
+	
+	gen_require(`
+		type sysctl_kernel_t;
+	')
+
+	dontaudit $1 sysctl_kernel_t:dir search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_search_kernel_sysctl'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attempted reading of kernel sysctls
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit accesses from
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_read_kernel_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_read_kernel_sysctl'($*)) dnl
+	
+	gen_require(`
+		type sysctl_kernel_t;
+	')
+
+	dontaudit $1 sysctl_kernel_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_read_kernel_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic crypto sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_read_crypto_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_crypto_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_crypto_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_crypto_t }, sysctl_crypto_t)
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_crypto_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_crypto_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read general kernel sysctls.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read general
+##	kernel sysctl settings. These settings are typically
+##	read using the sysctl program.  The settings
+##	that are included by this interface are prefixed
+##	with "kernel.", for example, kernel.sysrq.
+##	</p>
+##	<p>
+##	This does not include access to the hotplug
+##	handler setting (kernel.hotplug)
+##	nor the module installer handler setting
+##	(kernel.modprobe).
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>kernel_rw_kernel_sysctl()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`kernel_read_kernel_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_kernel_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_kernel_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_kernel_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_kernel_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write generic kernel sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_write_kernel_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_write_kernel_sysctl'($*)) dnl
+	
+	gen_require(`
+		type sysctl_kernel_t;
+	')
+
+	dontaudit $1 sysctl_kernel_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_write_kernel_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic kernel sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_kernel_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_kernel_sysctl'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_kernel_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_kernel_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_kernel_sysctl'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Mount on kernel sysctl files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_mounton_kernel_sysctl_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mounton_kernel_sysctl_files'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_kernel_t;
+	')
+
+	allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir list_dir_perms;
+	allow $1 sysctl_kernel_t:file { getattr mounton };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mounton_kernel_sysctl_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kernel ns lastpid sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_kernel_ns_lastpid_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_kernel_ns_lastpid_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_kernel_ns_last_pid_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_ns_last_pid_t }, sysctl_kernel_ns_last_pid_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_ns_last_pid_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_kernel_ns_lastpid_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write kernel ns lastpid sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_write_kernel_ns_lastpid_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_write_kernel_ns_lastpid_sysctl'($*)) dnl
+	
+	gen_require(`
+		type sysctl_kernel_ns_last_pid_t;
+	')
+
+	dontaudit $1 sysctl_kernel_ns_last_pid_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_write_kernel_ns_lastpid_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write kernel ns lastpid sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_kernel_ns_lastpid_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_kernel_ns_lastpid_sysctl'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_kernel_ns_last_pid_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_ns_last_pid_t }, sysctl_kernel_ns_last_pid_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_ns_last_pid_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_kernel_ns_lastpid_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search filesystem sysctl directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_search_fs_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_search_fs_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_fs_t;
+	')
+
+	search_dirs_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_search_fs_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read filesystem sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_fs_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_fs_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_fs_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_fs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_fs_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write fileystem sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_fs_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_fs_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_t, sysctl_fs_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
+
+	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_fs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_fs_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read IRQ sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_irq_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_irq_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_irq_t;
+	')
+
+	read_files_pattern($1, { proc_t sysctl_irq_t }, sysctl_irq_t)
+
+	list_dirs_pattern($1, proc_t, sysctl_irq_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_irq_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write IRQ sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_irq_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_irq_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, sysctl_irq_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_irq_t }, sysctl_irq_t)
+
+	list_dirs_pattern($1, proc_t, sysctl_irq_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_irq_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read RPC sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_rpc_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_rpc_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_net_t, sysctl_rpc_t;
+	')
+
+	read_files_pattern($1, { proc_t proc_net_t sysctl_rpc_t }, sysctl_rpc_t)
+
+	list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_rpc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_rpc_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write RPC sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_rpc_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_rpc_sysctls'($*)) dnl
+	
+	gen_require(`
+		type proc_t, proc_net_t, sysctl_rpc_t;
+	')
+
+	rw_files_pattern($1, { proc_t proc_net_t sysctl_rpc_t }, sysctl_rpc_t)
+
+	list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_rpc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_rpc_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list all sysctl directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_list_all_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_list_all_sysctls'($*)) dnl
+	
+	gen_require(`
+		attribute sysctl_type;
+	')
+
+	dontaudit $1 sysctl_type:dir list_dir_perms;
+	dontaudit $1 sysctl_type:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_list_all_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read all sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_all_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_all_sysctls'($*)) dnl
+	
+	gen_require(`
+		attribute sysctl_type;
+		type proc_t, proc_net_t;
+	')
+
+	# proc_net_t for /proc/net/rpc sysctls
+	read_files_pattern($1, { proc_t proc_net_t sysctl_type }, sysctl_type)
+
+	list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_all_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write all sysctls.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_all_sysctls',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_all_sysctls'($*)) dnl
+	
+	gen_require(`
+		attribute sysctl_type;
+		type proc_t, proc_net_t;
+	')
+
+	# proc_net_t for /proc/net/rpc sysctls
+	rw_files_pattern($1, { proc_t proc_net_t sysctl_type }, sysctl_type)
+
+	allow $1 sysctl_type:dir list_dir_perms;
+	# why is setattr needed?
+	allow $1 sysctl_type:file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_all_sysctls'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a kill signal to unlabeled processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_kill_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_kill_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_kill_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a kernel unlabeled filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_mount_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mount_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mount_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a kernel unlabeled filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_unmount_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_unmount_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_unmount_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send general signals to unlabeled processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_signal_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_signal_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_signal_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a null signal to unlabeled processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_signull_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_signull_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_signull_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a stop signal to unlabeled processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_sigstop_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_sigstop_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:process sigstop;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_sigstop_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a child terminated signal to unlabeled processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_sigchld_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_sigchld_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_sigchld_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of unlabeled directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_getattr_unlabeled_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_getattr_unlabeled_dirs'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:dir getattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_getattr_unlabeled_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search unlabeled directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_search_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_search_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_search_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List unlabeled directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_list_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_list_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_list_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the process state (/proc/pid) of all unlabeled_t.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_read_unlabeled_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_unlabeled_state'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:dir list_dir_perms;
+	read_files_pattern($1, unlabeled_t, unlabeled_t)
+	read_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_unlabeled_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list unlabeled directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_list_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_list_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_list_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write unlabeled directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_rw_unlabeled_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_unlabeled_dirs'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:dir rw_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_unlabeled_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete unlabeled directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_delete_unlabeled_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_delete_unlabeled_dirs'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:dir delete_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_delete_unlabeled_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete unlabeled directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_manage_unlabeled_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_manage_unlabeled_dirs'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_manage_unlabeled_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on an unlabeled directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_mounton_unlabeled_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_mounton_unlabeled_dirs'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:dir { search_dir_perms mounton };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_mounton_unlabeled_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read unlabeled files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_read_unlabeled_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_unlabeled_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_unlabeled_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write unlabeled files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_rw_unlabeled_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_unlabeled_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_unlabeled_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete unlabeled files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_delete_unlabeled_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_delete_unlabeled_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:file delete_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_delete_unlabeled_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete unlabeled files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_manage_unlabeled_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_manage_unlabeled_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_manage_unlabeled_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to get the
+##	attributes of an unlabeled file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_getattr_unlabeled_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_getattr_unlabeled_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_getattr_unlabeled_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to
+##	read an unlabeled file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_read_unlabeled_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_read_unlabeled_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_read_unlabeled_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete unlabeled symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_delete_unlabeled_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_delete_unlabeled_symlinks'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	delete_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_delete_unlabeled_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete unlabeled symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_manage_unlabeled_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_manage_unlabeled_symlinks'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_manage_unlabeled_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to get the
+##	attributes of unlabeled symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_getattr_unlabeled_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_getattr_unlabeled_symlinks'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:lnk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_getattr_unlabeled_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to get the
+##	attributes of unlabeled named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_getattr_unlabeled_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_getattr_unlabeled_pipes'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:fifo_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_getattr_unlabeled_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to get the
+##	attributes of unlabeled named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_getattr_unlabeled_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_getattr_unlabeled_sockets'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:sock_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_getattr_unlabeled_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to get attributes for
+##	unlabeled block devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_getattr_unlabeled_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_getattr_unlabeled_blk_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:blk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_getattr_unlabeled_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write unlabeled block device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_rw_unlabeled_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_unlabeled_blk_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:blk_file rw_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_unlabeled_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete unlabeled block device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_delete_unlabeled_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_delete_unlabeled_blk_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	delete_blk_files_pattern($1, unlabeled_t, unlabeled_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_delete_unlabeled_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete unlabeled block device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_manage_unlabeled_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_manage_unlabeled_blk_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:blk_file manage_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_manage_unlabeled_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts by caller to get attributes for
+##	unlabeled character devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_getattr_unlabeled_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_getattr_unlabeled_chr_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_getattr_unlabeled_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to
+##	write unlabeled character devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_write_unlabeled_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_write_unlabeled_chr_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_write_unlabeled_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete unlabeled character device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_delete_unlabeled_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_delete_unlabeled_chr_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	delete_chr_files_pattern($1, unlabeled_t, unlabeled_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_delete_unlabeled_chr_files'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete unlabeled character device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_manage_unlabeled_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_manage_unlabeled_chr_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:chr_file manage_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_manage_unlabeled_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to relabel unlabeled directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_relabelfrom_unlabeled_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_relabelfrom_unlabeled_dirs'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:dir { list_dir_perms relabelfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_relabelfrom_unlabeled_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to relabel unlabeled files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_relabelfrom_unlabeled_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_relabelfrom_unlabeled_files'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	kernel_list_unlabeled($1)
+	allow $1 unlabeled_t:file { getattr relabelfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_relabelfrom_unlabeled_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to relabel unlabeled symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_relabelfrom_unlabeled_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_relabelfrom_unlabeled_symlinks'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	kernel_list_unlabeled($1)
+	allow $1 unlabeled_t:lnk_file { getattr relabelfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_relabelfrom_unlabeled_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to relabel unlabeled named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_relabelfrom_unlabeled_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_relabelfrom_unlabeled_pipes'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	kernel_list_unlabeled($1)
+	allow $1 unlabeled_t:fifo_file { getattr relabelfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_relabelfrom_unlabeled_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete unlabeled named pipes
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_delete_unlabeled_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_delete_unlabeled_pipes'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	delete_fifo_files_pattern($1, unlabeled_t, unlabeled_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_delete_unlabeled_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to relabel unlabeled named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_relabelfrom_unlabeled_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_relabelfrom_unlabeled_sockets'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	kernel_list_unlabeled($1)
+	allow $1 unlabeled_t:sock_file { getattr relabelfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_relabelfrom_unlabeled_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete unlabeled named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_delete_unlabeled_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_delete_unlabeled_sockets'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	delete_sock_files_pattern($1, unlabeled_t, unlabeled_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_delete_unlabeled_sockets'($*)) dnl
+	')
+
+########################################
+## <summary>
+##	Send and receive messages from an
+##	unlabeled IPSEC association.
+## </summary>
+## <desc>
+##	<p>
+##	Send and receive messages from an
+##	unlabeled IPSEC association.  Network
+##	connections that are not protected
+##	by IPSEC have use an unlabeled
+##	assocation.
+##	</p>
+##	<p>
+##	The corenetwork interface
+##	corenet_non_ipsec_sendrecv() should
+##	be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_sendrecv_unlabeled_association',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_sendrecv_unlabeled_association'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:association { sendto recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_sendrecv_unlabeled_association'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive messages
+##	from an	unlabeled IPSEC association.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to send and receive messages
+##	from an	unlabeled IPSEC association.  Network
+##	connections that are not protected
+##	by IPSEC have use an unlabeled
+##	assocation.
+##	</p>
+##	<p>
+##	The corenetwork interface
+##	corenet_dontaudit_non_ipsec_sendrecv() should
+##	be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_sendrecv_unlabeled_association',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_sendrecv_unlabeled_association'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:association { sendto recvfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_sendrecv_unlabeled_association'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive TCP packets from an unlabeled connection.
+## </summary>
+## <desc>
+##	<p>
+##	Receive TCP packets from an unlabeled connection.
+##	</p>
+##	<p>
+##	The corenetwork interface corenet_tcp_recv_unlabeled() should
+##	be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_tcp_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_tcp_recvfrom_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:tcp_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_tcp_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive TCP packets from an unlabeled
+##	connection.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to receive TCP packets from an unlabeled
+##	connection.
+##	</p>
+##	<p>
+##	The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled()
+##	should be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_tcp_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_tcp_recvfrom_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:tcp_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_tcp_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive UDP packets from an unlabeled connection.
+## </summary>
+## <desc>
+##	<p>
+##	Receive UDP packets from an unlabeled connection.
+##	</p>
+##	<p>
+##	The corenetwork interface corenet_udp_recv_unlabeled() should
+##	be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_udp_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_udp_recvfrom_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:udp_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_udp_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP packets from an unlabeled
+##	connection.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to receive UDP packets from an unlabeled
+##	connection.
+##	</p>
+##	<p>
+##	The corenetwork interface corenet_dontaudit_udp_recv_unlabeled()
+##	should be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_udp_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_udp_recvfrom_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:udp_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_udp_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive Raw IP packets from an unlabeled connection.
+## </summary>
+## <desc>
+##	<p>
+##	Receive Raw IP packets from an unlabeled connection.
+##	</p>
+##	<p>
+##	The corenetwork interface corenet_raw_recv_unlabeled() should
+##	be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_raw_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_raw_recvfrom_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:rawip_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_raw_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive Raw IP packets from an unlabeled
+##	connection.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to receive Raw IP packets from an unlabeled
+##	connection.
+##	</p>
+##	<p>
+##	The corenetwork interface corenet_dontaudit_raw_recv_unlabeled()
+##	should be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_raw_recvfrom_unlabeled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_raw_recvfrom_unlabeled'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:rawip_socket recvfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_raw_recvfrom_unlabeled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive unlabeled packets.
+## </summary>
+## <desc>
+##	<p>
+##	Send and receive unlabeled packets.
+##	These packets do not match any netfilter
+##	SECMARK rules.
+##	</p>
+##	<p>
+##	The corenetwork interface
+##	corenet_sendrecv_unlabeled_packets() should
+##	be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_sendrecv_unlabeled_packets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_sendrecv_unlabeled_packets'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:packet { send recv };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_sendrecv_unlabeled_packets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive packets from an unlabeled peer.
+## </summary>
+## <desc>
+##	<p>
+##	Receive packets from an unlabeled peer, these packets do not have any
+##	peer labeling information present.
+##	</p>
+##	<p>
+##	The corenetwork interface corenet_recvfrom_unlabeled_peer() should
+##	be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_recvfrom_unlabeled_peer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_recvfrom_unlabeled_peer'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_recvfrom_unlabeled_peer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to receive packets from an unlabeled peer.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to receive packets from an unlabeled peer,
+##	these packets do not have any peer labeling information present.
+##	</p>
+##	<p>
+##	The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled()
+##	should be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_dontaudit_recvfrom_unlabeled_peer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_dontaudit_recvfrom_unlabeled_peer'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	dontaudit $1 unlabeled_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_dontaudit_recvfrom_unlabeled_peer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from unlabeled database objects.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_relabelfrom_unlabeled_database',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_relabelfrom_unlabeled_database'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+		class db_database { setattr relabelfrom };
+		class db_schema { setattr relabelfrom };
+		class db_table { setattr relabelfrom };
+		class db_sequence { setattr relabelfrom };
+		class db_view { setattr relabelfrom };
+		class db_procedure { setattr relabelfrom };
+		class db_language { setattr relabelfrom };
+		class db_column { setattr relabelfrom };
+		class db_tuple { update relabelfrom };
+		class db_blob { setattr relabelfrom };
+	')
+
+	allow $1 unlabeled_t:db_database { setattr relabelfrom };
+	allow $1 unlabeled_t:db_schema { setattr relabelfrom };
+	allow $1 unlabeled_t:db_table { setattr relabelfrom };
+	allow $1 unlabeled_t:db_sequence { setattr relabelfrom };
+	allow $1 unlabeled_t:db_view { setattr relabelfrom };
+	allow $1 unlabeled_t:db_procedure { setattr relabelfrom };
+	allow $1 unlabeled_t:db_language { setattr relabelfrom };
+	allow $1 unlabeled_t:db_column { setattr relabelfrom };
+	allow $1 unlabeled_t:db_tuple { update relabelfrom };
+	allow $1 unlabeled_t:db_blob { setattr relabelfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_relabelfrom_unlabeled_database'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to kernel module resources.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute kern_unconfined;
+	')
+
+	typeattribute $1 kern_unconfined;
+	kernel_load_module($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read virtual memory overcommit sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_read_vm_overcommit_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_read_vm_overcommit_sysctl'($*)) dnl
+	
+	gen_require(`
+		type sysctl_vm_overcommit_t;
+	')
+
+	kernel_search_vm_sysctl($1)
+	allow $1 sysctl_vm_overcommit_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_read_vm_overcommit_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write virtual memory overcommit sysctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kernel_rw_vm_overcommit_sysctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_rw_vm_overcommit_sysctl'($*)) dnl
+	
+	gen_require(`
+		type sysctl_vm_overcommit_t;
+	')
+
+	kernel_search_vm_sysctl($1)
+	allow $1 sysctl_vm_overcommit_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_rw_vm_overcommit_sysctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Access unlabeled infiniband pkeys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_ib_access_unlabeled_pkeys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_ib_access_unlabeled_pkeys'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:infiniband_pkey access;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_ib_access_unlabeled_pkeys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage subnet on unlabeled Infiniband endports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kernel_ib_manage_subnet_unlabeled_endports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kernel_ib_manage_subnet_unlabeled_endports'($*)) dnl
+	
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:infiniband_endport manage_subnet;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kernel_ib_manage_subnet_unlabeled_endports'($*)) dnl
+	')
+
+
+## <summary>Policy controlling access to storage devices</summary>
+
+########################################
+## <summary>
+##	Allow the caller to get the attributes of fixed disk
+##	device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_getattr_fixed_disk_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_getattr_fixed_disk_dev'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 fixed_disk_device_t:blk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_getattr_fixed_disk_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts made by the caller to get
+##	the attributes of fixed disk device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_getattr_fixed_disk_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_getattr_fixed_disk_dev'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	dontaudit $1 fixed_disk_device_t:blk_file getattr;
+	dontaudit $1 fixed_disk_device_t:chr_file getattr; # /dev/rawctl
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_getattr_fixed_disk_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to set the attributes of fixed disk
+##	device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_setattr_fixed_disk_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_setattr_fixed_disk_dev'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 fixed_disk_device_t:blk_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_setattr_fixed_disk_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts made by the caller to set
+##	the attributes of fixed disk device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_setattr_fixed_disk_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_setattr_fixed_disk_dev'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	dontaudit $1 fixed_disk_device_t:blk_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_setattr_fixed_disk_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly read from a fixed disk.
+##	This is extremely dangerous as it can bypass the
+##	SELinux protections for filesystem objects, and
+##	should only be used by trusted domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_raw_read_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_raw_read_fixed_disk'($*)) dnl
+	
+	gen_require(`
+		attribute fixed_disk_raw_read;
+		type fixed_disk_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
+	allow $1 fixed_disk_device_t:chr_file read_chr_file_perms;
+	typeattribute $1 fixed_disk_raw_read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_raw_read_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly read from a fixed disk
+##	if a tunable is set.
+##	This is extremely dangerous as it can bypass the
+##	SELinux protections for filesystem objects, and
+##	should only be used by trusted domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="tunable">
+##	<summary>
+##	Tunable to depend on
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_raw_read_fixed_disk_cond',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_raw_read_fixed_disk_cond'($*)) dnl
+	
+	gen_require(`
+		attribute fixed_disk_raw_read;
+		type fixed_disk_device_t;
+	')
+
+	typeattribute $1 fixed_disk_raw_read;
+	tunable_policy($2, `
+		dev_list_all_dev_nodes($1)
+		allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
+		allow $1 fixed_disk_device_t:chr_file read_chr_file_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_raw_read_fixed_disk_cond'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts made by the caller to read
+##	fixed disk device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_read_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_read_fixed_disk'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+
+	')
+
+	dontaudit $1 fixed_disk_device_t:blk_file read_blk_file_perms;
+	dontaudit $1 fixed_disk_device_t:chr_file read_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_read_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly write to a fixed disk.
+##	This is extremely dangerous as it can bypass the
+##	SELinux protections for filesystem objects, and
+##	should only be used by trusted domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_raw_write_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_raw_write_fixed_disk'($*)) dnl
+	
+	gen_require(`
+		attribute fixed_disk_raw_write;
+		type fixed_disk_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 fixed_disk_device_t:blk_file write_blk_file_perms;
+	allow $1 fixed_disk_device_t:chr_file write_chr_file_perms;
+	typeattribute $1 fixed_disk_raw_write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_raw_write_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts made by the caller to write
+##	fixed disk device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_write_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_write_fixed_disk'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+
+	')
+
+	dontaudit $1 fixed_disk_device_t:blk_file write_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_write_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly read and write to a fixed disk.
+##	This is extremely dangerous as it can bypass the
+##	SELinux protections for filesystem objects, and
+##	should only be used by trusted domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_raw_rw_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_raw_rw_fixed_disk'($*)) dnl
+	
+	storage_raw_read_fixed_disk($1)
+	storage_raw_write_fixed_disk($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_raw_rw_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to create fixed disk device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_create_fixed_disk_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_create_fixed_disk_dev'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	allow $1 self:capability mknod;
+	allow $1 fixed_disk_device_t:blk_file create_blk_file_perms;
+	dev_add_entry_generic_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_create_fixed_disk_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to delete fixed disk device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_delete_fixed_disk_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_delete_fixed_disk_dev'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	allow $1 fixed_disk_device_t:blk_file delete_blk_file_perms;
+	dev_remove_entry_generic_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_delete_fixed_disk_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete fixed disk device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_manage_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_manage_fixed_disk'($*)) dnl
+	
+	gen_require(`
+		attribute fixed_disk_raw_read, fixed_disk_raw_write;
+		type fixed_disk_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 self:capability mknod;
+	allow $1 fixed_disk_device_t:blk_file manage_blk_file_perms;
+	allow $1 fixed_disk_device_t:chr_file manage_chr_file_perms;
+	typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_manage_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create block devices in /dev with the fixed disk type
+##	via an automatic type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Optional filename of the block device to be created
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dev_filetrans_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dev_filetrans_fixed_disk'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	dev_filetrans($1, fixed_disk_device_t, blk_file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dev_filetrans_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create block devices in on a tmpfs filesystem with the
+##	fixed disk type via an automatic type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_tmpfs_filetrans_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_tmpfs_filetrans_fixed_disk'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	fs_tmpfs_filetrans($1, fixed_disk_device_t, blk_file)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_tmpfs_filetrans_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel fixed disk device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_relabel_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_relabel_fixed_disk'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 fixed_disk_device_t:blk_file relabel_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_relabel_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Enable a fixed disk device as swap space
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_swapon_fixed_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_swapon_fixed_disk'($*)) dnl
+	
+	gen_require(`
+		type fixed_disk_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 fixed_disk_device_t:blk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_swapon_fixed_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to get the attributes
+##	of device nodes of fuse devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_getattr_fuse_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_getattr_fuse_dev'($*)) dnl
+	
+	gen_require(`
+		type fuse_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 fuse_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_getattr_fuse_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	read or write fuse device interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_rw_fuse',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_rw_fuse'($*)) dnl
+	
+	gen_require(`
+		type fuse_device_t;
+	')
+
+	allow $1 fuse_device_t:chr_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_rw_fuse'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	fuse device interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_rw_fuse',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_rw_fuse'($*)) dnl
+	
+	gen_require(`
+		type fuse_device_t;
+	')
+
+	dontaudit $1 fuse_device_t:chr_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_rw_fuse'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to get the attributes of
+##	the generic SCSI interface device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_getattr_scsi_generic_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_getattr_scsi_generic_dev'($*)) dnl
+	
+	gen_require(`
+		type scsi_generic_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 scsi_generic_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_getattr_scsi_generic_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to set the attributes of
+##	the generic SCSI interface device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_setattr_scsi_generic_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_setattr_scsi_generic_dev'($*)) dnl
+	
+	gen_require(`
+		type scsi_generic_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 scsi_generic_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_setattr_scsi_generic_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly read, in a
+##	generic fashion, from any SCSI device.
+##	This is extremely dangerous as it can bypass the
+##	SELinux protections for filesystem objects, and
+##	should only be used by trusted domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_read_scsi_generic',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_read_scsi_generic'($*)) dnl
+	
+	gen_require(`
+		attribute scsi_generic_read;
+		type scsi_generic_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 scsi_generic_device_t:chr_file read_chr_file_perms;
+	typeattribute $1 scsi_generic_read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_read_scsi_generic'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly write, in a
+##	generic fashion, from any SCSI device.
+##	This is extremely dangerous as it can bypass the
+##	SELinux protections for filesystem objects, and
+##	should only be used by trusted domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_write_scsi_generic',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_write_scsi_generic'($*)) dnl
+	
+	gen_require(`
+		attribute scsi_generic_write;
+		type scsi_generic_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 scsi_generic_device_t:chr_file write_chr_file_perms;
+	typeattribute $1 scsi_generic_write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_write_scsi_generic'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of the device nodes
+##	for the SCSI generic inerface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_setattr_scsi_generic_dev_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_setattr_scsi_generic_dev_dev'($*)) dnl
+	
+	gen_require(`
+		type scsi_generic_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 scsi_generic_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_setattr_scsi_generic_dev_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	SCSI generic device interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_rw_scsi_generic',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_rw_scsi_generic'($*)) dnl
+	
+	gen_require(`
+		type scsi_generic_device_t;
+	')
+
+	dontaudit $1 scsi_generic_device_t:chr_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_rw_scsi_generic'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to get the attributes of removable
+##	devices device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_getattr_removable_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_getattr_removable_dev'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 removable_device_t:blk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_getattr_removable_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts made by the caller to get
+##	the attributes of removable devices device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_getattr_removable_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_getattr_removable_dev'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dontaudit $1 removable_device_t:blk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_getattr_removable_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts made by the caller to read
+##	removable devices device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_read_removable_device',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_read_removable_device'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+
+	')
+
+	dontaudit $1 removable_device_t:blk_file read_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_read_removable_device'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts made by the caller to write
+##	removable devices device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_write_removable_device',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_write_removable_device'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dontaudit $1 removable_device_t:blk_file write_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_write_removable_device'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to set the attributes of removable
+##	devices device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_setattr_removable_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_setattr_removable_dev'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 removable_device_t:blk_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_setattr_removable_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts made by the caller to set
+##	the attributes of removable devices device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_setattr_removable_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_setattr_removable_dev'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dontaudit $1 removable_device_t:blk_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_setattr_removable_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly read from
+##	a removable device.
+##	This is extremely dangerous as it can bypass the
+##	SELinux protections for filesystem objects, and
+##	should only be used by trusted domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_raw_read_removable_device',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_raw_read_removable_device'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 removable_device_t:blk_file read_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_raw_read_removable_device'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to directly read removable devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_raw_read_removable_device',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_raw_read_removable_device'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dontaudit $1 removable_device_t:blk_file read_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_raw_read_removable_device'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly write to
+##	a removable device.
+##	This is extremely dangerous as it can bypass the
+##	SELinux protections for filesystem objects, and
+##	should only be used by trusted domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_raw_write_removable_device',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_raw_write_removable_device'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 removable_device_t:blk_file write_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_raw_write_removable_device'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to directly write removable devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_dontaudit_raw_write_removable_device',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_dontaudit_raw_write_removable_device'($*)) dnl
+	
+	gen_require(`
+		type removable_device_t;
+	')
+
+	dontaudit $1 removable_device_t:blk_file write_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_dontaudit_raw_write_removable_device'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly read
+##	a tape device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_read_tape',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_read_tape'($*)) dnl
+	
+	gen_require(`
+		type tape_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tape_device_t:chr_file read_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_read_tape'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to directly write
+##	a tape device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_write_tape',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_write_tape'($*)) dnl
+	
+	gen_require(`
+		type tape_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tape_device_t:chr_file write_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_write_tape'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to get the attributes
+##	of device nodes of tape devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_getattr_tape_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_getattr_tape_dev'($*)) dnl
+	
+	gen_require(`
+		type tape_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tape_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_getattr_tape_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to set the attributes
+##	of device nodes of tape devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_setattr_tape_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_setattr_tape_dev'($*)) dnl
+	
+	gen_require(`
+		type tape_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tape_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_setattr_tape_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to storage devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`storage_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `storage_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute storage_unconfined_type;
+	')
+
+	typeattribute $1 storage_unconfined_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `storage_unconfined'($*)) dnl
+	')
+
+## <summary>
+## Basic filesystem types and interfaces.
+## </summary>
+## <desc>
+## <p>
+## This module contains basic filesystem types and interfaces. This
+## includes:
+## <ul>
+##	<li>The concept of different file types including basic
+##	files, mount points, tmp files, etc.</li>
+##	<li>Access to groups of files and all files.</li>
+##	<li>Types and interfaces for the basic filesystem layout
+##	(/, /etc, /tmp, /usr, etc.).</li>
+## </ul>
+## </p>
+## </desc>
+## <required val="true">
+##	Contains the concept of a file.
+##	Comains the file initial SID.
+## </required>
+
+########################################
+## <summary>
+##	Make the specified type usable for files
+##	in a filesystem.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable for files
+##	in a filesystem.  Types used for files that
+##	do not use this interface, or an interface that
+##	calls this one, will have unexpected behaviors
+##	while the system is running. If the type is used
+##	for device nodes (character or block files), then
+##	the dev_node() interface is more appropriate.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>application_domain()</li>
+##		<li>application_executable_file()</li>
+##		<li>corecmd_executable_file()</li>
+##		<li>init_daemon_domain()</li>
+##		<li>init_domaion()</li>
+##		<li>init_ranged_daemon_domain()</li>
+##		<li>init_ranged_domain()</li>
+##		<li>init_ranged_system_domain()</li>
+##		<li>init_script_file()</li>
+##		<li>init_script_domain()</li>
+##		<li>init_system_domain()</li>
+##		<li>files_config_files()</li>
+##		<li>files_lock_file()</li>
+##		<li>files_mountpoint()</li>
+##		<li>files_pid_file()</li>
+##		<li>files_security_file()</li>
+##		<li>files_security_mountpoint()</li>
+##		<li>files_tmp_file()</li>
+##		<li>files_tmpfs_file()</li>
+##		<li>logging_log_file()</li>
+##		<li>userdom_user_home_content()</li>
+##	</ul>
+##	<p>
+##	Example:
+##	</p>
+##	<p>
+##	type myfile_t;
+##	files_type(myfile_t)
+##	allow mydomain_t myfile_t:file read_file_perms;
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be used for files.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`files_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_type'($*)) dnl
+	
+	gen_require(`
+		attribute file_type, non_security_file_type, non_auth_file_type;
+	')
+
+	typeattribute $1 file_type, non_security_file_type, non_auth_file_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mark the specified type as a file
+##	that is related to authentication.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Type of the authentication-related
+##	file.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_auth_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_auth_file'($*)) dnl
+	
+	gen_require(`
+		attribute file_type, security_file_type, auth_file_type;
+	')
+
+	typeattribute $1 file_type, security_file_type, auth_file_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_auth_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type a file that
+##	should not be dontaudited from
+##	browsing from user domains.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Type of the file to be used as a
+##	member directory.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_security_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_security_file'($*)) dnl
+	
+	gen_require(`
+		attribute file_type, security_file_type, non_auth_file_type;
+	')
+
+	typeattribute $1 file_type, security_file_type, non_auth_file_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_security_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable for
+##	lock files.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used for lock files.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_lock_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_lock_file'($*)) dnl
+	
+	gen_require(`
+		attribute lockfile;
+	')
+
+	files_type($1)
+	typeattribute $1 lockfile;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_lock_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable for
+##	filesystem mount points.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used for mount points.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mountpoint',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mountpoint'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	files_type($1)
+	typeattribute $1 mountpoint;
+
+	optional_policy(`
+		init_mountpoint($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mountpoint'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable for
+##	security file filesystem mount points.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used for mount points.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_security_mountpoint',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_security_mountpoint'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	files_security_file($1)
+	typeattribute $1 mountpoint;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_security_mountpoint'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable for
+##	runtime process ID files.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable for runtime process ID files,
+##	typically found in /var/run.
+##	This will also make the type usable for files, making
+##	calls to files_type() redundant.  Failure to use this interface
+##	for a PID file type may result in problems with starting
+##	or stopping services.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>files_pid_filetrans()</li>
+##	</ul>
+##	<p>
+##	Example usage with a domain that can create and
+##	write its PID file with a private PID file type in the
+##	/var/run directory:
+##	</p>
+##	<p>
+##	type mypidfile_t;
+##	files_pid_file(mypidfile_t)
+##	allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
+##	files_pid_filetrans(mydomain_t, mypidfile_t, file)
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be used for PID files.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`files_pid_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_pid_file'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	files_type($1)
+	typeattribute $1 pidfile;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_pid_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type a
+##	configuration file.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable for configuration files.
+##	This will also make the type usable for files, making
+##	calls to files_type() redundant.  Failure to use this interface
+##	for a temporary file may result in problems with
+##	configuration management tools.
+##	</p>
+##	<p>
+##	Example usage with a domain that can read
+##	its configuration file /etc:
+##	</p>
+##	<p>
+##	type myconffile_t;
+##	files_config_file(myconffile_t)
+##	allow mydomain_t myconffile_t:file read_file_perms;
+##	files_search_etc(mydomain_t)
+##	</p>
+## </desc>
+## <param name="file_type">
+##	<summary>
+##	Type to be used as a configuration file.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`files_config_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_config_file'($*)) dnl
+	
+	gen_require(`
+		attribute configfile;
+	')
+	files_type($1)
+	typeattribute $1 configfile;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_config_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type a
+##	polyinstantiated directory.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Type of the file to be used as a
+##	polyinstantiated directory.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_poly',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_poly'($*)) dnl
+	
+	gen_require(`
+		attribute polydir;
+	')
+
+	files_type($1)
+	typeattribute $1 polydir;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_poly'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type a parent
+##	of a polyinstantiated directory.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Type of the file to be used as a
+##	parent directory.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_poly_parent',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_poly_parent'($*)) dnl
+	
+	gen_require(`
+		attribute polyparent;
+	')
+
+	files_type($1)
+	typeattribute $1 polyparent;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_poly_parent'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type a
+##	polyinstantiation member directory.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Type of the file to be used as a
+##	member directory.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_poly_member',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_poly_member'($*)) dnl
+	
+	gen_require(`
+		attribute polymember;
+	')
+
+	files_type($1)
+	typeattribute $1 polymember;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_poly_member'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the domain use the specified
+##	type of polyinstantiated directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain using the polyinstantiated
+##	directory.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	Type of the file to be used as a
+##	member directory.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_poly_member_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_poly_member_tmp'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	type_member $1 tmp_t:dir $2;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_poly_member_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type a file
+##	used for temporary files.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable for temporary files.
+##	This will also make the type usable for files, making
+##	calls to files_type() redundant.  Failure to use this interface
+##	for a temporary file may result in problems with
+##	purging temporary files.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>files_tmp_filetrans()</li>
+##	</ul>
+##	<p>
+##	Example usage with a domain that can create and
+##	write its temporary file in the system temporary file
+##	directories (/tmp or /var/tmp):
+##	</p>
+##	<p>
+##	type mytmpfile_t;
+##	files_tmp_file(mytmpfile_t)
+##	allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms };
+##	files_tmp_filetrans(mydomain_t, mytmpfile_t, file)
+##	</p>
+## </desc>
+## <param name="file_type">
+##	<summary>
+##	Type of the file to be used as a
+##	temporary file.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`files_tmp_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_tmp_file'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+	')
+
+	files_type($1)
+	files_poly_member($1)
+	typeattribute $1 tmpfile;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_tmp_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transform the type into a file, for use on a
+##	virtual memory filesystem (tmpfs).
+## </summary>
+## <param name="type">
+##	<summary>
+##	The type to be transformed.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_tmpfs_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_tmpfs_file'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfsfile;
+	')
+
+	files_type($1)
+	typeattribute $1 tmpfsfile;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_tmpfs_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_all_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_all_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	getattr_dirs_pattern($1, file_type, file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_all_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_all_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_all_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	dontaudit $1 file_type:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_all_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List all non-security directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_non_security',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_non_security'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	list_dirs_pattern($1, non_security_file_type, non_security_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_non_security'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list all
+##	non-security directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_list_non_security',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_list_non_security'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	dontaudit $1 non_security_file_type:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_list_non_security'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on all non-security
+##	directories and files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_non_security',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_non_security'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	allow $1 non_security_file_type:dir mounton;
+	allow $1 non_security_file_type:file mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_non_security'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow attempts to modify any directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_write_non_security_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_write_non_security_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	allow $1 non_security_file_type:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_write_non_security_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow attempts to manage non-security directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_non_security_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_non_security_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	allow $1 non_security_file_type:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_non_security_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from/to non-security directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_non_security_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_non_security_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	relabel_dirs_pattern($1, non_security_file_type, non_security_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_non_security_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_all_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_all_files'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	getattr_files_pattern($1, file_type, file_type)
+	getattr_lnk_files_pattern($1, file_type, file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_all_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_all_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_all_files'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	dontaudit $1 file_type:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_all_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_non_security_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_non_security_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	dontaudit $1 non_security_file_type:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_non_security_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete all non-security files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_non_security_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_non_security_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	manage_files_pattern($1, non_security_file_type, non_security_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_non_security_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from/to all non-security files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_relabel_non_security_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_non_security_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	relabel_files_pattern($1, non_security_file_type, non_security_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_non_security_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_all_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_files'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:dir list_dir_perms;
+	read_files_pattern($1, file_type, file_type)
+
+	optional_policy(`
+		auth_read_shadow($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow shared library text relocations in all files.
+## </summary>
+## <desc>
+##	<p>
+##	Allow shared library text relocations in all files.
+##	</p>
+##	<p>
+##	This is added to support WINE policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_execmod_all_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_execmod_all_files'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:file execmod;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_execmod_all_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all non-security files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_read_non_security_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_non_security_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	read_files_pattern($1, non_security_file_type, non_security_file_type)
+	read_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_non_security_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all directories on the filesystem, except
+##	the listed exceptions.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="exception_types" optional="true">
+##	<summary>
+##	The types to be excluded.  Each type or attribute
+##	must be negated by the caller.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_all_dirs_except',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_dirs_except'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 { file_type $2 }:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_dirs_except'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all files on the filesystem, except
+##	the listed exceptions.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="exception_types" optional="true">
+##	<summary>
+##	The types to be excluded.  Each type or attribute
+##	must be negated by the caller.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_all_files_except',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_files_except'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	read_files_pattern($1, { file_type $2 }, { file_type $2 })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_files_except'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all symbolic links on the filesystem, except
+##	the listed exceptions.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="exception_types" optional="true">
+##	<summary>
+##	The types to be excluded.  Each type or attribute
+##	must be negated by the caller.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_all_symlinks_except',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_symlinks_except'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	read_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_symlinks_except'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_all_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_all_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	getattr_lnk_files_pattern($1, file_type, file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_all_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_all_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_all_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	dontaudit $1 file_type:lnk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_all_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read all symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_read_all_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_read_all_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	dontaudit $1 file_type:lnk_file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_read_all_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_non_security_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_non_security_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	dontaudit $1 non_security_file_type:lnk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_non_security_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security block devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_non_security_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_non_security_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	dontaudit $1 non_security_file_type:blk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_non_security_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security character devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_non_security_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_non_security_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	dontaudit $1 non_security_file_type:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_non_security_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_read_all_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:dir list_dir_perms;
+	read_lnk_files_pattern($1, file_type, file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_all_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_all_pipes'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:dir list_dir_perms;
+	getattr_fifo_files_pattern($1, file_type, file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_all_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_all_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_all_pipes'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	dontaudit $1 file_type:fifo_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_all_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_non_security_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_non_security_pipes'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	dontaudit $1 non_security_file_type:fifo_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_non_security_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_all_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_all_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:dir list_dir_perms;
+	getattr_sock_files_pattern($1, file_type, file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_all_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_all_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_all_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	dontaudit $1 file_type:sock_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_all_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of non security named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_non_security_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_non_security_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	dontaudit $1 non_security_file_type:sock_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_non_security_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all block nodes with file types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	read_blk_files_pattern($1, file_type, file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all character nodes with file types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	read_chr_files_pattern($1, file_type, file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel all files on the filesystem, except
+##	the listed exceptions.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="exception_types" optional="true">
+##	<summary>
+##	The types to be excluded.  Each type or attribute
+##	must be negated by the caller.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_relabel_all_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_files'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 { file_type $2 }:dir list_dir_perms;
+	relabel_dirs_pattern($1, { file_type $2 }, { file_type $2 })
+	relabel_files_pattern($1, { file_type $2 }, { file_type $2 })
+	relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
+	relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
+	relabel_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
+	# this is only relabelfrom since there should be no
+	# device nodes with file types.
+	relabelfrom_blk_files_pattern($1, { file_type $2 }, { file_type $2 })
+	relabelfrom_chr_files_pattern($1, { file_type $2 }, { file_type $2 })
+
+	# satisfy the assertions:
+	seutil_relabelto_bin_policy($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	rw all files on the filesystem, except
+##	the listed exceptions.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="exception_types" optional="true">
+##	<summary>
+##	The types to be excluded.  Each type or attribute
+##	must be negated by the caller.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_rw_all_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_all_files'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	rw_files_pattern($1, { file_type $2 }, { file_type $2 })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_all_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all files on the filesystem, except
+##	the listed exceptions.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="exception_types" optional="true">
+##	<summary>
+##	The types to be excluded.  Each type or attribute
+##	must be negated by the caller.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_all_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_all_files'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	manage_dirs_pattern($1, { file_type $2 }, { file_type $2 })
+	manage_files_pattern($1, { file_type $2 }, { file_type $2 })
+	manage_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
+	manage_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
+	manage_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
+
+	# satisfy the assertions:
+	seutil_create_bin_policy($1)
+	files_manage_kernel_modules($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_all_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of all directories on
+##	extended attribute filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_all'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of all directories on
+##	extended attribute filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_all'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create all files as is.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_create_all_files_as',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_all_files_as'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:kernel_service create_files_as;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_all_files_as'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the
+##	contents of any directories on extended
+##	attribute filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_all_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_all_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	dontaudit $1 file_type:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_all_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all filesystems
+##	with the type of a file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# dwalsh: This interface is to allow quotacheck to work on a
+# a filesystem mounted with the --context switch
+# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212957
+#
+ 	 	define(`files_getattr_all_file_type_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_all_file_type_fs'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_all_file_type_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel a filesystem to the type of a file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabelto_all_file_type_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabelto_all_file_type_fs'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:filesystem relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabelto_all_file_type_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel a filesystem to and from the type of a file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_all_file_type_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_file_type_fs'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:filesystem { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_file_type_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount all filesystems with the type of a file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mount_all_file_type_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mount_all_file_type_fs'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mount_all_file_type_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount all filesystems with the type of a file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_unmount_all_file_type_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_unmount_all_file_type_fs'($*)) dnl
+	
+	gen_require(`
+		attribute file_type;
+	')
+
+	allow $1 file_type:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_unmount_all_file_type_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all non-authentication related
+##	directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_non_auth_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_non_auth_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute non_auth_file_type;
+	')
+
+	allow $1 non_auth_file_type:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_non_auth_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all non-authentication related
+##	files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_non_auth_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_non_auth_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_auth_file_type;
+	')
+
+	read_files_pattern($1, non_auth_file_type, non_auth_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_non_auth_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all non-authentication related
+## symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_non_auth_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_non_auth_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute non_auth_file_type;
+	')
+
+	read_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_non_auth_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	rw non-authentication related files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_rw_non_auth_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_non_auth_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_auth_file_type;
+	')
+
+	rw_files_pattern($1, non_auth_file_type, non_auth_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_non_auth_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage non-authentication related
+##	files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_non_auth_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_non_auth_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_auth_file_type;
+	')
+
+	manage_dirs_pattern($1, non_auth_file_type, non_auth_file_type)
+	manage_files_pattern($1, non_auth_file_type, non_auth_file_type)
+	manage_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
+	manage_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
+	manage_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
+
+	# satisfy the assertions:
+	seutil_create_bin_policy($1)
+	files_manage_kernel_modules($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_non_auth_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mmap non-authentication related
+##	files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_map_non_auth_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_map_non_auth_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_auth_file_type;
+	')
+
+	allow $1 non_auth_file_type:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_map_non_auth_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel all non-authentication related
+##	files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_relabel_non_auth_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_non_auth_files'($*)) dnl
+	
+	gen_require(`
+		attribute non_auth_file_type;
+	')
+
+	allow $1 non_auth_file_type:dir list_dir_perms;
+	relabel_dirs_pattern($1, non_auth_file_type, non_auth_file_type)
+	relabel_files_pattern($1, non_auth_file_type, non_auth_file_type)
+	relabel_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
+	relabel_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
+	relabel_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
+	# this is only relabelfrom since there should be no
+	# device nodes with file types.
+	relabelfrom_blk_files_pattern($1, non_auth_file_type, non_auth_file_type)
+	relabelfrom_chr_files_pattern($1, non_auth_file_type, non_auth_file_type)
+
+	# satisfy the assertions:
+	# seutil_relabelto_bin_policy($1)
+	# Gentoo: this is removed as we do not want to set attributes in this phase, we want
+	# to allow files_relabel_non_auth_files to be an optional setting (tunable).
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_non_auth_files'($*)) dnl
+	')
+
+
+#############################################
+## <summary>
+##	Manage all configuration directories on filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`files_manage_config_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_config_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute configfile;
+	')
+
+	manage_dirs_pattern($1, configfile, configfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_config_dirs'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Relabel configuration directories
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`files_relabel_config_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_config_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute configfile;
+	')
+
+	relabel_dirs_pattern($1, configfile, configfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_config_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read config files in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_config_files'($*)) dnl
+	
+	gen_require(`
+		attribute configfile;
+	')
+
+	allow $1 configfile:dir list_dir_perms;
+	read_files_pattern($1, configfile, configfile)
+	read_lnk_files_pattern($1, configfile, configfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_config_files'($*)) dnl
+	')
+
+
+###########################################
+## <summary>
+## 	Manage all configuration files on filesystem
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+##
+#
+ 	 	define(`files_manage_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_config_files'($*)) dnl
+	
+	gen_require(`
+		attribute configfile;
+	')
+
+	manage_files_pattern($1, configfile, configfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_config_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Relabel configuration files
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`files_relabel_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_config_files'($*)) dnl
+	
+	gen_require(`
+		attribute configfile;
+	')
+
+	relabel_files_pattern($1, configfile, configfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_config_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_all_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_all_mountpoints'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	allow $1 mountpoint:dir { search_dir_perms mounton };
+	allow $1 mountpoint:file { getattr mounton };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_all_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_all_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_all_mountpoints'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	allow $1 mountpoint:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_all_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_setattr_all_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_setattr_all_mountpoints'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	allow $1 mountpoint:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_setattr_all_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes on all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_setattr_all_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_setattr_all_mountpoints'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	dontaudit $1 mountpoint:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_setattr_all_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_all_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_all_mountpoints'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	allow $1 mountpoint:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_all_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit searching of all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_all_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_all_mountpoints'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	dontaudit $1 mountpoint:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_all_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_all_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_all_mountpoints'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	allow $1 mountpoint:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_all_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit listing of all mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_list_all_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_list_all_mountpoints'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	dontaudit $1 mountpoint:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_list_all_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write to mount points.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_write_all_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_write_all_mountpoints'($*)) dnl
+	
+	gen_require(`
+		attribute mountpoint;
+	')
+
+	dontaudit $1 mountpoint:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_write_all_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_root',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_root'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:dir list_dir_perms;
+	allow $1 root_t:lnk_file { read_lnk_file_perms ioctl lock };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_root'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete symbolic links in the
+##	root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_root_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_root_symlinks'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:lnk_file delete_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_root_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write to / dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_write_root_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_write_root_dirs'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	dontaudit $1 root_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_write_root_dirs'($*)) dnl
+	')
+
+
+###################
+## <summary>
+##	Do not audit attempts to write
+##	files in the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_rw_root_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_rw_root_dir'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	dontaudit $1 root_t:dir rw_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_rw_root_dir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_watch_root_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_watch_root_dirs'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:dir watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_watch_root_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create an object in the root directory, with a private
+##	type using a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_root_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_root_filetrans'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	filetrans_pattern($1, root_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_root_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read files in
+##	the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_read_root_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_read_root_files'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	dontaudit $1 root_t:file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_read_root_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	files in the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_rw_root_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_rw_root_files'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	dontaudit $1 root_t:file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_rw_root_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	character device nodes in the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_rw_root_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_rw_root_chr_files'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	dontaudit $1 root_t:chr_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_rw_root_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete character device nodes in
+##	the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_root_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_root_chr_files'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:chr_file delete_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_root_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete files in the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_root_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_root_files'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:file unlink;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_root_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute files in the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_exec_root_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_exec_root_files'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:file exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_exec_root_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remove entries from the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_root_dir_entry',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_root_dir_entry'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:dir rw_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_root_dir_entry'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the root directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_root_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_root_dir'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_root_dir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a rootfs
+##	file system.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_rootfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_rootfs'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_rootfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Associate to root file system.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Type of the file to associate.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_associate_rootfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_associate_rootfs'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:filesystem associate;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_associate_rootfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from rootfs file system.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_rootfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_rootfs'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:filesystem { relabelto relabelfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_rootfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a rootfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_unmount_rootfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_unmount_rootfs'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_unmount_rootfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount on the root directory (/)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_root',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_root'($*)) dnl
+	
+	gen_require(`
+		type root_t;
+	')
+
+	allow $1 root_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_root'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_boot_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_boot_dirs'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	allow $1 boot_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_boot_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get attributes
+##	of the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_boot_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_boot_dirs'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	dontaudit $1 boot_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_boot_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_boot',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_boot'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	allow $1 boot_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_boot'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_boot',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_boot'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	dontaudit $1 boot_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_boot'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_boot',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_boot'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	allow $1 boot_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_boot'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attempts to list the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_list_boot',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_list_boot'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	dontaudit $1 boot_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_list_boot'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create directories in /boot
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_create_boot_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_boot_dirs'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	allow $1 boot_t:dir { create rw_dir_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_boot_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	directories in /boot.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_boot_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_boot_dirs'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	allow $1 boot_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_boot_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a private type object in boot
+##	with an automatic type transition
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_boot_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_boot_filetrans'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	filetrans_pattern($1, boot_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_boot_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	read files in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_read_boot_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_boot_files'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	read_files_pattern($1, boot_t, boot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_boot_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files
+##	in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_boot_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_boot_files'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	manage_files_pattern($1, boot_t, boot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_boot_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from files in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabelfrom_boot_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabelfrom_boot_files'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	relabelfrom_files_pattern($1, boot_t, boot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabelfrom_boot_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read symbolic links in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_boot_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_boot_symlinks'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	read_lnk_files_pattern($1, boot_t, boot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_boot_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write symbolic links
+##	in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_rw_boot_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_boot_symlinks'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	allow $1 boot_t:dir list_dir_perms;
+	rw_lnk_files_pattern($1, boot_t, boot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_boot_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete symbolic links
+##	in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_boot_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_boot_symlinks'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	manage_lnk_files_pattern($1, boot_t, boot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_boot_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kernel files in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_kernel_img',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_kernel_img'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	allow $1 boot_t:dir list_dir_perms;
+	read_files_pattern($1, boot_t, boot_t)
+	read_lnk_files_pattern($1, boot_t, boot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_kernel_img'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Install a kernel into the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_create_kernel_img',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_kernel_img'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	allow $1 boot_t:file { create_file_perms rw_file_perms };
+	manage_lnk_files_pattern($1, boot_t, boot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_kernel_img'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete a kernel from /boot.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_delete_kernel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_kernel'($*)) dnl
+	
+	gen_require(`
+		type boot_t;
+	')
+
+	delete_files_pattern($1, boot_t, boot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_kernel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr of directories with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_default_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_default_dirs'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	allow $1 default_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_default_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of
+##	directories with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_default_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_default_dirs'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	dontaudit $1 default_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_default_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of directories with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_default',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_default'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	allow $1 default_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_default'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List contents of directories with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_default',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_default'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	allow $1 default_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_default'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list contents of
+##	directories with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_list_default',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_list_default'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	dontaudit $1 default_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_list_default'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete directories with
+##	the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_default_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_default_dirs'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	manage_dirs_pattern($1, default_t, default_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_default_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on a directory with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_default',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_default'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	allow $1 default_t:dir { search_dir_perms mounton };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_default'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of
+##	files with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_default_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_default_files'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	dontaudit $1 default_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_default_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_default_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_default_files'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	allow $1 default_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_default_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read files
+##	with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_read_default_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_read_default_files'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	dontaudit $1 default_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_read_default_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files with
+##	the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_default_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_default_files'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	manage_files_pattern($1, default_t, default_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_default_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_default_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_default_symlinks'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	allow $1 default_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_default_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read sockets with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_default_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_default_sockets'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	allow $1 default_t:sock_file read_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_default_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read named pipes with the default file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_default_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_default_pipes'($*)) dnl
+	
+	gen_require(`
+		type default_t;
+	')
+
+	allow $1 default_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_default_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of /etc directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_etc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_etc'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_etc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the /etc directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_setattr_etc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_setattr_etc_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_setattr_etc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of /etc directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_etc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_etc'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_etc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write to /etc dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_write_etc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_write_etc_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	dontaudit $1 etc_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_write_etc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Add and remove entries from /etc directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_rw_etc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_etc_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir rw_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_etc_dirs'($*)) dnl
+	')
+
+
+##########################################
+## <summary>
+## 	Manage generic directories in /etc
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`files_manage_etc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_etc_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	manage_dirs_pattern($1, etc_t, etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_etc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel directories to etc_t.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabelto_etc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabelto_etc_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabelto_etc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on the
+##	etc directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_etc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_etc_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_etc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch /etc directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_watch_etc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_watch_etc_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_watch_etc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic files in /etc.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read generic
+##	files in /etc. These files are typically
+##	general system configuration files that do
+##	not have more specific SELinux types.  Some
+##	examples of these files are:
+##	</p>
+##	<ul>
+##		<li>/etc/fstab</li>
+##		<li>/etc/passwd</li>
+##		<li>/etc/services</li>
+##		<li>/etc/shells</li>
+##	</ul>
+##	<p>
+##	This interface does not include access to /etc/shadow.
+##	</p>
+##	<p>
+##	Generally, it is safe for many domains to have
+##	this access.  However, since this interface provides
+##	access to the /etc/passwd file, caution must be
+##	exercised, as user account names can be leaked
+##	through this access.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>auth_read_shadow()</li>
+##		<li>files_read_etc_runtime_files()</li>
+##		<li>seutil_read_config()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`files_read_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_etc_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir list_dir_perms;
+	read_files_pattern($1, etc_t, etc_t)
+	read_lnk_files_pattern($1, etc_t, etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Map generic files in /etc.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to map generic files in /etc.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>files_read_etc_files()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`files_map_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_map_etc_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_map_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write generic files in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_write_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_write_etc_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	dontaudit $1 etc_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_write_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic files in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_rw_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_etc_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir list_dir_perms;
+	rw_files_pattern($1, etc_t, etc_t)
+	read_lnk_files_pattern($1, etc_t, etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete generic
+##	files in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_etc_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	manage_files_pattern($1, etc_t, etc_t)
+	read_lnk_files_pattern($1, etc_t, etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete system configuration files in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_etc_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	delete_files_pattern($1, etc_t, etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute generic files in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_exec_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_exec_etc_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir list_dir_perms;
+	read_lnk_files_pattern($1, etc_t, etc_t)
+	exec_files_pattern($1, etc_t, etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_exec_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get etc_t service status.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_get_etc_unit_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_get_etc_unit_status'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_get_etc_unit_status'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	start etc_t service
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_start_etc_service',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_start_etc_service'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:service start;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_start_etc_service'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	stop etc_t service
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_stop_etc_service',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_stop_etc_service'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:service stop;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_stop_etc_service'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Relabel from and to generic files in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_etc_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:dir list_dir_perms;
+	relabel_files_pattern($1, etc_t, etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_etc_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_etc_symlinks'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	read_lnk_files_pattern($1, etc_t, etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_etc_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete symbolic links in /etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_etc_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_etc_symlinks'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	manage_lnk_files_pattern($1, etc_t, etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_etc_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in /etc with a private
+##	type using a type_transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Object classes to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_etc_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_etc_filetrans'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	filetrans_pattern($1, etc_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_etc_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a boot flag.
+## </summary>
+## <desc>
+##	<p>
+##	Create a boot flag, such as
+##	/.autorelabel and /.autofsck.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_create_boot_flag',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_boot_flag'($*)) dnl
+	
+	gen_require(`
+		type root_t, etc_runtime_t;
+	')
+
+	allow $1 etc_runtime_t:file manage_file_perms;
+	filetrans_pattern($1, root_t, etc_runtime_t, file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_boot_flag'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete a boot flag.
+## </summary>
+## <desc>
+##	<p>
+##	Delete a boot flag, such as
+##	/.autorelabel and /.autofsck.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_delete_boot_flag',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_boot_flag'($*)) dnl
+	
+	gen_require(`
+		type root_t, etc_runtime_t;
+	')
+
+	delete_files_pattern($1, root_t, etc_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_boot_flag'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the
+##	etc_runtime directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_etc_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_etc_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_runtime_t;
+	')
+
+	allow $1 etc_runtime_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_etc_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on the
+##	etc_runtime directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_etc_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_etc_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_runtime_t;
+	')
+
+	allow $1 etc_runtime_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_etc_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to etc_runtime_t dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabelto_etc_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabelto_etc_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type etc_runtime_t;
+	')
+
+	allow $1 etc_runtime_t:dir relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabelto_etc_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes of the etc_runtime files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_setattr_etc_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_setattr_etc_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type etc_runtime_t;
+	')
+
+	dontaudit $1 etc_runtime_t:file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_setattr_etc_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files in /etc that are dynamically
+##	created on boot, such as mtab.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read dynamically created
+##	configuration files in /etc. These files are typically
+##	general system configuration files that do
+##	not have more specific SELinux types.  Some
+##	examples of these files are:
+##	</p>
+##	<ul>
+##		<li>/etc/motd</li>
+##		<li>/etc/mtab</li>
+##		<li>/etc/nologin</li>
+##	</ul>
+##	<p>
+##	This interface does not include access to /etc/shadow.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10" />
+## <rolecap/>
+#
+ 	 	define(`files_read_etc_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_etc_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t, etc_runtime_t;
+	')
+
+	allow $1 etc_t:dir list_dir_perms;
+	read_files_pattern($1, etc_t, etc_runtime_t)
+	read_lnk_files_pattern($1, etc_t, etc_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_etc_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read files
+##	in /etc that are dynamically
+##	created on boot, such as mtab.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_read_etc_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_read_etc_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type etc_runtime_t;
+	')
+
+	dontaudit $1 etc_runtime_t:file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_read_etc_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read files
+##	in /etc
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_read_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_read_etc_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t;
+	')
+
+	dontaudit $1 etc_t:file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_read_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write
+##	etc runtime files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_write_etc_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_write_etc_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type etc_runtime_t;
+	')
+
+	dontaudit $1 etc_runtime_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_write_etc_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write files in /etc that are dynamically
+##	created on boot, such as mtab.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_rw_etc_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_etc_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t, etc_runtime_t;
+	')
+
+	allow $1 etc_t:dir list_dir_perms;
+	rw_files_pattern($1, etc_t, etc_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_etc_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files in
+##	/etc that are dynamically created on boot,
+##	such as mtab.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_etc_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_etc_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t, etc_runtime_t;
+	')
+
+	manage_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_etc_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to etc_runtime_t files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabelto_etc_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabelto_etc_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type etc_runtime_t;
+	')
+
+	allow $1 etc_runtime_t:file relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabelto_etc_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, etc runtime objects with an automatic
+##	type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_etc_filetrans_etc_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_etc_filetrans_etc_runtime'($*)) dnl
+	
+	gen_require(`
+		type etc_t, etc_runtime_t;
+	')
+
+	filetrans_pattern($1, etc_t, etc_runtime_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_etc_filetrans_etc_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the home directories root
+##	(/home).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_home_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_home_dir'($*)) dnl
+	
+	gen_require(`
+		type home_root_t;
+	')
+
+	allow $1 home_root_t:dir getattr;
+	allow $1 home_root_t:lnk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_home_dir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of the home directories root
+##	(/home).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_home_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_home_dir'($*)) dnl
+	
+	gen_require(`
+		type home_root_t;
+	')
+
+	dontaudit $1 home_root_t:dir getattr;
+	dontaudit $1 home_root_t:lnk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_home_dir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search home directories root (/home).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_home'($*)) dnl
+	
+	gen_require(`
+		type home_root_t;
+	')
+
+	allow $1 home_root_t:dir search_dir_perms;
+	allow $1 home_root_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search
+##	home directories root (/home).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_home'($*)) dnl
+	
+	gen_require(`
+		type home_root_t;
+	')
+
+	dontaudit $1 home_root_t:dir search_dir_perms;
+	dontaudit $1 home_root_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list
+##	home directories root (/home).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_list_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_list_home'($*)) dnl
+	
+	gen_require(`
+		type home_root_t;
+	')
+
+	dontaudit $1 home_root_t:dir list_dir_perms;
+	dontaudit $1 home_root_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_list_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get listing of home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_home'($*)) dnl
+	
+	gen_require(`
+		type home_root_t;
+	')
+
+	allow $1 home_root_t:dir list_dir_perms;
+	allow $1 home_root_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to user home root (/home).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabelto_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabelto_home'($*)) dnl
+	
+	gen_require(`
+		type home_root_t;
+	')
+
+	allow $1 home_root_t:dir relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabelto_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from user home root (/home).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabelfrom_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabelfrom_home'($*)) dnl
+	
+	gen_require(`
+		type home_root_t;
+	')
+
+	allow $1 home_root_t:dir relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabelfrom_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in /home.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="home_type">
+##	<summary>
+##	The private type.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_home_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_home_filetrans'($*)) dnl
+	
+	gen_require(`
+		type home_root_t;
+	')
+
+	filetrans_pattern($1, home_root_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_home_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of lost+found directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_lost_found_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_lost_found_dirs'($*)) dnl
+	
+	gen_require(`
+		type lost_found_t;
+	')
+
+	allow $1 lost_found_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_lost_found_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of
+##	lost+found directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_lost_found_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_lost_found_dirs'($*)) dnl
+	
+	gen_require(`
+		type lost_found_t;
+	')
+
+	dontaudit $1 lost_found_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_lost_found_dirs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	List the contents of lost+found directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_lost_found',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_lost_found'($*)) dnl
+	
+	gen_require(`
+		type lost_found_t;
+	')
+
+	allow $1 lost_found_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_lost_found'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete objects in
+##	lost+found directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_lost_found',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_lost_found'($*)) dnl
+	
+	gen_require(`
+		type lost_found_t;
+	')
+
+	manage_dirs_pattern($1, lost_found_t, lost_found_t)
+	manage_files_pattern($1, lost_found_t, lost_found_t)
+	manage_lnk_files_pattern($1, lost_found_t, lost_found_t)
+	manage_fifo_files_pattern($1, lost_found_t, lost_found_t)
+	manage_sock_files_pattern($1, lost_found_t, lost_found_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_lost_found'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_mnt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_mnt'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	allow $1 mnt_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_mnt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_mnt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_mnt'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	dontaudit $1 mnt_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_mnt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_mnt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_mnt'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	allow $1 mnt_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_mnt'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Do not audit attempts to list the contents of /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_list_mnt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_list_mnt'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	dontaudit $1 mnt_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_list_mnt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_mnt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_mnt'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	allow $1 mnt_t:dir { search_dir_perms mounton };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_mnt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete directories in /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_mnt_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_mnt_dirs'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	allow $1 mnt_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_mnt_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files in /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_mnt_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_mnt_files'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	manage_files_pattern($1, mnt_t, mnt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_mnt_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	read files in /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_mnt_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_mnt_files'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	read_files_pattern($1, mnt_t, mnt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_mnt_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read symbolic links in /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_mnt_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_mnt_symlinks'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	read_lnk_files_pattern($1, mnt_t, mnt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_mnt_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete symbolic links in /mnt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_mnt_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_mnt_symlinks'($*)) dnl
+	
+	gen_require(`
+		type mnt_t;
+	')
+
+	manage_lnk_files_pattern($1, mnt_t, mnt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_mnt_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of the kernel module directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	allow $1 modules_object_t:dir search_dir_perms;
+	read_lnk_files_pattern($1, modules_object_t, modules_object_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_kernel_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of the kernel module directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	allow $1 modules_object_t:dir list_dir_perms;
+	read_lnk_files_pattern($1, modules_object_t, modules_object_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_kernel_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of kernel module files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	getattr_files_pattern($1, modules_object_t, modules_object_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_kernel_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kernel module files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	allow $1 modules_object_t:dir list_dir_perms;
+	read_files_pattern($1, modules_object_t, modules_object_t)
+	read_lnk_files_pattern($1, modules_object_t, modules_object_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_kernel_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write kernel module files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_write_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_write_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	allow $1 modules_object_t:dir list_dir_perms;
+	write_files_pattern($1, modules_object_t, modules_object_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_write_kernel_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete kernel module files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	delete_files_pattern($1, modules_object_t, modules_object_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_kernel_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	kernel module files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	allow $1 modules_object_t:dir rw_dir_perms;
+	manage_files_pattern($1, modules_object_t, modules_object_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_kernel_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from and to kernel module files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	relabel_files_pattern($1, modules_object_t, modules_object_t)
+	allow $1 modules_object_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_kernel_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the kernel module directories
+##	with a private type via an automatic type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_kernel_modules_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_kernel_modules_filetrans'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	filetrans_pattern($1, modules_object_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_kernel_modules_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Load kernel module files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_load_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_load_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	files_read_kernel_modules($1)
+	allow $1 modules_object_t:system module_load;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_load_kernel_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List world-readable directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_list_world_readable',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_world_readable'($*)) dnl
+	
+	gen_require(`
+		type readable_t;
+	')
+
+	allow $1 readable_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_world_readable'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read world-readable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_read_world_readable_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_world_readable_files'($*)) dnl
+	
+	gen_require(`
+		type readable_t;
+	')
+
+	allow $1 readable_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_world_readable_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read world-readable symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_read_world_readable_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_world_readable_symlinks'($*)) dnl
+	
+	gen_require(`
+		type readable_t;
+	')
+
+	allow $1 readable_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_world_readable_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read world-readable named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_world_readable_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_world_readable_pipes'($*)) dnl
+	
+	gen_require(`
+		type readable_t;
+	')
+
+	allow $1 readable_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_world_readable_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read world-readable sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_world_readable_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_world_readable_sockets'($*)) dnl
+	
+	gen_require(`
+		type readable_t;
+	')
+
+	allow $1 readable_t:sock_file read_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_world_readable_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified type to associate
+##	to a filesystem with the type of the
+##	temporary directory (/tmp).
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	Type of the file to associate.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_associate_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_associate_tmp'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	allow $1 tmp_t:filesystem associate;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_associate_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the	attributes of the tmp directory (/tmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	allow $1 tmp_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of the tmp directory (/tmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	dontaudit $1 tmp_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the tmp directory (/tmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_tmp'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	allow $1 tmp_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the tmp directory (/tmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_tmp'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	dontaudit $1 tmp_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the tmp directory (/tmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_tmp'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	allow $1 tmp_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit listing of the tmp directory (/tmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain not to audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_list_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_list_tmp'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	dontaudit $1 tmp_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_list_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remove entries from the tmp directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_tmp_dir_entry',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_tmp_dir_entry'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	allow $1 tmp_t:dir del_entry_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_tmp_dir_entry'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files in the tmp directory (/tmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_generic_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_generic_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	read_files_pattern($1, tmp_t, tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_generic_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage temporary directories in /tmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_generic_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_generic_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	manage_dirs_pattern($1, tmp_t, tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_generic_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage temporary files and directories in /tmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_generic_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_generic_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	manage_files_pattern($1, tmp_t, tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_generic_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links in the tmp directory (/tmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_generic_tmp_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_generic_tmp_symlinks'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	read_lnk_files_pattern($1, tmp_t, tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_generic_tmp_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic named sockets in the tmp directory (/tmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_rw_generic_tmp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_generic_tmp_sockets'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	rw_sock_files_pattern($1, tmp_t, tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_generic_tmp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount filesystems in the tmp directory (/tmp)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_tmp'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	allow $1 tmp_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of all tmp directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_setattr_all_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_setattr_all_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+	')
+
+	allow $1 tmpfile:dir { search_dir_perms setattr };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_setattr_all_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List all tmp directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_all_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_all_tmp'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+	')
+
+	allow $1 tmpfile:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_all_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from all temporary
+##	directory types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_relabel_all_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+		type var_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	relabel_dirs_pattern($1, tmpfile, tmpfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain not to audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_all_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_all_tmp_files'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+	')
+
+	dontaudit $1 tmpfile:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_all_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow attempts to get the attributes
+##	of all tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_all_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_all_tmp_files'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+	')
+
+	allow $1 tmpfile:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_all_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from all temporary
+##	file types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_relabel_all_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_tmp_files'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+		type var_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	relabel_files_pattern($1, tmpfile, tmpfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all tmp sock_file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain not to audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_all_tmp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_all_tmp_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+	')
+
+	dontaudit $1 tmpfile:sock_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_all_tmp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_all_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_tmp_files'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+	')
+
+	read_files_pattern($1, tmpfile, tmpfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create an object in the tmp directories, with a private
+##	type using a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_tmp_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_tmp_filetrans'($*)) dnl
+	
+	gen_require(`
+		type tmp_t;
+	')
+
+	filetrans_pattern($1, tmp_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_tmp_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete the contents of /tmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_purge_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_purge_tmp'($*)) dnl
+	
+	gen_require(`
+		attribute tmpfile;
+	')
+
+	allow $1 tmpfile:dir list_dir_perms;
+	delete_dirs_pattern($1, tmpfile, tmpfile)
+	delete_files_pattern($1, tmpfile, tmpfile)
+	delete_lnk_files_pattern($1, tmpfile, tmpfile)
+	delete_fifo_files_pattern($1, tmpfile, tmpfile)
+	delete_sock_files_pattern($1, tmpfile, tmpfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_purge_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the /usr directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_setattr_usr_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_setattr_usr_dirs'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_setattr_usr_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the content of /usr.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_usr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_usr'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_usr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of generic
+##	directories in /usr.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_usr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_usr'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_usr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit write of /usr dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_write_usr_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_write_usr_dirs'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	dontaudit $1 usr_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_write_usr_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Add and remove entries from /usr directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_rw_usr_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_usr_dirs'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:dir rw_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_usr_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to add and remove
+##	entries from /usr directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_rw_usr_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_rw_usr_dirs'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	dontaudit $1 usr_t:dir rw_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_rw_usr_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete generic directories in /usr in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_usr_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_usr_dirs'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	delete_dirs_pattern($1, usr_t, usr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_usr_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch generic directories in /usr.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_watch_usr_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_watch_usr_dirs'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:dir watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_watch_usr_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete generic files in /usr in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_usr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_usr_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	delete_files_pattern($1, usr_t, usr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_usr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of files in /usr.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_usr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_usr_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	getattr_files_pattern($1, usr_t, usr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_usr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Map generic files in /usr.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`files_map_usr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_map_usr_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_map_usr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic files in /usr.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read generic
+##	files in /usr. These files are various program
+##	files that do not have more specific SELinux types.
+##	Some examples of these files are:
+##	</p>
+##	<ul>
+##		<li>/usr/include/*</li>
+##		<li>/usr/share/doc/*</li>
+##		<li>/usr/share/info/*</li>
+##	</ul>
+##	<p>
+##	Generally, it is safe for many domains to have
+##	this access.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`files_read_usr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_usr_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:dir list_dir_perms;
+	read_files_pattern($1, usr_t, usr_t)
+	read_lnk_files_pattern($1, usr_t, usr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_usr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute generic programs in /usr in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_exec_usr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_exec_usr_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	allow $1 usr_t:dir list_dir_perms;
+	exec_files_pattern($1, usr_t, usr_t)
+	read_lnk_files_pattern($1, usr_t, usr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_exec_usr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit write of /usr files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_write_usr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_write_usr_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	dontaudit $1 usr_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_write_usr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files in the /usr directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_usr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_usr_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	manage_files_pattern($1, usr_t, usr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_usr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel a file to the type used in /usr.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabelto_usr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabelto_usr_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	relabelto_files_pattern($1, usr_t, usr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabelto_usr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel a file from the type used in /usr.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabelfrom_usr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabelfrom_usr_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	relabelfrom_files_pattern($1, usr_t, usr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabelfrom_usr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links in /usr.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_usr_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_usr_symlinks'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	read_lnk_files_pattern($1, usr_t, usr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_usr_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the /usr directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	The type of the object to be created
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The object class.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_usr_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_usr_filetrans'($*)) dnl
+	
+	gen_require(`
+		type usr_t;
+	')
+
+	filetrans_pattern($1, usr_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_usr_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search directories in /usr/src.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_src',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_src'($*)) dnl
+	
+	gen_require(`
+		type src_t;
+	')
+
+	allow $1 src_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_src'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search /usr/src.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_src',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_src'($*)) dnl
+	
+	gen_require(`
+		type src_t;
+	')
+
+	dontaudit $1 src_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_src'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of files in /usr/src.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_usr_src_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_usr_src_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t, src_t;
+	')
+
+	getattr_files_pattern($1, src_t, src_t)
+
+	# /usr/src/linux symlink:
+	read_lnk_files_pattern($1, usr_t, src_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_usr_src_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files in /usr/src.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_usr_src_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_usr_src_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t, src_t;
+	')
+
+	allow $1 usr_t:dir search_dir_perms;
+	read_files_pattern($1, { usr_t src_t }, src_t)
+	read_lnk_files_pattern($1, { usr_t src_t }, src_t)
+	allow $1 src_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_usr_src_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute programs in /usr/src in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_exec_usr_src_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_exec_usr_src_files'($*)) dnl
+	
+	gen_require(`
+		type usr_t, src_t;
+	')
+
+	list_dirs_pattern($1, usr_t, src_t)
+	exec_files_pattern($1, src_t, src_t)
+	read_lnk_files_pattern($1, src_t, src_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_exec_usr_src_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Install a system.map into the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_create_kernel_symbol_table',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_kernel_symbol_table'($*)) dnl
+	
+	gen_require(`
+		type boot_t, system_map_t;
+	')
+
+	allow $1 boot_t:dir { list_dir_perms add_entry_dir_perms };
+	allow $1 system_map_t:file { create_file_perms rw_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_kernel_symbol_table'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read system.map in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_kernel_symbol_table',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_kernel_symbol_table'($*)) dnl
+	
+	gen_require(`
+		type boot_t, system_map_t;
+	')
+
+	allow $1 boot_t:dir list_dir_perms;
+	read_files_pattern($1, boot_t, system_map_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_kernel_symbol_table'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete a system.map in the /boot directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_kernel_symbol_table',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_kernel_symbol_table'($*)) dnl
+	
+	gen_require(`
+		type boot_t, system_map_t;
+	')
+
+	allow $1 boot_t:dir list_dir_perms;
+	delete_files_pattern($1, boot_t, system_map_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_kernel_symbol_table'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of /var.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_var',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_var'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_var'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write to /var.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_write_var_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_write_var_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	dontaudit $1 var_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_write_var_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow attempts to write to /var.dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_write_var_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_write_var_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	allow $1 var_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_write_var_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search
+##	the contents of /var.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_var',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_var'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	dontaudit $1 var_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_var'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of /var.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_var',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_var'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	allow $1 var_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_var'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list
+##	the contents of /var.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_list_var',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_list_var'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	dontaudit $1 var_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_list_var'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete directories
+##	in the /var directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_var_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_var_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	allow $1 var_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_var_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	relabelto/from var directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_var_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_var_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	allow $1 var_t:dir { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_var_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files in the /var directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_var_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_var_files'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	read_files_pattern($1, var_t, var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_var_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append files in the /var directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_append_var_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_append_var_files'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	append_files_pattern($1, var_t, var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_append_var_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write files in the /var directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_rw_var_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_var_files'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	rw_files_pattern($1, var_t, var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_var_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	files in the /var directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_rw_var_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_rw_var_files'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	dontaudit $1 var_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_rw_var_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files in the /var directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_var_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_var_files'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	manage_files_pattern($1, var_t, var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_var_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links in the /var directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_var_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_var_symlinks'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	read_lnk_files_pattern($1, var_t, var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_var_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete symbolic
+##	links in the /var directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_var_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_var_symlinks'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	manage_lnk_files_pattern($1, var_t, var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_var_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the /var directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	The type of the object to be created
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The object class.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_var_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_var_filetrans'($*)) dnl
+	
+	gen_require(`
+		type var_t;
+	')
+
+	filetrans_pattern($1, var_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_var_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the /var/lib directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_var_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_var_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	getattr_dirs_pattern($1, var_t, var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_var_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the /var/lib directory.
+## </summary>
+## <desc>
+##	<p>
+##	Search the /var/lib directory.  This is
+##	necessary to access files or directories under
+##	/var/lib that have a private type.  For example, a
+##	domain accessing a private library file in the
+##	/var/lib directory:
+##	</p>
+##	<p>
+##	allow mydomain_t mylibfile_t:file read_file_perms;
+##	files_search_var_lib(mydomain_t)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="5"/>
+#
+ 	 	define(`files_search_var_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_var_lib'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	search_dirs_pattern($1, var_t, var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_var_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the
+##	contents of /var/lib.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="5"/>
+#
+ 	 	define(`files_dontaudit_search_var_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_var_lib'($*)) dnl
+	
+	gen_require(`
+		type var_lib_t;
+	')
+
+	dontaudit $1 var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_var_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of the /var/lib directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_var_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_var_lib'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	list_dirs_pattern($1, var_t, var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_var_lib'($*)) dnl
+	')
+
+
+###########################################
+## <summary>
+##	Read-write /var/lib directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_rw_var_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_var_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_lib_t;
+	')
+
+	rw_dirs_pattern($1, var_lib_t, var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_var_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	manage var_lib_t dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_var_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_var_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lib_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_var_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	relabel var_lib_t dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_var_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_var_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lib_t:dir { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_var_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the /var/lib directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	The type of the object to be created
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The object class.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_var_lib_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_var_lib_filetrans'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	filetrans_pattern($1, var_lib_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_var_lib_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic files in /var/lib.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_var_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_var_lib_files'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	allow $1 var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, { var_t var_lib_t }, var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_var_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic symbolic links in /var/lib
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_var_lib_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_var_lib_symlinks'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	read_lnk_files_pattern($1, { var_t var_lib_t }, var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_var_lib_symlinks'($*)) dnl
+	')
+
+
+# cjp: the next two interfaces really need to be fixed
+# in some way.  They really neeed their own types.
+
+########################################
+## <summary>
+##	Create, read, write, and delete the
+##	pseudorandom number generator seed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_urandom_seed',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_urandom_seed'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	manage_files_pattern($1, var_lib_t, var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_urandom_seed'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow domain to manage mount tables
+##	necessary for rpcd, nfsd, etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_mounttab',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_mounttab'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lib_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	manage_files_pattern($1, var_lib_t, var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_mounttab'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the generic lock directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_setattr_lock_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_setattr_lock_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	setattr_dirs_pattern($1, var_t, var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_setattr_lock_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the locks directory (/var/lock).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_locks'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	search_dirs_pattern($1, var_t, var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the
+##	locks directory (/var/lock).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_locks'($*)) dnl
+	
+	gen_require(`
+		type var_lock_t;
+	')
+
+	dontaudit $1 var_lock_t:lnk_file read_lnk_file_perms;
+	dontaudit $1 var_lock_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List generic lock directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_locks'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	list_dirs_pattern($1, var_t, var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Test write access on lock directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_check_write_lock_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_check_write_lock_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_lock_t;
+	')
+
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	allow $1 var_lock_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_check_write_lock_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Add entries in the /var/lock directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_add_entry_lock_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_add_entry_lock_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	add_entry_dirs_pattern($1, var_t, var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_add_entry_lock_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Add and remove entries in the /var/lock
+##	directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_rw_lock_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_lock_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	rw_dirs_pattern($1, var_t, var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_lock_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Create lock directories
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`files_create_lock_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_lock_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	create_dirs_pattern($1, var_lock_t, var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_lock_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from all lock directory types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_relabel_all_lock_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_lock_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute lockfile;
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	relabel_dirs_pattern($1, lockfile, lockfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_lock_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of generic lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_getattr_generic_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_getattr_generic_locks'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	allow $1 var_lock_t:dir list_dir_perms;
+	getattr_files_pattern($1, var_lock_t, var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_getattr_generic_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete generic lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_generic_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_generic_locks'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	delete_files_pattern($1, var_lock_t, var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_generic_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete generic
+##	lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_generic_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_generic_locks'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	manage_dirs_pattern($1, var_lock_t, var_lock_t)
+	manage_files_pattern($1, var_lock_t, var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_generic_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete all lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_delete_all_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_all_locks'($*)) dnl
+	
+	gen_require(`
+		attribute lockfile;
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	delete_files_pattern($1, lockfile, lockfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_all_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_all_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_locks'($*)) dnl
+	
+	gen_require(`
+		attribute lockfile;
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	allow $1 { var_t var_lock_t }:dir search_dir_perms;
+	allow $1 lockfile:dir list_dir_perms;
+	read_files_pattern($1, lockfile, lockfile)
+	read_lnk_files_pattern($1, lockfile, lockfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	manage all lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_all_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_all_locks'($*)) dnl
+	
+	gen_require(`
+		attribute lockfile;
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	allow $1 { var_t var_lock_t }:dir search_dir_perms;
+	manage_dirs_pattern($1, lockfile, lockfile)
+	manage_files_pattern($1, lockfile, lockfile)
+	manage_lnk_files_pattern($1, lockfile, lockfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_all_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from/to all lock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_all_locks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_locks'($*)) dnl
+	
+	gen_require(`
+		attribute lockfile;
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	allow $1 { var_t var_lock_t }:dir search_dir_perms;
+	relabel_dirs_pattern($1, lockfile, lockfile)
+	relabel_files_pattern($1, lockfile, lockfile)
+	relabel_lnk_files_pattern($1, lockfile, lockfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_locks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create an object in the locks directory, with a private
+##	type using a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_lock_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_lock_filetrans'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_lock_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_lock_t:lnk_file read_lnk_file_perms;
+	filetrans_pattern($1, var_lock_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_lock_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of the /var/run directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_run_t;
+	')
+
+	dontaudit $1 var_run_t:lnk_file read_lnk_file_perms;
+	dontaudit $1 var_run_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	mounton a /var/run directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_run_t;
+	')
+
+	allow $1 var_run_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the /var/run directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_setattr_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_setattr_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_run_t;
+	')
+
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	allow $1 var_run_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_setattr_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of runtime process
+##	ID directories (/var/run).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_pids'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_run_t;
+	')
+
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	search_dirs_pattern($1, var_t, var_run_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search
+##	the /var/run directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_pids'($*)) dnl
+	
+	gen_require(`
+		type var_run_t;
+	')
+
+	dontaudit $1 var_run_t:lnk_file read_lnk_file_perms;
+	dontaudit $1 var_run_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of the runtime process
+##	ID directories (/var/run).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_pids'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_run_t;
+	')
+
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	list_dirs_pattern($1, var_t, var_run_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Check write access on /var/run directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_check_write_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_check_write_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_run_t;
+	')
+
+	allow $1 var_run_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_check_write_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a /var/run directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_create_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_run_t;
+	')
+
+	allow $1 var_run_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch /var/run directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_watch_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_watch_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_run_t;
+	')
+
+	allow $1 var_run_t:dir watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_watch_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic process ID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_generic_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_generic_pids'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_run_t;
+	')
+
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	list_dirs_pattern($1, var_t, var_run_t)
+	read_files_pattern($1, var_run_t, var_run_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_generic_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write named generic process ID pipes
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_write_generic_pid_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_write_generic_pid_pipes'($*)) dnl
+	
+	gen_require(`
+		type var_run_t;
+	')
+
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	allow $1 var_run_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_write_generic_pid_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create an object in the process ID directory, with a private type.
+## </summary>
+## <desc>
+##	<p>
+##	Create an object in the process ID directory (e.g., /var/run)
+##	with a private type.  Typically this is used for creating
+##	private PID files in /var/run with the private type instead
+##	of the general PID file type. To accomplish this goal,
+##	either the program must be SELinux-aware, or use this interface.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>files_pid_file()</li>
+##	</ul>
+##	<p>
+##	Example usage with a domain that can create and
+##	write its PID file with a private PID file type in the
+##	/var/run directory:
+##	</p>
+##	<p>
+##	type mypidfile_t;
+##	files_pid_file(mypidfile_t)
+##	allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
+##	files_pid_filetrans(mydomain_t, mypidfile_t, file)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`files_pid_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_pid_filetrans'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_run_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	filetrans_pattern($1, var_run_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_pid_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Create a generic lock directory within the run directories
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_pid_filetrans_lock_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_pid_filetrans_lock_dir'($*)) dnl
+	
+	gen_require(`
+		type var_lock_t;
+	')
+
+	files_pid_filetrans($1, var_lock_t, dir, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_pid_filetrans_lock_dir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic process ID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_rw_generic_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_rw_generic_pids'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_run_t;
+	')
+
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	list_dirs_pattern($1, var_t, var_run_t)
+	rw_files_pattern($1, var_run_t, var_run_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_rw_generic_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of
+##	daemon runtime data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_getattr_all_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_getattr_all_pids'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+		type var_run_t;
+	')
+
+	dontaudit $1 var_run_t:lnk_file read_lnk_file_perms;
+	dontaudit $1 pidfile:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_getattr_all_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write to daemon runtime data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_write_all_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_write_all_pids'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+		type var_run_t;
+	')
+
+	dontaudit $1 var_run_t:lnk_file read_lnk_file_perms;
+	dontaudit $1 pidfile:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_write_all_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to ioctl daemon runtime data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_ioctl_all_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_ioctl_all_pids'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+		type var_run_t;
+	')
+
+	dontaudit $1 var_run_t:lnk_file read_lnk_file_perms;
+	dontaudit $1 pidfile:file ioctl;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_ioctl_all_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     manage all pidfile directories
+##     in the /var/run directory.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`files_manage_all_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_all_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	manage_dirs_pattern($1, pidfile, pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_all_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all process ID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_read_all_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_all_pids'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+		type var_t, var_run_t;
+	')
+
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	list_dirs_pattern($1, var_t, pidfile)
+	read_files_pattern($1, pidfile, pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_all_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Execute generic programs in /var/run in the caller domain.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`files_exec_generic_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_exec_generic_pid_files'($*)) dnl
+	
+	gen_require(`
+		type var_run_t;
+	')
+
+	exec_files_pattern($1, var_run_t, var_run_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_exec_generic_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Relable all pid files
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`files_relabel_all_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_pid_files'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	relabel_files_pattern($1, pidfile, pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete all process IDs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_delete_all_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_all_pids'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+		type var_t, var_run_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	allow $1 var_run_t:dir rmdir;
+	allow $1 var_run_t:lnk_file delete_lnk_file_perms;
+	delete_files_pattern($1, pidfile, pidfile)
+	delete_fifo_files_pattern($1, pidfile, pidfile)
+	delete_sock_files_pattern($1, pidfile, { pidfile var_run_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_all_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Create all pid sockets
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`files_create_all_pid_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_all_pid_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	allow $1 pidfile:sock_file create_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_all_pid_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Create all pid named pipes
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`files_create_all_pid_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_all_pid_pipes'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	allow $1 pidfile:fifo_file create_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_all_pid_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Create all spool sockets
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`files_create_all_spool_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_create_all_spool_sockets'($*)) dnl
+	
+        gen_require(`
+                attribute spoolfile;
+        ')
+
+        allow $1 spoolfile:sock_file create_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_create_all_spool_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Delete all spool sockets
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`files_delete_all_spool_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_all_spool_sockets'($*)) dnl
+	
+        gen_require(`
+                attribute spoolfile;
+        ')
+
+        allow $1 spoolfile:sock_file delete_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_all_spool_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete all process ID directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_delete_all_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_delete_all_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+		type var_t, var_run_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	allow $1 var_run_t:lnk_file read_lnk_file_perms;
+	delete_dirs_pattern($1, pidfile, pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_delete_all_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write and delete all
+##	var_run (pid) content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain alloed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_all_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_all_pids'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	manage_dirs_pattern($1, pidfile, pidfile)
+	manage_files_pattern($1, pidfile, pidfile)
+	manage_lnk_files_pattern($1, pidfile, pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_all_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to/from all var_run (pid) directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain alloed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_all_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	relabel_dirs_pattern($1, pidfile, pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to/from all var_run (pid) socket files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain alloed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_all_pid_sock_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_pid_sock_files'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	relabel_sock_files_pattern($1, pidfile, pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_pid_sock_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to/from all var_run (pid) files and directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain alloed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_all_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_pids'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	relabel_dirs_pattern($1, pidfile, pidfile)
+	relabel_files_pattern($1, pidfile, pidfile)
+	relabel_lnk_files_pattern($1, pidfile, pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount filesystems on all polyinstantiation
+##	member directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_mounton_all_poly_members',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_mounton_all_poly_members'($*)) dnl
+	
+	gen_require(`
+		attribute polymember;
+	')
+
+	allow $1 polymember:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_mounton_all_poly_members'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of generic spool
+##	directories (/var/spool).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_search_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_search_spool'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_spool_t;
+	')
+
+	search_dirs_pattern($1, var_t, var_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_search_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search generic
+##	spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_search_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_search_spool'($*)) dnl
+	
+	gen_require(`
+		type var_spool_t;
+	')
+
+	dontaudit $1 var_spool_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_search_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of generic spool
+##	(/var/spool) directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_spool'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_spool_t;
+	')
+
+	list_dirs_pattern($1, var_t, var_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete generic
+##	spool directories (/var/spool).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_generic_spool_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_generic_spool_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_spool_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	manage_dirs_pattern($1, var_spool_t, var_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_generic_spool_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_generic_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_generic_spool'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_spool_t;
+	')
+
+	list_dirs_pattern($1, var_t, var_spool_t)
+	read_files_pattern($1, var_spool_t, var_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_generic_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete generic
+##	spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_generic_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_generic_spool'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_spool_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	manage_files_pattern($1, var_spool_t, var_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_generic_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the spool directory
+##	with a private type with a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file">
+##	<summary>
+##	Type to which the created node will be transitioned.
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Object class(es) (single or set including {}) for which this
+##	the transition will occur.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_spool_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_spool_filetrans'($*)) dnl
+	
+	gen_require(`
+		type var_t, var_spool_t;
+	')
+
+	allow $1 var_t:dir search_dir_perms;
+	filetrans_pattern($1, var_spool_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_spool_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow access to manage all polyinstantiated
+##	directories on the system.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_polyinstantiate_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_polyinstantiate_all'($*)) dnl
+	
+	gen_require(`
+		attribute polydir, polymember, polyparent;
+		type poly_t;
+	')
+
+	# Need to give access to /selinux/member
+	selinux_compute_member($1)
+
+	# Need sys_admin capability for mounting
+	allow $1 self:capability { chown fowner fsetid sys_admin };
+
+	# Need to give access to the directories to be polyinstantiated
+	allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
+
+	# Need to give access to the polyinstantiated subdirectories
+	allow $1 polymember:dir search_dir_perms;
+
+	# Need to give access to parent directories where original
+	# is remounted for polyinstantiation aware programs (like gdm)
+	allow $1 polyparent:dir { getattr mounton };
+
+	# Need to give permission to create directories where applicable
+	allow $1 self:process setfscreate;
+	allow $1 polymember: dir { create setattr relabelto };
+	allow $1 polydir: dir { write add_name open };
+	allow $1 polyparent:dir { open read write remove_name add_name relabelfrom relabelto };
+
+	# Default type for mountpoints
+	allow $1 poly_t:dir { create mounton };
+	fs_unmount_xattr_fs($1)
+
+	fs_mount_tmpfs($1)
+	fs_unmount_tmpfs($1)
+
+	ifdef(`distro_redhat',`
+		# namespace.init
+		files_search_tmp($1)
+		files_search_home($1)
+		corecmd_exec_bin($1)
+		seutil_domtrans_setfiles($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_polyinstantiate_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute files_unconfined_type;
+	')
+
+	typeattribute $1 files_unconfined_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_unconfined'($*)) dnl
+	')
+
+
+# should be in an ifdef distro_gentoo but cannot do so for interfaces
+
+########################################
+## <summary>
+##	Create, read, write, and delete symbolic links in
+##	/etc that are dynamically created on boot.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_etc_runtime_lnk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_etc_runtime_lnk_files'($*)) dnl
+	
+	gen_require(`
+		type etc_t, etc_runtime_t;
+	')
+
+	manage_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_etc_runtime_lnk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read etc_runtime resources
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_dontaudit_read_etc_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_dontaudit_read_etc_runtime'($*)) dnl
+	
+	gen_require(`
+		type etc_runtime_t;
+	')
+
+	dontaudit $1 etc_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_dontaudit_read_etc_runtime'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	List usr/src files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`files_list_src',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_list_src'($*)) dnl
+	
+	gen_require(`
+		type src_t;
+	')
+
+	list_dirs_pattern($1, src_t, src_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_list_src'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read usr/src files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_src_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_src_files'($*)) dnl
+	
+	gen_require(`
+		type src_t;
+	')
+
+	read_files_pattern($1, src_t, src_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_src_files'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage /usr/src files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`files_manage_src_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_src_files'($*)) dnl
+	
+	gen_require(`
+		type src_t;
+	')
+
+	manage_files_pattern($1, src_t, src_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_src_files'($*)) dnl
+	')
+
+
+
+##########################################
+## <summary>
+##	Create a resource in the generic lib location
+##	with an automatic type transition towards the kernel modules
+##	type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Class of the created resource for which a type transition should occur
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Optional name of the resource
+##	</summary>
+## </param>
+#
+ 	 	define(`files_lib_filetrans_kernel_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_lib_filetrans_kernel_modules'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	libs_lib_filetrans($1, modules_object_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_lib_filetrans_kernel_modules'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read etc runtime resources
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`files_read_etc_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_read_etc_runtime'($*)) dnl
+	
+	gen_require(`
+		type etc_runtime_t;
+		type etc_t;
+	')
+
+	list_dirs_pattern($1, etc_t, etc_runtime_t)
+	read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
+	read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_read_etc_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabel from and to non-security types
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_relabel_all_non_security_file_types',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_non_security_file_types'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	allow $1 non_security_file_type:dir list_dir_perms;
+
+	relabel_dirs_pattern($1, non_security_file_type, non_security_file_type)
+	relabel_files_pattern($1, non_security_file_type, non_security_file_type)
+	relabel_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+	relabel_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+	relabel_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+
+	# this is only relabelfrom since there should be no
+	# device nodes with file types.
+	relabelfrom_blk_files_pattern($1, non_security_file_type, non_security_file_type)
+	relabelfrom_chr_files_pattern($1, non_security_file_type, non_security_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_non_security_file_types'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage non-security-sensitive resource types
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`files_manage_all_non_security_file_types',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_manage_all_non_security_file_types'($*)) dnl
+	
+	gen_require(`
+		attribute non_security_file_type;
+	')
+
+	manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
+	manage_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_manage_all_non_security_file_types'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Allow relabeling from and to any pidfile associated type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`files_relabel_all_pidfiles',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `files_relabel_all_pidfiles'($*)) dnl
+	
+	gen_require(`
+		attribute pidfile;
+	')
+
+	allow $1 pidfile:dir list_dir_perms;
+
+	relabel_dirs_pattern($1, pidfile, pidfile)
+	relabel_files_pattern($1, pidfile, pidfile)
+	relabel_lnk_files_pattern($1, pidfile, pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `files_relabel_all_pidfiles'($*)) dnl
+	')
+
+## <summary>User-based access control policy</summary>
+## <required val="true">
+##	Contains attributes used in UBAC policy.
+## </required>
+
+########################################
+## <summary>
+##	Constrain by user-based access control (UBAC).
+## </summary>
+## <desc>
+##	<p>
+##	Constrain the specified type by user-based
+##	access control (UBAC).  Typically, these are
+##	user processes or user files that need to be
+##	differentiated by SELinux user.  Normally this
+##	does not include administrative or privileged
+##	programs. For the UBAC rules to be enforced,
+##	both the subject (source) type and the object
+##	(target) types must be UBAC constrained.
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be constrained by UBAC.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`ubac_constrained',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_constrained'($*)) dnl
+	
+	gen_require(`
+		attribute ubac_constrained_type;
+	')
+
+	typeattribute $1 ubac_constrained_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_constrained'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Exempt user-based access control for files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+ 	 	define(`ubac_file_exempt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_file_exempt'($*)) dnl
+	
+	gen_require(`
+		attribute ubacfile;
+	')
+
+	typeattribute $1 ubacfile;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_file_exempt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Exempt user-based access control for processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+ 	 	define(`ubac_process_exempt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_process_exempt'($*)) dnl
+	
+	gen_require(`
+		attribute ubacproc;
+	')
+
+	typeattribute $1 ubacproc;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_process_exempt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Exempt user-based access control for file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+ 	 	define(`ubac_fd_exempt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_fd_exempt'($*)) dnl
+	
+	gen_require(`
+		attribute ubacfd;
+	')
+
+	typeattribute $1 ubacfd;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_fd_exempt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Exempt user-based access control for sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+ 	 	define(`ubac_socket_exempt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_socket_exempt'($*)) dnl
+	
+	gen_require(`
+		attribute ubacsock;
+	')
+
+	typeattribute $1 ubacsock;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_socket_exempt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Exempt user-based access control for SysV IPC.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+ 	 	define(`ubac_sysvipc_exempt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_sysvipc_exempt'($*)) dnl
+	
+	gen_require(`
+		attribute ubacipc;
+	')
+
+	typeattribute $1 ubacipc;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_sysvipc_exempt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Exempt user-based access control for X Windows.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+ 	 	define(`ubac_xwin_exempt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_xwin_exempt'($*)) dnl
+	
+	gen_require(`
+		attribute ubacxwin;
+	')
+
+	typeattribute $1 ubacxwin;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_xwin_exempt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Exempt user-based access control for dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+ 	 	define(`ubac_dbus_exempt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_dbus_exempt'($*)) dnl
+	
+	gen_require(`
+		attribute ubacdbus;
+	')
+
+	typeattribute $1 ubacdbus;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_dbus_exempt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Exempt user-based access control for keys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+ 	 	define(`ubac_key_exempt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_key_exempt'($*)) dnl
+	
+	gen_require(`
+		attribute ubackey;
+	')
+
+	typeattribute $1 ubackey;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_key_exempt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Exempt user-based access control for databases.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be exempted.
+##	</summary>
+## </param>
+#
+ 	 	define(`ubac_db_exempt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ubac_db_exempt'($*)) dnl
+	
+	gen_require(`
+		attribute ubacdb;
+	')
+
+	typeattribute $1 ubacdb;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ubac_db_exempt'($*)) dnl
+	')
+
+## <summary>
+##	Policy for kernel security interface, in particular, selinuxfs.
+## </summary>
+## <required val="true">
+##	Contains the policy for the kernel SELinux security interface.
+## </required>
+
+########################################
+## <summary>
+##	Make the specified type used for labeling SELinux Booleans.
+##	This interface is only usable in the base module.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type used for labeling SELinux Booleans.
+##	</p>
+##	<p>
+##	This makes use of genfscon statements, which are only
+##	available in the base module.  Thus any module which calls this
+##	interface must be included in the base module.
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type used for labeling a Boolean.
+##	</summary>
+## </param>
+## <param name="boolean">
+##	<summary>
+##	Name of the Boolean.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_labeled_boolean',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_labeled_boolean'($*)) dnl
+	
+	gen_require(`
+		attribute boolean_type;
+	')
+
+	typeattribute $1 boolean_type;
+
+	# because of this statement, any module which
+	# calls this interface must be in the base module:
+	genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_labeled_boolean'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the mountpoint of the selinuxfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_get_fs_mount',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_get_fs_mount'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	# starting in libselinux 2.0.5, init_selinuxmnt() will
+	# attempt to short circuit by checking if SELINUXMNT
+	# (/selinux) is already a selinuxfs
+	allow $1 security_t:filesystem getattr;
+
+	# Same for /sys/fs/selinux
+	dev_getattr_sysfs($1)
+	dev_search_sysfs($1)
+
+	# read /proc/filesystems to see if selinuxfs is supported
+	# then read /proc/self/mount to see where selinuxfs is mounted
+	kernel_read_system_state($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_get_fs_mount'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the mountpoint
+##	of the selinuxfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_dontaudit_get_fs_mount',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_dontaudit_get_fs_mount'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	# starting in libselinux 2.0.5, init_selinuxmnt() will
+	# attempt to short circuit by checking if SELINUXMNT
+	# (/selinux) is already a selinuxfs
+	dontaudit $1 security_t:filesystem getattr;
+
+	# Same for /sys/fs/selinux
+	dev_dontaudit_getattr_sysfs($1)
+	dev_dontaudit_search_sysfs($1)
+
+	# read /proc/filesystems to see if selinuxfs is supported
+	# then read /proc/self/mount to see where selinuxfs is mounted
+	kernel_dontaudit_read_system_state($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_dontaudit_get_fs_mount'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount the selinuxfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_mount_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_mount_fs'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	allow $1 security_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_mount_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount the selinuxfs filesystem.
+##	This allows some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_remount_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_remount_fs'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	allow $1 security_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_remount_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount the selinuxfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_unmount_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_unmount_fs'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	allow $1 security_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_unmount_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the selinuxfs filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_getattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_getattr_fs'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	allow $1 security_t:filesystem getattr;
+
+	dev_getattr_sysfs($1)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_getattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of the selinuxfs filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_dontaudit_getattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_dontaudit_getattr_fs'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dontaudit $1 security_t:filesystem getattr;
+
+	dev_dontaudit_getattr_sysfs($1)
+	dev_dontaudit_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_dontaudit_getattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of the selinuxfs directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_dontaudit_getattr_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_dontaudit_getattr_dir'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dontaudit $1 security_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_dontaudit_getattr_dir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search selinuxfs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_search_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_search_fs'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_search_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search selinuxfs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_dontaudit_search_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_dontaudit_search_fs'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dontaudit $1 security_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_dontaudit_search_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read
+##	generic selinuxfs entries
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_dontaudit_read_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_dontaudit_read_fs'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dontaudit $1 security_t:dir search_dir_perms;
+	dontaudit $1 security_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_dontaudit_read_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows the caller to get the mode of policy enforcement
+##	(enforcing or permissive mode).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`selinux_get_enforce_mode',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_get_enforce_mode'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_get_enforce_mode'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to set the mode of policy enforcement
+##	(enforcing or permissive mode).
+## </summary>
+## <desc>
+##	<p>
+##	Allow caller to set the mode of policy enforcement
+##	(enforcing or permissive mode).
+##	</p>
+##	<p>
+##	Since this is a security event, this action is
+##	always audited.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`selinux_set_enforce_mode',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_set_enforce_mode'($*)) dnl
+	
+	gen_require(`
+		attribute can_setenforce;
+	')
+
+	typeattribute $1 can_setenforce;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_set_enforce_mode'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to load the policy into the kernel.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_load_policy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_load_policy'($*)) dnl
+	
+	gen_require(`
+		attribute can_load_policy;
+	')
+
+	typeattribute $1 can_load_policy;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_load_policy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to read the policy from the kernel.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_read_policy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_read_policy'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file read_file_perms;
+	allow $1 security_t:security read_policy;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_read_policy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to set the state of generic Booleans to
+##	enable or disable conditional portions of the policy.
+## </summary>
+## <desc>
+##	<p>
+##	Allow caller to set the state of generic Booleans to
+##	enable or disable conditional portions of the policy.
+##	</p>
+##	<p>
+##	Since this is a security event, this action is
+##	always audited.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`selinux_set_generic_booleans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_set_generic_booleans'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file rw_file_perms;
+
+	allow $1 security_t:security setbool;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_set_generic_booleans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to set the state of all Booleans to
+##	enable or disable conditional portions of the policy.
+## </summary>
+## <desc>
+##	<p>
+##	Allow caller to set the state of all Booleans to
+##	enable or disable conditional portions of the policy.
+##	</p>
+##	<p>
+##	Since this is a security event, this action is
+##	always audited.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`selinux_set_all_booleans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_set_all_booleans'($*)) dnl
+	
+	gen_require(`
+		type security_t, secure_mode_policyload_t;
+		attribute boolean_type;
+		bool secure_mode_policyload;
+	')
+
+	dev_search_sysfs($1)
+
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 { boolean_type -secure_mode_policyload_t }:file rw_file_perms;
+	allow $1 secure_mode_policyload_t:file read_file_perms;
+
+	allow $1 security_t:security setbool;
+
+	if(!secure_mode_policyload) {
+		allow $1 secure_mode_policyload_t:file write_file_perms;
+	}
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_set_all_booleans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to set SELinux access vector cache parameters.
+## </summary>
+## <desc>
+##	<p>
+##	Allow caller to set SELinux access vector cache parameters.
+##	The allows the domain to set performance related parameters
+##	of the AVC, such as cache threshold.
+##	</p>
+##	<p>
+##	Since this is a security event, this action is
+##	always audited.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`selinux_set_parameters',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_set_parameters'($*)) dnl
+	
+	gen_require(`
+		attribute can_setsecparam;
+	')
+
+	typeattribute $1 can_setsecparam;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_set_parameters'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to validate security contexts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`selinux_validate_context',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_validate_context'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file rw_file_perms;
+	allow $1 security_t:security check_context;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_validate_context'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to validate security contexts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`selinux_dontaudit_validate_context',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_dontaudit_validate_context'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dontaudit $1 security_t:dir list_dir_perms;
+	dontaudit $1 security_t:file rw_file_perms;
+	dontaudit $1 security_t:security check_context;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_dontaudit_validate_context'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to compute an access vector.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`selinux_compute_access_vector',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_compute_access_vector'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 self:netlink_selinux_socket create_socket_perms;
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file rw_file_perms;
+	allow $1 security_t:security compute_av;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_compute_access_vector'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Calculate the default type for object creation.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`selinux_compute_create_context',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_compute_create_context'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file rw_file_perms;
+	allow $1 security_t:security compute_create;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_compute_create_context'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to compute polyinstatntiated
+##	directory members.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_compute_member',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_compute_member'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file rw_file_perms;
+	allow $1 security_t:security compute_member;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_compute_member'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Calculate the context for relabeling objects.
+## </summary>
+## <desc>
+##	<p>
+##	Calculate the context for relabeling objects.
+##	This is determined by using the type_change
+##	rules in the policy, and is generally used
+##	for determining the context for relabeling
+##	a terminal when a user logs in.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_compute_relabel_context',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_compute_relabel_context'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file rw_file_perms;
+	allow $1 security_t:security compute_relabel;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_compute_relabel_context'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to compute possible contexts for a user.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_compute_user_contexts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_compute_user_contexts'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 security_t:file rw_file_perms;
+	allow $1 security_t:security compute_user;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_compute_user_contexts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows caller to map secuirty_t files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+
+ 	 	define(`selinux_map_security_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_map_security_files'($*)) dnl
+	
+	gen_require(`
+		type security_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 security_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_map_security_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to the SELinux kernel security server.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`selinux_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `selinux_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute selinux_unconfined_type;
+	')
+
+	typeattribute $1 selinux_unconfined_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `selinux_unconfined'($*)) dnl
+	')
+
+## <summary>
+## Device nodes and interfaces for many basic system devices.
+## </summary>
+## <desc>
+## <p>
+## This module creates the device node concept and provides
+## the policy for many of the device files. Notable exceptions are
+## the mass storage and terminal devices that are covered by other
+## modules.
+## </p>
+## <p>
+## This module creates the concept of a device node. That is a
+## char or block device file, usually in /dev. All types that
+## are used to label device nodes should use the dev_node macro.
+## </p>
+## <p>
+## Additionally, this module controls access to three things:
+##	<ul>
+##		<li>the device directories containing device nodes</li>
+##		<li>device nodes as a group</li>
+##		<li>individual access to specific device nodes covered by
+##		this module.</li>
+##	</ul>
+## </p>
+## </desc>
+## <required val="true">
+##	Depended on by other required modules.
+## </required>
+
+########################################
+## <summary>
+##	Make the specified type usable for device
+##	nodes in a filesystem.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable for device nodes
+##	in a filesystem.  Types used for device nodes that
+##	do not use this interface, or an interface that
+##	calls this one, will have unexpected behaviors
+##	while the system is running.
+##	</p>
+##	<p>
+##	Example:
+##	</p>
+##	<p>
+##	type mydev_t;
+##	dev_node(mydev_t)
+##	allow mydomain_t mydev_t:chr_file read_chr_file_perms;
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>term_tty()</li>
+##		<li>term_pty()</li>
+##	</ul>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be used for device nodes.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`dev_node',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_node'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+	')
+
+	typeattribute $1 device_node;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_node'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Associate the specified file type with device filesystem.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	The type of the file to be associated.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_associate',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_associate'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:filesystem associate;
+	fs_associate_tmpfs($1)	#For backwards compatibility
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_associate'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of device filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_fs'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch the directories in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_watch_dev_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_watch_dev_dirs'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:dir watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_watch_dev_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on /dev
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allow access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_mounton',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_mounton'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_mounton'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow full relabeling (to and from) of all device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dev_relabel_all_dev_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabel_all_dev_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	relabelfrom_dirs_pattern($1, device_t, { device_t device_node })
+	relabelfrom_files_pattern($1, device_t, { device_t device_node })
+	relabelfrom_lnk_files_pattern($1, device_t, { device_t device_node })
+	relabelfrom_fifo_files_pattern($1, device_t, { device_t device_node })
+	relabelfrom_sock_files_pattern($1, device_t, { device_t device_node })
+	relabel_blk_files_pattern($1, device_t, { device_t device_node })
+	relabel_chr_files_pattern($1, device_t, { device_t device_node })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabel_all_dev_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Allow full relabeling (to and from) of all device files.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dev_relabel_all_dev_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabel_all_dev_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	relabel_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabel_all_dev_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List all of the device nodes in a device directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_list_all_dev_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_list_all_dev_nodes'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	list_dirs_pattern($1, device_t, device_t)
+	read_lnk_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_list_all_dev_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of /dev directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_generic_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_generic_dirs'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	setattr_dirs_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_generic_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit attempts to list all device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_list_all_dev_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_list_all_dev_nodes'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_list_all_dev_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Add entries to directories in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_add_entry_generic_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_add_entry_generic_dirs'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:dir add_entry_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_add_entry_generic_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remove entries from directories in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_remove_entry_generic_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_remove_entry_generic_dirs'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:dir del_entry_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_remove_entry_generic_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a directory in the device directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_generic_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_generic_dirs'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:dir list_dir_perms;
+	create_dirs_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_generic_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete a directory in the device directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_delete_generic_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_delete_generic_dirs'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	delete_dirs_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_delete_generic_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage of directories in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_generic_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_generic_dirs'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	manage_dirs_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_generic_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow full relabeling (to and from) of directories in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_relabel_generic_dev_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabel_generic_dev_dirs'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	relabel_dirs_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabel_generic_dev_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit getattr generic files in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_generic_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_generic_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_generic_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic files in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_generic_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_generic_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	read_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_generic_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic files in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_generic_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_generic_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	rw_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_generic_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete generic files in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_delete_generic_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_delete_generic_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	delete_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_delete_generic_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a file in the device directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_generic_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_generic_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	manage_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_generic_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit getattr on generic pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_generic_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_generic_pipes'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:fifo_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_generic_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write generic socket files in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_generic_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_generic_sockets'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	write_sock_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_generic_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow getattr on generic block devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_generic_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_generic_blk_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	getattr_blk_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_generic_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit getattr on generic block devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_generic_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_generic_blk_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:blk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_generic_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes on generic
+##	block devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_generic_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_generic_blk_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:blk_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_generic_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit setattr on generic block devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_setattr_generic_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_setattr_generic_blk_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:blk_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_setattr_generic_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create generic block device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_generic_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_generic_blk_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	create_blk_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_generic_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete generic block device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_delete_generic_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_delete_generic_blk_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	delete_blk_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_delete_generic_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow getattr for generic character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit getattr for generic character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes for generic
+##	character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit setattr for generic character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_setattr_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_setattr_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_setattr_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:chr_file read_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic block device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_generic_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_generic_blk_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:blk_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_generic_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit attempts to read/write generic character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to dontaudit access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_rw_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_rw_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_rw_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create generic character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	create_chr_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete generic character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_delete_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_delete_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	delete_chr_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_delete_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from generic character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_relabelfrom_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabelfrom_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:chr_file relabelfrom_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabelfrom_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes
+##	of symbolic links in device directories (/dev).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_setattr_generic_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_setattr_generic_symlinks'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:lnk_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_setattr_generic_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links in device directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_generic_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_generic_symlinks'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	allow $1 device_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_generic_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create symbolic links in device directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_generic_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_generic_symlinks'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	create_lnk_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_generic_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete symbolic links in device directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_delete_generic_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_delete_generic_symlinks'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	delete_lnk_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_delete_generic_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, delete, read, and write symbolic links in device directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_generic_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_generic_symlinks'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	manage_lnk_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_generic_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel symbolic links in device directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_relabel_generic_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabel_generic_symlinks'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	relabel_lnk_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabel_generic_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Write generic sock files in /dev.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`dev_write_generic_sock_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_generic_sock_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	write_sock_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_generic_sock_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, delete, read, and write device nodes in device directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_all_dev_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_all_dev_nodes'($*)) dnl
+	
+	gen_require(`
+		attribute device_node, memory_raw_read, memory_raw_write;
+		type device_t;
+	')
+
+	manage_dirs_pattern($1, device_t, device_t)
+	manage_sock_files_pattern($1, device_t, device_t)
+	manage_lnk_files_pattern($1, device_t, device_t)
+	manage_chr_files_pattern($1, device_t, { device_t device_node })
+	manage_blk_files_pattern($1, device_t, { device_t device_node })
+	relabel_dirs_pattern($1, device_t, device_t)
+	relabel_chr_files_pattern($1, device_t, { device_t device_node })
+	relabel_blk_files_pattern($1, device_t, { device_t device_node })
+	allow $1 { device_t device_node }:dir watch;
+	allow $1 { device_t device_node }:sock_file watch;
+	allow $1 { device_t device_node }:lnk_file watch;
+	allow $1 { device_t device_node }:chr_file watch;
+	allow $1 { device_t device_node }:blk_file watch;
+
+	# these next rules are to satisfy assertions broken by the above lines.
+	# the permissions hopefully can be cut back a lot
+	storage_raw_read_fixed_disk($1)
+	storage_raw_write_fixed_disk($1)
+	storage_read_scsi_generic($1)
+	storage_write_scsi_generic($1)
+
+	typeattribute $1 memory_raw_read;
+	typeattribute $1 memory_raw_write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_all_dev_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit getattr for generic device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_rw_generic_dev_nodes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_rw_generic_dev_nodes'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	dontaudit $1 device_t:{ chr_file blk_file } { getattr read write ioctl };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_rw_generic_dev_nodes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, delete, read, and write block device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_generic_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_generic_blk_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	manage_blk_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_generic_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, delete, read, and write character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_generic_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_generic_chr_files'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	manage_chr_files_pattern($1, device_t, device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_generic_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, and write device nodes. The node
+##	will be transitioned to the type provided.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file">
+##	<summary>
+##	Type to which the created node will be transitioned.
+##	</summary>
+## </param>
+## <param name="objectclass(es)">
+##	<summary>
+##	Object class(es) (single or set including {}) for which this
+##	the transition will occur.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_filetrans'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	filetrans_pattern($1, device_t, $2, $3, $4)
+
+	dev_associate($2)
+	files_associate_tmp($2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, and write device nodes. The node
+##	will be transitioned to the type provided.  This is
+##	a temporary interface until devtmpfs functionality
+##	fixed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="objectclass(es)">
+##	<summary>
+##	Object class(es) (single or set including {}) for which this
+##	the transition will occur.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_tmpfs_filetrans_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_tmpfs_filetrans_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t;
+	')
+
+	fs_tmpfs_filetrans($1, device_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_tmpfs_filetrans_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr on all block file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dev_getattr_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	getattr_blk_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit getattr on all block file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	dontaudit $1 { device_t device_node }:blk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr on all character file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dev_getattr_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit getattr on all character file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	dontaudit $1 { device_t device_node }:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Setattr on all block file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dev_setattr_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	setattr_blk_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Setattr on all character file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dev_setattr_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit read on all block file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_read_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_read_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+	')
+
+	dontaudit $1 device_node:blk_file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_read_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit write on all block file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_write_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_write_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+	')
+
+	dontaudit $1 device_node:blk_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_write_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit read on all character file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_read_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_read_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+	')
+
+	dontaudit $1 device_node:chr_file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_read_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit write on all character file device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_write_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_write_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+	')
+
+	dontaudit $1 device_node:chr_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_write_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create all block device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	create_blk_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create all character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	create_chr_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete all block device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_delete_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_delete_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	delete_blk_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_delete_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete all character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_delete_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_delete_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	delete_chr_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_delete_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Rename all block device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rename_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rename_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	rename_blk_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rename_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Rename all character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rename_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rename_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	rename_chr_files_pattern($1, device_t, device_node)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rename_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read, write, create, and delete all block device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node;
+		type device_t;
+	')
+
+	manage_blk_files_pattern($1, device_t, device_node)
+
+	# these next rules are to satisfy assertions broken by the above lines.
+	storage_raw_read_fixed_disk($1)
+	storage_raw_write_fixed_disk($1)
+	storage_read_scsi_generic($1)
+	storage_write_scsi_generic($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read, write, create, and delete all character device files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute device_node, memory_raw_read, memory_raw_write;
+		type device_t;
+	')
+
+	manage_chr_files_pattern($1, device_t, device_node)
+
+	typeattribute $1 memory_raw_read, memory_raw_write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the apm bios device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_acpi_bios_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_acpi_bios_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, acpi_bios_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, acpi_bios_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_acpi_bios_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of
+##	the apm bios device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_acpi_bios_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_acpi_bios_dev'($*)) dnl
+	
+	gen_require(`
+		type acpi_bios_t;
+	')
+
+	dontaudit $1 acpi_bios_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_acpi_bios_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the apm bios device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_acpi_bios_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_acpi_bios_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, acpi_bios_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, acpi_bios_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_acpi_bios_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes of
+##	the apm bios device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_setattr_acpi_bios_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_setattr_acpi_bios_dev'($*)) dnl
+	
+	gen_require(`
+		type acpi_bios_t;
+	')
+
+	dontaudit $1 acpi_bios_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_setattr_acpi_bios_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the apm bios.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_acpi_bios',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_acpi_bios'($*)) dnl
+	
+	gen_require(`
+		type device_t, acpi_bios_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, acpi_bios_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_acpi_bios'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr the agp devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_agp_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_agp_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, agp_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, agp_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_agp_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the agp devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_agp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_agp'($*)) dnl
+	
+	gen_require(`
+		type device_t, agp_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, agp_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_agp'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Get the attributes of the autofs device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_autofs_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_autofs_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, autofs_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, autofs_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_autofs_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of
+##	the autofs device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_autofs_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_autofs_dev'($*)) dnl
+	
+	gen_require(`
+		type autofs_device_t;
+	')
+
+	dontaudit $1 autofs_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_autofs_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the autofs device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_autofs_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_autofs_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, autofs_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, autofs_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_autofs_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes of
+##	the autofs device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_setattr_autofs_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_setattr_autofs_dev'($*)) dnl
+	
+	gen_require(`
+		type autofs_device_t;
+	')
+
+	dontaudit $1 autofs_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_setattr_autofs_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the autofs device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_autofs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_autofs'($*)) dnl
+	
+	gen_require(`
+		type device_t, autofs_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, autofs_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_autofs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel the autofs device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_relabel_autofs_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabel_autofs_dev'($*)) dnl
+	
+	gen_require(`
+		type autofs_device_t;
+	')
+
+	allow $1 autofs_device_t:chr_file relabel_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabel_autofs_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write cachefiles character
+##	device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_cachefiles',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_cachefiles'($*)) dnl
+	
+	gen_require(`
+		type device_t, cachefiles_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, cachefiles_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_cachefiles'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the PCMCIA card manager device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_cardmgr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_cardmgr'($*)) dnl
+	
+	gen_require(`
+		type cardmgr_dev_t, device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, cardmgr_dev_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_cardmgr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write the PCMCIA card manager device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_rw_cardmgr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_rw_cardmgr'($*)) dnl
+	
+	gen_require(`
+		type cardmgr_dev_t;
+	')
+
+	dontaudit $1 cardmgr_dev_t:chr_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_rw_cardmgr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	the PCMCIA card manager device
+##	with the correct type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_cardmgr_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_cardmgr_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, cardmgr_dev_t;
+	')
+
+	create_chr_files_pattern($1, device_t, cardmgr_dev_t)
+	create_blk_files_pattern($1, device_t, cardmgr_dev_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_cardmgr_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	the PCMCIA card manager device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_cardmgr_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_cardmgr_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, cardmgr_dev_t;
+	')
+
+	manage_chr_files_pattern($1, device_t, cardmgr_dev_t)
+	manage_blk_files_pattern($1, device_t, cardmgr_dev_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_cardmgr_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Automatic type transition to the type
+##	for PCMCIA card manager device nodes when
+##	created in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_filetrans_cardmgr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_filetrans_cardmgr'($*)) dnl
+	
+	gen_require(`
+		type device_t, cardmgr_dev_t;
+	')
+
+	filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file }, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_filetrans_cardmgr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the CPU
+##	microcode and id interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_cpu_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_cpu_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, cpu_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, cpu_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_cpu_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the CPU
+##	microcode and id interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_cpu_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_cpu_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, cpu_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, cpu_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_cpu_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the CPU identity.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_cpuid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_cpuid'($*)) dnl
+	
+	gen_require(`
+		type device_t, cpu_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, cpu_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_cpuid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the the CPU microcode device. This
+##	is required to load CPU microcode.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_cpu_microcode',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_cpu_microcode'($*)) dnl
+	
+	gen_require(`
+		type device_t, cpu_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, cpu_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_cpu_microcode'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the kernel crash device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_crash',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_crash'($*)) dnl
+	
+	gen_require(`
+		type device_t, crash_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, crash_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_crash'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the the hardware SSL accelerator.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_crypto',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_crypto'($*)) dnl
+	
+	gen_require(`
+		type device_t, crypt_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, crypt_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_crypto'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Set the attributes of the dlm control devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_dlm_control',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_dlm_control'($*)) dnl
+	
+	gen_require(`
+		type device_t, dlm_control_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, dlm_control_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_dlm_control'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write the the dlm control device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_dlm_control',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_dlm_control'($*)) dnl
+	
+	gen_require(`
+		type device_t, dlm_control_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, dlm_control_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_dlm_control'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	getattr the dri devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_dri_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_dri_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, dri_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, dri_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_dri_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Setattr the dri devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_dri_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_dri_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, dri_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, dri_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_dri_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	IOCTL the dri devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_ioctl_dri_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_ioctl_dri_dev'($*)) dnl
+	
+	gen_require(`
+		type dri_device_t;
+	')
+
+	allow $1 dri_device_t:chr_file ioctl;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_ioctl_dri_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the dri devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_dri',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_dri'($*)) dnl
+	
+	gen_require(`
+		type device_t, dri_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, dri_device_t)
+	allow $1 dri_device_t:chr_file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_dri'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit read and write on the dri devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_rw_dri',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_rw_dri'($*)) dnl
+	
+	gen_require(`
+		type dri_device_t;
+	')
+
+	dontaudit $1 dri_device_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_rw_dri'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete the dri devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_dri_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_dri_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, dri_device_t;
+	')
+
+	manage_chr_files_pattern($1, device_t, dri_device_t)
+	allow $1 dri_device_t:chr_file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_dri_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Automatic type transition to the type
+##	for DRI device nodes when created in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_filetrans_dri',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_filetrans_dri'($*)) dnl
+	
+	gen_require(`
+		type device_t, dri_device_t;
+	')
+
+	filetrans_pattern($1, device_t, dri_device_t, chr_file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_filetrans_dri'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Automatic type transition to the type
+##	for event device nodes when created in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_filetrans_input_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_filetrans_input_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, event_device_t;
+	')
+
+	filetrans_pattern($1, device_t, event_device_t, chr_file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_filetrans_input_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the event devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_input_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_input_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, event_device_t;
+	')
+
+	allow $1 device_t:dir list_dir_perms;
+	allow $1 event_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_input_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the event devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_input_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_input_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, event_device_t;
+	')
+
+	allow $1 device_t:dir list_dir_perms;
+	allow $1 event_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_input_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read input event devices (/dev/input).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_input',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_input'($*)) dnl
+	
+	gen_require(`
+		type device_t, event_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, event_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_input'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write input event devices (/dev/input).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_input_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_input_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, event_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, event_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_input_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete input event devices (/dev/input).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_input_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_input_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, event_device_t;
+	')
+
+	manage_chr_files_pattern($1, device_t, event_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_input_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the framebuffer device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_framebuffer_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_framebuffer_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, framebuf_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, framebuf_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_framebuffer_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the framebuffer device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_framebuffer_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_framebuffer_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, framebuf_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, framebuf_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_framebuffer_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dot not audit attempts to set the attributes
+##	of the framebuffer device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_setattr_framebuffer_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_setattr_framebuffer_dev'($*)) dnl
+	
+	gen_require(`
+		type framebuf_device_t;
+	')
+
+	dontaudit $1 framebuf_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_setattr_framebuffer_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the framebuffer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_framebuffer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_framebuffer'($*)) dnl
+	
+	gen_require(`
+		type framebuf_device_t, device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, framebuf_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_framebuffer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read the framebuffer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_read_framebuffer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_read_framebuffer'($*)) dnl
+	
+	gen_require(`
+		type framebuf_device_t;
+	')
+
+	dontaudit $1 framebuf_device_t:chr_file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_read_framebuffer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write the framebuffer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_framebuffer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_framebuffer'($*)) dnl
+	
+	gen_require(`
+		type device_t, framebuf_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, framebuf_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_framebuffer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the framebuffer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_framebuffer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_framebuffer'($*)) dnl
+	
+	gen_require(`
+		type device_t, framebuf_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, framebuf_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_framebuffer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the kernel messages
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_kmsg',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_kmsg'($*)) dnl
+	
+	gen_require(`
+		type device_t, kmsg_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, kmsg_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_kmsg'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read the kernel messages
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_read_kmsg',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_read_kmsg'($*)) dnl
+	
+	gen_require(`
+		type kmsg_device_t;
+	')
+
+	dontaudit $1 kmsg_device_t:chr_file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_read_kmsg'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to the kernel messages device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_kmsg',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_kmsg'($*)) dnl
+	
+	gen_require(`
+		type device_t, kmsg_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, kmsg_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_kmsg'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to the kernel messages device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_kmsg',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_kmsg'($*)) dnl
+	
+	gen_require(`
+		type device_t, kmsg_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, kmsg_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_kmsg'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount on the kernel messages device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_mounton_kmsg',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_mounton_kmsg'($*)) dnl
+	
+	gen_require(`
+		type kmsg_device_t;
+	')
+
+	allow $1 kmsg_device_t:chr_file mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_mounton_kmsg'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the ksm devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_ksm_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_ksm_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, ksm_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, ksm_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_ksm_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the ksm devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_ksm_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_ksm_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, ksm_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, ksm_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_ksm_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the ksm devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_ksm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_ksm'($*)) dnl
+	
+	gen_require(`
+		type device_t, ksm_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, ksm_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_ksm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to ksm devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_ksm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_ksm'($*)) dnl
+	
+	gen_require(`
+		type device_t, ksm_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, ksm_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_ksm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the kvm devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_kvm_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_kvm_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, kvm_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, kvm_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_kvm_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the kvm devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_kvm_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_kvm_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, kvm_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, kvm_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_kvm_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the kvm devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_kvm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_kvm'($*)) dnl
+	
+	gen_require(`
+		type device_t, kvm_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, kvm_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_kvm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to kvm devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_kvm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_kvm'($*)) dnl
+	
+	gen_require(`
+		type device_t, kvm_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, kvm_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_kvm'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read the lirc device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_lirc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_lirc'($*)) dnl
+	
+	gen_require(`
+		type device_t, lirc_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, lirc_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_lirc'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read and write the lirc device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_lirc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_lirc'($*)) dnl
+	
+	gen_require(`
+		type device_t, lirc_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, lirc_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_lirc'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Automatic type transition to the type
+##	for lirc device nodes when created in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_filetrans_lirc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_filetrans_lirc'($*)) dnl
+	
+	gen_require(`
+		type device_t, lirc_device_t;
+	')
+
+	filetrans_pattern($1, device_t, lirc_device_t, chr_file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_filetrans_lirc'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read and write the loop-control device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_loop_control',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_loop_control'($*)) dnl
+	
+	gen_require(`
+		type device_t, loop_control_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, loop_control_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_loop_control'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the lvm comtrol device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_lvm_control',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_lvm_control'($*)) dnl
+	
+	gen_require(`
+		type device_t, lvm_control_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, lvm_control_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_lvm_control'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the lvm comtrol device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_lvm_control',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_lvm_control'($*)) dnl
+	
+	gen_require(`
+		type device_t, lvm_control_t;
+	')
+
+	read_chr_files_pattern($1, device_t, lvm_control_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_lvm_control'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the lvm control device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_lvm_control',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_lvm_control'($*)) dnl
+	
+	gen_require(`
+		type device_t, lvm_control_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, lvm_control_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_lvm_control'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write lvm control device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_rw_lvm_control',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_rw_lvm_control'($*)) dnl
+	
+	gen_require(`
+		type lvm_control_t;
+	')
+
+	dontaudit $1 lvm_control_t:chr_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_rw_lvm_control'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete the lvm control device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_delete_lvm_control_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_delete_lvm_control_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, lvm_control_t;
+	')
+
+	delete_chr_files_pattern($1, device_t, lvm_control_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_delete_lvm_control_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit getattr raw memory devices (e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_memory_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_memory_dev'($*)) dnl
+	
+	gen_require(`
+		type memory_device_t;
+	')
+
+	dontaudit $1 memory_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_memory_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read raw memory devices (e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_raw_memory',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_raw_memory'($*)) dnl
+	
+	gen_require(`
+		type device_t, memory_device_t;
+		attribute memory_raw_read;
+	')
+
+	read_chr_files_pattern($1, device_t, memory_device_t)
+
+	allow $1 self:capability sys_rawio;
+	typeattribute $1 memory_raw_read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_raw_memory'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read raw memory devices
+##	(e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_read_raw_memory',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_read_raw_memory'($*)) dnl
+	
+	gen_require(`
+		type memory_device_t;
+	')
+
+	dontaudit $1 memory_device_t:chr_file read_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_read_raw_memory'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write raw memory devices (e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_raw_memory',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_raw_memory'($*)) dnl
+	
+	gen_require(`
+		type device_t, memory_device_t;
+		attribute memory_raw_write;
+	')
+
+	write_chr_files_pattern($1, device_t, memory_device_t)
+
+	allow $1 self:capability sys_rawio;
+	typeattribute $1 memory_raw_write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_raw_memory'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and execute raw memory devices (e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rx_raw_memory',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rx_raw_memory'($*)) dnl
+	
+	gen_require(`
+		type memory_device_t;
+	')
+
+	dev_read_raw_memory($1)
+	allow $1 memory_device_t:chr_file { map execute };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rx_raw_memory'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write and execute raw memory devices (e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_wx_raw_memory',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_wx_raw_memory'($*)) dnl
+	
+	gen_require(`
+		type memory_device_t;
+	')
+
+	dev_write_raw_memory($1)
+	allow $1 memory_device_t:chr_file { map execute };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_wx_raw_memory'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_misc_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_misc_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, misc_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, misc_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_misc_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_misc_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_misc_dev'($*)) dnl
+	
+	gen_require(`
+		type misc_device_t;
+	')
+
+	dontaudit $1 misc_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_misc_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_misc_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_misc_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, misc_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, misc_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_misc_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes
+##	of miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_setattr_misc_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_setattr_misc_dev'($*)) dnl
+	
+	gen_require(`
+		type misc_device_t;
+	')
+
+	dontaudit $1 misc_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_setattr_misc_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_misc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_misc'($*)) dnl
+	
+	gen_require(`
+		type device_t, misc_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, misc_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_misc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_misc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_misc'($*)) dnl
+	
+	gen_require(`
+		type device_t, misc_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, misc_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_misc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_rw_misc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_rw_misc'($*)) dnl
+	
+	gen_require(`
+		type misc_device_t;
+	')
+
+	dontaudit $1 misc_device_t:chr_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_rw_misc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the modem devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_modem_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_modem_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, modem_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, modem_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_modem_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the modem devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_modem_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_modem_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, modem_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, modem_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_modem_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the modem devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_modem',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_modem'($*)) dnl
+	
+	gen_require(`
+		type device_t, modem_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, modem_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_modem'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to modem devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_modem',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_modem'($*)) dnl
+	
+	gen_require(`
+		type device_t, modem_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, modem_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_modem'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the mouse devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_mouse_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_mouse_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, mouse_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, mouse_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_mouse_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the mouse devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_mouse_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_mouse_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, mouse_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, mouse_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_mouse_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the mouse devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_mouse',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_mouse'($*)) dnl
+	
+	gen_require(`
+		type device_t, mouse_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, mouse_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_mouse'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to mouse devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_mouse',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_mouse'($*)) dnl
+	
+	gen_require(`
+		type device_t, mouse_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, mouse_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_mouse'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the memory type range
+##	registers (MTRR) device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_mtrr_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_mtrr_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, mtrr_device_t;
+	')
+
+	getattr_files_pattern($1, device_t, mtrr_device_t)
+	getattr_chr_files_pattern($1, device_t, mtrr_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_mtrr_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write the memory type
+##	range registers (MTRR).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_write_mtrr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_write_mtrr'($*)) dnl
+	
+	gen_require(`
+		type mtrr_device_t;
+	')
+
+	dontaudit $1 mtrr_device_t:file write;
+	dontaudit $1 mtrr_device_t:chr_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_write_mtrr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the memory type range registers (MTRR).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_mtrr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_mtrr'($*)) dnl
+	
+	gen_require(`
+		type device_t, mtrr_device_t;
+	')
+
+	rw_files_pattern($1, device_t, mtrr_device_t)
+	rw_chr_files_pattern($1, device_t, mtrr_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_mtrr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the network control device  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_netcontrol_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_netcontrol_dev'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, use dev_getattr_pmqos_dev() instead.')
+	dev_getattr_pmqos_dev($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_netcontrol_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the network control identity.  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_netcontrol',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_netcontrol'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, use dev_read_pmqos() instead.')
+	dev_read_pmqos($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_netcontrol'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the the network control device.  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_netcontrol',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_netcontrol'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, use dev_rw_pmqos() instead.')
+	dev_rw_pmqos($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_netcontrol'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the null device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_null_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_null_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, null_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, null_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_null_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the null device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_null_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_null_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, null_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, null_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_null_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete the null device (/dev/null).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_delete_null',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_delete_null'($*)) dnl
+	
+	gen_require(`
+		type device_t, null_device_t;
+	')
+
+	delete_chr_files_pattern($1, device_t, null_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_delete_null'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to the null device (/dev/null).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_null',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_null'($*)) dnl
+	
+	gen_require(`
+		type device_t, null_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, null_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_null'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create the null device (/dev/null).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_null_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_null_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, null_device_t;
+	')
+
+	create_chr_files_pattern($1, device_t, null_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_null_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Manage services with script type null_device_t for when
+##     /lib/systemd/system/something.service is a link to /dev/null
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`dev_manage_null_service',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_null_service'($*)) dnl
+	
+	gen_require(`
+		type null_device_t;
+		class service { status start stop reload };
+	')
+
+	allow $1 null_device_t:service { status start stop reload };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_null_service'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of the BIOS non-volatile RAM device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_nvram_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_nvram_dev'($*)) dnl
+	
+	gen_require(`
+		type nvram_device_t;
+	')
+
+	dontaudit $1 nvram_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_nvram_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write BIOS non-volatile RAM.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_nvram',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_nvram'($*)) dnl
+	
+	gen_require(`
+		type nvram_device_t, device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, nvram_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_nvram'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the printer device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_printer_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_printer_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, printer_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, printer_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_printer_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the printer device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_printer_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_printer_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, printer_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, printer_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_printer_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append the printer device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for lpd/checkpc_t
+ 	 	define(`dev_append_printer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_append_printer'($*)) dnl
+	
+	gen_require(`
+		type device_t, printer_device_t;
+	')
+
+	append_chr_files_pattern($1, device_t, printer_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_append_printer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the printer device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_printer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_printer'($*)) dnl
+	
+	gen_require(`
+		type device_t, printer_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, printer_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_printer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of PM QoS devices
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_pmqos_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_pmqos_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, pmqos_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, pmqos_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_pmqos_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the PM QoS devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_pmqos',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_pmqos'($*)) dnl
+	
+	gen_require(`
+		type device_t, pmqos_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, pmqos_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_pmqos'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the the PM QoS devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_pmqos',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_pmqos'($*)) dnl
+	
+	gen_require(`
+		type device_t, pmqos_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, pmqos_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_pmqos'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read printk devices (e.g., /dev/kmsg /dev/mcelog)
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_printk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_printk'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_printk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the QEMU
+##	microcode and id interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_qemu_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_qemu_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, qemu_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, qemu_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_qemu_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the QEMU
+##	microcode and id interfaces.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_qemu_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_qemu_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, qemu_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, qemu_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_qemu_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the QEMU device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_qemu',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_qemu'($*)) dnl
+	
+	gen_require(`
+		type device_t, qemu_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, qemu_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_qemu'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the the QEMU device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_qemu',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_qemu'($*)) dnl
+	
+	gen_require(`
+		type device_t, qemu_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, qemu_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_qemu'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read from random number generator
+##	devices (e.g., /dev/random).
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read from random number
+##	generator devices (e.g., /dev/random).  Typically this is
+##	used in situations when a cryptographically secure random
+##	number is needed.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>dev_read_urand()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`dev_read_rand',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_rand'($*)) dnl
+	
+	gen_require(`
+		type device_t, random_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, random_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_rand'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read from random
+##	number generator devices (e.g., /dev/random)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_read_rand',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_read_rand'($*)) dnl
+	
+	gen_require(`
+		type random_device_t;
+	')
+
+	dontaudit $1 random_device_t:chr_file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_read_rand'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to append to random
+##	number generator devices (e.g., /dev/random)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_append_rand',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_append_rand'($*)) dnl
+	
+	gen_require(`
+		type random_device_t;
+	')
+
+	dontaudit $1 random_device_t:chr_file append_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_append_rand'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to the random device (e.g., /dev/random). This adds
+##	entropy used to generate the random data read from the
+##	random device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_rand',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_rand'($*)) dnl
+	
+	gen_require(`
+		type device_t, random_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, random_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_rand'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the realtime clock (/dev/rtc).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_realtime_clock',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_realtime_clock'($*)) dnl
+	
+	gen_require(`
+		type device_t, clock_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, clock_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_realtime_clock'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the realtime clock (/dev/rtc).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_realtime_clock',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_realtime_clock'($*)) dnl
+	
+	gen_require(`
+		type device_t, clock_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, clock_device_t)
+
+	allow $1 clock_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_realtime_clock'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and set the realtime clock (/dev/rtc).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_realtime_clock',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_realtime_clock'($*)) dnl
+	
+	dev_read_realtime_clock($1)
+	dev_write_realtime_clock($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_realtime_clock'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the scanner device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_scanner_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_scanner_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, scanner_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, scanner_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_scanner_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of
+##	the scanner device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_scanner_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_scanner_dev'($*)) dnl
+	
+	gen_require(`
+		type scanner_device_t;
+	')
+
+	dontaudit $1 scanner_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_scanner_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the scanner device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_scanner_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_scanner_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, scanner_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, scanner_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_scanner_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes of
+##	the scanner device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_setattr_scanner_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_setattr_scanner_dev'($*)) dnl
+	
+	gen_require(`
+		type scanner_device_t;
+	')
+
+	dontaudit $1 scanner_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_setattr_scanner_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the scanner device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_scanner',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_scanner'($*)) dnl
+	
+	gen_require(`
+		type device_t, scanner_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, scanner_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_scanner'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the sound devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_sound_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_sound_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, sound_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, sound_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_sound_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the sound devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_sound_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_sound_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, sound_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, sound_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_sound_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the sound devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_sound',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_sound'($*)) dnl
+	
+	gen_require(`
+		type device_t, sound_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, sound_device_t)
+	allow $1 sound_device_t:chr_file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_sound'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write the sound devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_sound',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_sound'($*)) dnl
+	
+	gen_require(`
+		type device_t, sound_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, sound_device_t)
+	allow $1 sound_device_t:chr_file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_sound'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the sound mixer devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_sound_mixer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_sound_mixer'($*)) dnl
+	
+	gen_require(`
+		type device_t, sound_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, sound_device_t)
+	allow $1 sound_device_t:chr_file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_sound_mixer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write the sound mixer devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_sound_mixer',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_sound_mixer'($*)) dnl
+	
+	gen_require(`
+		type device_t, sound_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, sound_device_t)
+	allow $1 sound_device_t:chr_file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_sound_mixer'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the the power management device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_power_mgmt_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_power_mgmt_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, power_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, power_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_power_mgmt_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the the power management device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_power_mgmt_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_power_mgmt_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, power_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, power_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_power_mgmt_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the the power management device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_power_management',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_power_management'($*)) dnl
+	
+	gen_require(`
+		type device_t, power_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, power_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_power_management'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr on smartcard devices
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_smartcard_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_smartcard_dev'($*)) dnl
+	
+	gen_require(`
+		type smartcard_device_t;
+	')
+
+	allow $1 smartcard_device_t:chr_file getattr;
+
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_smartcard_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit getattr on smartcard devices
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_smartcard_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_smartcard_dev'($*)) dnl
+	
+	gen_require(`
+		type smartcard_device_t;
+	')
+
+	dontaudit $1 smartcard_device_t:chr_file getattr;
+
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_smartcard_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write smartcard devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_smartcard',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_smartcard'($*)) dnl
+	
+	gen_require(`
+		type device_t, smartcard_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, smartcard_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_smartcard'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete smartcard devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_smartcard',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_smartcard'($*)) dnl
+	
+	gen_require(`
+		type device_t, smartcard_device_t;
+	')
+
+	manage_chr_files_pattern($1, device_t, smartcard_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_smartcard'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on sysfs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allow access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_mounton_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_mounton_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	allow $1 sysfs_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_mounton_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Associate a file to a sysfs filesystem.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	The type of the file to be associated to sysfs.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_associate_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_associate_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	allow $1 sysfs_t:filesystem associate;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_associate_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of sysfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_sysfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_sysfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	allow $1 sysfs_t:dir getattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_sysfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of sysfs filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	allow $1 sysfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     mount a sysfs filesystem
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`dev_mount_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_mount_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	allow $1 sysfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_mount_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit getting the attributes of sysfs filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to dontaudit access from
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	dontaudit $1 sysfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dont audit attempts to read hardware state information
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain for which the attempts do not need to be audited
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_read_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_read_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	dontaudit $1 sysfs_t:file read_file_perms;
+	dontaudit $1 sysfs_t:dir list_dir_perms;
+	dontaudit $1 sysfs_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_read_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     mounton sysfs directories.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`dev_mounton_sysfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_mounton_sysfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	allow $1 sysfs_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_mounton_sysfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the sysfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_search_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_search_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	search_dirs_pattern($1, sysfs_t, sysfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_search_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search sysfs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_search_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_search_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	dontaudit $1 sysfs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_search_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of the sysfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_list_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_list_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	list_dirs_pattern($1, sysfs_t, sysfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_list_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write in a sysfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for cpuspeed
+ 	 	define(`dev_write_sysfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_sysfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	allow $1 sysfs_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_sysfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write in a sysfs directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_write_sysfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_write_sysfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	dontaudit $1 sysfs_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_write_sysfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete sysfs
+##	directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_sysfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_sysfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	manage_dirs_pattern($1, sysfs_t, sysfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_sysfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read hardware state information.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read the contents of
+##	the sysfs filesystem.  This filesystem contains
+##	information, parameters, and other settings on the
+##	hardware installed on the system.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`dev_read_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	read_files_pattern($1, sysfs_t, sysfs_t)
+	read_lnk_files_pattern($1, sysfs_t, sysfs_t)
+
+	list_dirs_pattern($1, sysfs_t, sysfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to modify hardware state information.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_sysfs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	rw_files_pattern($1, sysfs_t, sysfs_t)
+	read_lnk_files_pattern($1, sysfs_t, sysfs_t)
+
+	list_dirs_pattern($1, sysfs_t, sysfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Add a sysfs file
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_sysfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_sysfs_files'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	create_files_pattern($1, sysfs_t, sysfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_sysfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Relabel hardware state directories.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`dev_relabel_sysfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabel_sysfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type sysfs_t;
+	')
+
+	relabel_dirs_pattern($1, sysfs_t, sysfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabel_sysfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from/to all sysfs types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_relabel_all_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabel_all_sysfs'($*)) dnl
+	
+	gen_require(`
+		attribute sysfs_types;
+	')
+
+	allow $1 sysfs_types:dir { list_dir_perms relabel_dir_perms };
+	allow $1 sysfs_types:file relabel_file_perms;
+	allow $1 sysfs_types:lnk_file relabel_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabel_all_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##  Set the attributes of sysfs files, directories and symlinks.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`dev_setattr_all_sysfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_all_sysfs'($*)) dnl
+	
+    gen_require(`
+        attribute sysfs_types;
+    ')
+
+    allow $1 sysfs_types:dir { search_dir_perms setattr };
+    allow $1 sysfs_types:file setattr;
+    allow $1 sysfs_types:lnk_file { read_lnk_file_perms setattr };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_all_sysfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the TPM device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_tpm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_tpm'($*)) dnl
+	
+	gen_require(`
+		type device_t, tpm_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, tpm_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_tpm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read from pseudo random number generator devices (e.g., /dev/urandom).
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read from pseudo random number
+##	generator devices (e.g., /dev/urandom).  Typically this is
+##	used in situations when a cryptographically secure random
+##	number is not necessarily needed.  One example is the Stack
+##	Smashing Protector (SSP, formerly known as ProPolice) support
+##	that may be compiled into programs.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>dev_read_rand()</li>
+##	</ul>
+##	<p>
+##	Related tunable:
+##	</p>
+##	<ul>
+##		<li>global_ssp</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`dev_read_urand',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_urand'($*)) dnl
+	
+	gen_require(`
+		type device_t, urandom_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, urandom_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_urand'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read from pseudo
+##	random devices (e.g., /dev/urandom)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_read_urand',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_read_urand'($*)) dnl
+	
+	gen_require(`
+		type urandom_device_t;
+	')
+
+	dontaudit $1 urandom_device_t:chr_file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_read_urand'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to the pseudo random device (e.g., /dev/urandom). This
+##	sets the random number generator seed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_urand',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_urand'($*)) dnl
+	
+	gen_require(`
+		type device_t, urandom_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, urandom_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_urand'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr generic the USB devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_generic_usb_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_generic_usb_dev'($*)) dnl
+	
+	gen_require(`
+		type usb_device_t, device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, usb_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_generic_usb_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Setattr generic the USB devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_generic_usb_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_generic_usb_dev'($*)) dnl
+	
+	gen_require(`
+		type usb_device_t, device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, usb_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_generic_usb_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic the USB devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_generic_usb_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_generic_usb_dev'($*)) dnl
+	
+	gen_require(`
+		type usb_device_t, device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, usb_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_generic_usb_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic the USB devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_generic_usb_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_generic_usb_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, usb_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, usb_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_generic_usb_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel generic the USB devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_relabel_generic_usb_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabel_generic_usb_dev'($*)) dnl
+	
+	gen_require(`
+		type usb_device_t, device_t;
+	')
+
+	relabel_chr_files_pattern($1, device_t, usb_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabel_generic_usb_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read USB monitor devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_usbmon_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_usbmon_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, usbmon_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, usbmon_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_usbmon_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write USB monitor devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_usbmon_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_usbmon_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, usbmon_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, usbmon_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_usbmon_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a usbfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_mount_usbfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_mount_usbfs'($*)) dnl
+	
+	gen_require(`
+		type usbfs_t;
+	')
+
+	allow $1 usbfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_mount_usbfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Associate a file to a usbfs filesystem.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	The type of the file to be associated to usbfs.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_associate_usbfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_associate_usbfs'($*)) dnl
+	
+	gen_require(`
+		type usbfs_t;
+	')
+
+	allow $1 usbfs_t:filesystem associate;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_associate_usbfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a directory in the usb filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_usbfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_usbfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type usbfs_t;
+	')
+
+	allow $1 usbfs_t:dir getattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_usbfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of a directory in the usb filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_usbfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_usbfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type usbfs_t;
+	')
+
+	dontaudit $1 usbfs_t:dir getattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_usbfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the directory containing USB hardware information.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_search_usbfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_search_usbfs'($*)) dnl
+	
+	gen_require(`
+		type usbfs_t;
+	')
+
+	search_dirs_pattern($1, usbfs_t, usbfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_search_usbfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to get a list of usb hardware.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_list_usbfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_list_usbfs'($*)) dnl
+	
+	gen_require(`
+		type usbfs_t;
+	')
+
+	read_lnk_files_pattern($1, usbfs_t, usbfs_t)
+	getattr_files_pattern($1, usbfs_t, usbfs_t)
+
+	list_dirs_pattern($1, usbfs_t, usbfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_list_usbfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of usbfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_usbfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_usbfs_files'($*)) dnl
+	
+	gen_require(`
+		type usbfs_t;
+	')
+
+	setattr_files_pattern($1, usbfs_t, usbfs_t)
+	list_dirs_pattern($1, usbfs_t, usbfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_usbfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read USB hardware information using
+##	the usbfs filesystem interface.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_usbfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_usbfs'($*)) dnl
+	
+	gen_require(`
+		type usbfs_t;
+	')
+
+	read_files_pattern($1, usbfs_t, usbfs_t)
+	read_lnk_files_pattern($1, usbfs_t, usbfs_t)
+	list_dirs_pattern($1, usbfs_t, usbfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_usbfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow caller to modify usb hardware configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_usbfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_usbfs'($*)) dnl
+	
+	gen_require(`
+		type usbfs_t;
+	')
+
+	list_dirs_pattern($1, usbfs_t, usbfs_t)
+	rw_files_pattern($1, usbfs_t, usbfs_t)
+	read_lnk_files_pattern($1, usbfs_t, usbfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_usbfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of video4linux devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_video_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_video_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, v4l_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, v4l_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_video_dev'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read and write userio device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_userio_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_userio_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, userio_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, userio_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_userio_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of video4linux device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_getattr_video_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_getattr_video_dev'($*)) dnl
+	
+	gen_require(`
+		type v4l_device_t;
+	')
+
+	dontaudit $1 v4l_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_getattr_video_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of video4linux device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_video_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_video_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, v4l_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, v4l_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_video_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes
+##	of video4linux device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_setattr_video_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_setattr_video_dev'($*)) dnl
+	
+	gen_require(`
+		type v4l_device_t;
+	')
+
+	dontaudit $1 v4l_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_setattr_video_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the video4linux devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_video_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_video_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, v4l_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, v4l_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_video_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write the video4linux devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_video_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_video_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, v4l_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, v4l_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_video_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Read and write vfio devices.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`dev_rw_vfio_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_vfio_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, vfio_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, vfio_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_vfio_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Relabel vfio devices.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`dev_relabelfrom_vfio_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabelfrom_vfio_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, vfio_device_t;
+	')
+
+	relabelfrom_chr_files_pattern($1, device_t, vfio_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabelfrom_vfio_dev'($*)) dnl
+	')
+
+
+############################
+## <summary>
+##	Allow read/write the vhost devices
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_vhost',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_vhost'($*)) dnl
+	
+	gen_require(`
+		type device_t, vhost_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, vhost_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_vhost'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write VMWare devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_vmware',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_vmware'($*)) dnl
+	
+	gen_require(`
+		type device_t, vmware_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, vmware_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_vmware'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read, write, and mmap VMWare devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rwx_vmware',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rwx_vmware'($*)) dnl
+	
+	gen_require(`
+		type vmware_device_t;
+	')
+
+	dev_rw_vmware($1)
+	allow $1 vmware_device_t:chr_file { map execute };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rwx_vmware'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read from watchdog devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_watchdog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_watchdog'($*)) dnl
+	
+	gen_require(`
+		type device_t, watchdog_device_t;
+	')
+
+	read_chr_files_pattern($1, device_t, watchdog_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_watchdog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to watchdog devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_write_watchdog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_write_watchdog'($*)) dnl
+	
+	gen_require(`
+		type device_t, watchdog_device_t;
+	')
+
+	write_chr_files_pattern($1, device_t, watchdog_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_write_watchdog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the the wireless device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_wireless',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_wireless'($*)) dnl
+	
+	gen_require(`
+		type device_t, wireless_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, wireless_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_wireless'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	manage the wireless device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_wireless',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_wireless'($*)) dnl
+	
+	gen_require(`
+		type device_t, wireless_device_t;
+	')
+
+	manage_chr_files_pattern($1, device_t, wireless_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_wireless'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write Xen devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_xen',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_xen'($*)) dnl
+	
+	gen_require(`
+		type device_t, xen_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, xen_device_t)
+	allow $1 xen_device_t:chr_file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_xen'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete Xen devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_manage_xen',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_manage_xen'($*)) dnl
+	
+	gen_require(`
+		type device_t, xen_device_t;
+	')
+
+	manage_chr_files_pattern($1, device_t, xen_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_manage_xen'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Automatic type transition to the type
+##	for xen device nodes when created in /dev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_filetrans_xen',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_filetrans_xen'($*)) dnl
+	
+	gen_require(`
+		type device_t, xen_device_t;
+	')
+
+	filetrans_pattern($1, device_t, xen_device_t, chr_file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_filetrans_xen'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of X server miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_getattr_xserver_misc_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_getattr_xserver_misc_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, xserver_misc_device_t;
+	')
+
+	getattr_chr_files_pattern($1, device_t, xserver_misc_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_getattr_xserver_misc_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of X server miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_setattr_xserver_misc_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_setattr_xserver_misc_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, xserver_misc_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, xserver_misc_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_setattr_xserver_misc_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write X server miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_xserver_misc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_xserver_misc'($*)) dnl
+	
+	gen_require(`
+		type device_t, xserver_misc_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, xserver_misc_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_xserver_misc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Map X server miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_map_xserver_misc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_map_xserver_misc'($*)) dnl
+	
+	gen_require(`
+		type xserver_misc_device_t;
+	')
+
+	allow $1 xserver_misc_device_t:chr_file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_map_xserver_misc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to the zero device (/dev/zero).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rw_zero',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rw_zero'($*)) dnl
+	
+	gen_require(`
+		type device_t, zero_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, zero_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rw_zero'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read, write, and execute the zero device (/dev/zero).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_rwx_zero',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_rwx_zero'($*)) dnl
+	
+	gen_require(`
+		type zero_device_t;
+	')
+
+	dev_rw_zero($1)
+	allow $1 zero_device_t:chr_file { map execute };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_rwx_zero'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execmod the zero device (/dev/zero).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_execmod_zero',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_execmod_zero'($*)) dnl
+	
+	gen_require(`
+		type zero_device_t;
+	')
+
+	dev_rw_zero($1)
+	allow $1 zero_device_t:chr_file execmod;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_execmod_zero'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create the zero device (/dev/zero).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_create_zero_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_create_zero_dev'($*)) dnl
+	
+	gen_require(`
+		type device_t, zero_device_t;
+	')
+
+	create_chr_files_pattern($1, device_t, zero_device_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_create_zero_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cpu online hardware state information
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read /sys/devices/system/cpu/online
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_read_cpu_online',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_read_cpu_online'($*)) dnl
+	
+	gen_require(`
+		type cpu_online_t;
+	')
+
+	allow $1 cpu_online_t:file read_file_perms;
+
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_read_cpu_online'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute devices_unconfined_type;
+	')
+
+	typeattribute $1 devices_unconfined_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_unconfined'($*)) dnl
+	')
+
+
+# We cannot use ifdef distro_gentoo for interfaces
+
+########################################
+## <summary>
+##	Relabel cpu online hardware state information.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_relabel_cpu_online',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_relabel_cpu_online'($*)) dnl
+	
+	gen_require(`
+		type cpu_online_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 cpu_online_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_relabel_cpu_online'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dont audit attempts to read usbmon devices
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain for which the attempts do not need to be audited
+##	</summary>
+## </param>
+#
+ 	 	define(`dev_dontaudit_read_usbmon_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dev_dontaudit_read_usbmon_dev'($*)) dnl
+	
+	gen_require(`
+		type usbmon_device_t;
+	')
+
+	dontaudit $1 usbmon_device_t:chr_file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dev_dontaudit_read_usbmon_dev'($*)) dnl
+	')
+
+
+## <summary>Multicategory security policy</summary>
+## <required val="true">
+##	Contains attributes used in MCS policy.
+## </required>
+
+########################################
+## <summary>
+##	Constrain by category access control (MCS).
+## </summary>
+## <desc>
+##	<p>
+##	Constrain the specified type by category based
+##	access control (MCS) This prevents this domain from
+##	interacting with subjects and operating on objects
+##	that it otherwise would be able to interact
+##	with or operate on respectively.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be constrained by MCS.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`mcs_constrained',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mcs_constrained'($*)) dnl
+	
+	gen_require(`
+		attribute mcs_constrained_type;
+	')
+
+	typeattribute $1 mcs_constrained_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mcs_constrained'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	This domain is allowed to read files and directories
+##	regardless of their MCS category set.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain target for user exemption.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mcs_file_read_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mcs_file_read_all'($*)) dnl
+	
+	gen_require(`
+		attribute mcsreadall;
+	')
+
+	typeattribute $1 mcsreadall;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mcs_file_read_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	This domain is allowed to write files and directories
+##	regardless of their MCS category set.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain target for user exemption.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mcs_file_write_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mcs_file_write_all'($*)) dnl
+	
+	gen_require(`
+		attribute mcswriteall;
+	')
+
+	typeattribute $1 mcswriteall;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mcs_file_write_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	This domain is allowed to sigkill and sigstop
+##	all domains regardless of their MCS category set.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain target for user exemption.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mcs_killall',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mcs_killall'($*)) dnl
+	
+	gen_require(`
+		attribute mcskillall;
+	')
+
+	typeattribute $1 mcskillall;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mcs_killall'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	This domain is allowed to ptrace
+##	all domains regardless of their MCS
+##	category set.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain target for user exemption.
+##	</summary>
+## </param>
+#
+ 	 	define(`mcs_ptrace_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mcs_ptrace_all'($*)) dnl
+	
+	gen_require(`
+		attribute mcsptraceall;
+	')
+
+	typeattribute $1 mcsptraceall;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mcs_ptrace_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MCS trusted
+##	for setting any category set for
+##	the processes it executes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain target for user exemption.
+##	</summary>
+## </param>
+#
+ 	 	define(`mcs_process_set_categories',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mcs_process_set_categories'($*)) dnl
+	
+	gen_require(`
+		attribute mcssetcats;
+	')
+
+	typeattribute $1 mcssetcats;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mcs_process_set_categories'($*)) dnl
+	')
+
+## <summary>
+## Core policy for shells, and generic programs
+## in /bin, /sbin, /usr/bin, and /usr/sbin.
+## </summary>
+## <required val="true">
+##	Contains the base bin and sbin directory types
+##	which need to be searched for the kernel to
+##	run init.
+## </required>
+
+########################################
+## <summary>
+##	Make the specified type usable for files
+##	that are exectuables, such as binary programs.
+##	This does not include shared libraries.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used for files.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_executable_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_executable_file'($*)) dnl
+	
+	gen_require(`
+		attribute exec_type;
+	')
+
+	typeattribute $1 exec_type;
+
+	files_type($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_executable_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make general progams in bin an entrypoint for
+##	the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain for which bin_t is an entrypoint.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_bin_entry_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_bin_entry_type'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	domain_entry_file($1, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_bin_entry_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the shell an entrypoint for the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain for which the shell is an entrypoint.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_shell_entry_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_shell_entry_type'($*)) dnl
+	
+	gen_require(`
+		type shell_exec_t;
+	')
+
+	domain_entry_file($1, shell_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_shell_entry_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of bin directories.
+##	Also allow to read a possible /bin->/usr/bin symlink.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_search_bin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_search_bin'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	read_lnk_files_pattern($1, bin_t, bin_t)
+	files_search_usr($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_search_bin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the contents of bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_dontaudit_search_bin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_dontaudit_search_bin'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	dontaudit $1 bin_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_dontaudit_search_bin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_list_bin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_list_bin'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	list_dirs_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_list_bin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_dontaudit_write_bin_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_dontaudit_write_bin_dirs'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	dontaudit $1 bin_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_dontaudit_write_bin_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of files in bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_getattr_bin_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_getattr_bin_files'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	getattr_files_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_getattr_bin_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of files in bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_dontaudit_getattr_bin_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_dontaudit_getattr_bin_files'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	dontaudit $1 bin_t:dir search_dir_perms;
+	dontaudit $1 bin_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_dontaudit_getattr_bin_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Check if files in bin directories are executable (DAC-wise)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_check_exec_bin_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_check_exec_bin_files'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	allow $1 bin_t:dir search_dir_perms;
+	allow $1 bin_t:file { execute getattr };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_check_exec_bin_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files in bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_read_bin_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_read_bin_files'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	read_files_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_read_bin_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write bin files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_dontaudit_write_bin_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_dontaudit_write_bin_files'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	dontaudit $1 bin_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_dontaudit_write_bin_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links in bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_read_bin_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_read_bin_symlinks'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated, please use corecmd_search_bin() instead.')
+
+	corecmd_search_bin($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_read_bin_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read pipes in bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_read_bin_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_read_bin_pipes'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	read_fifo_files_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_read_bin_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read named sockets in bin directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_read_bin_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_read_bin_sockets'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	read_sock_files_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_read_bin_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute generic programs in bin directories,
+##	in the caller domain.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to execute generic programs
+##	in system bin directories (/bin, /sbin, /usr/bin,
+##	/usr/sbin) a without domain transition.
+##	</p>
+##	<p>
+##	Typically, this interface should be used when the domain
+##	executes general system progams within the privileges
+##	of the source domain.  Some examples of these programs
+##	are ls, cp, sed, python, and tar. This does not include
+##	shells, such as bash.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corecmd_exec_shell()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_exec_bin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_exec_bin'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_list_bin($1)
+	can_exec($1, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_exec_bin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete bin files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_manage_bin_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_manage_bin_files'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	manage_files_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_manage_bin_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from the bin type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_relabel_bin_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_relabel_bin_files'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	relabel_files_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_relabel_bin_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mmap a bin file as executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_mmap_bin_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_mmap_bin_files'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	mmap_exec_files_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_mmap_bin_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a file in a bin directory
+##	in the specified domain but do not
+##	do it automatically. This is an explicit
+##	transition, requiring the caller to use setexeccon().
+## </summary>
+## <desc>
+##	<p>
+##	Execute a file in a bin directory
+##	in the specified domain.  This allows
+##	the specified domain to execute any file
+##	on these filesystems in the specified
+##	domain.  This is not suggested.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+##	<p>
+##	This interface was added to handle
+##	the userhelper policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the new process.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_bin_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_bin_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	domain_transition_pattern($1, bin_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_bin_spec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a file in a bin directory
+##	in the specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute a file in a bin directory
+##	in the specified domain.  This allows
+##	the specified domain to execute any file
+##	on these filesystems in the specified
+##	domain.  This is not suggested.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+##	<p>
+##	This interface was added to handle
+##	the ssh-agent policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the new process.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_bin_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_bin_domtrans'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	corecmd_bin_spec_domtrans($1, $2)
+	type_transition $1 bin_t:process $2;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_bin_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Check if a shell is executable (DAC-wise).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_check_exec_shell',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_check_exec_shell'($*)) dnl
+	
+	gen_require(`
+		type shell_exec_t;
+	')
+
+	corecmd_list_bin($1)
+	allow $1 shell_exec_t:file execute;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_check_exec_shell'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute shells in the caller domain.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to execute shells without
+##	a domain transition.
+##	</p>
+##	<p>
+##	Typically, this interface should be used when the domain
+##	executes shells within the privileges
+##	of the source domain.  Some examples of these programs
+##	are bash, tcsh, and zsh.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corecmd_exec_bin()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_exec_shell',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_exec_shell'($*)) dnl
+	
+	gen_require(`
+		type shell_exec_t;
+	')
+
+	corecmd_list_bin($1)
+	can_exec($1, shell_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_exec_shell'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a shell in the target domain.  This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
+## <desc>
+##	<p>
+##	Execute a shell in the target domain.  This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the shell process.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_shell_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_shell_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type shell_exec_t;
+	')
+
+	corecmd_list_bin($1)
+	domain_transition_pattern($1, shell_exec_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_shell_spec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a shell in the specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute a shell in the specified domain.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the shell process.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_shell_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_shell_domtrans'($*)) dnl
+	
+	gen_require(`
+		type shell_exec_t;
+	')
+
+	corecmd_shell_spec_domtrans($1, $2)
+	type_transition $1 shell_exec_t:process $2;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_shell_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute chroot in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_exec_chroot',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_exec_chroot'($*)) dnl
+	
+	gen_require(`
+		type chroot_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, chroot_exec_t)
+	allow $1 self:capability sys_chroot;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_exec_chroot'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`corecmd_getattr_all_executables',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_getattr_all_executables'($*)) dnl
+	
+	gen_require(`
+		attribute exec_type;
+		type bin_t;
+	')
+
+	corecmd_list_bin($1)
+	getattr_files_pattern($1, bin_t, exec_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_getattr_all_executables'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`corecmd_read_all_executables',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_read_all_executables'($*)) dnl
+	
+	gen_require(`
+		attribute exec_type;
+	')
+
+	corecmd_search_bin($1)
+	read_files_pattern($1, exec_type, exec_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_read_all_executables'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute all executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`corecmd_exec_all_executables',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_exec_all_executables'($*)) dnl
+	
+	gen_require(`
+		attribute exec_type;
+		type bin_t;
+	')
+
+	corecmd_list_bin($1)
+	can_exec($1, exec_type)
+	read_lnk_files_pattern($1, bin_t, exec_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_exec_all_executables'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to execute all executables.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_dontaudit_exec_all_executables',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_dontaudit_exec_all_executables'($*)) dnl
+	
+	gen_require(`
+		attribute exec_type;
+	')
+
+	dontaudit $1 exec_type:file { execute execute_no_trans };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_dontaudit_exec_all_executables'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and all executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`corecmd_manage_all_executables',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_manage_all_executables'($*)) dnl
+	
+	gen_require(`
+		attribute exec_type;
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	manage_files_pattern($1, bin_t, exec_type)
+	manage_lnk_files_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_manage_all_executables'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from the bin type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`corecmd_relabel_all_executables',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_relabel_all_executables'($*)) dnl
+	
+	gen_require(`
+		attribute exec_type;
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	relabel_files_pattern($1, bin_t, exec_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_relabel_all_executables'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mmap all executables as executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_mmap_all_executables',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_mmap_all_executables'($*)) dnl
+	
+	gen_require(`
+		attribute exec_type;
+		type bin_t;
+	')
+
+	corecmd_search_bin($1)
+	mmap_exec_files_pattern($1, bin_t, exec_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_mmap_all_executables'($*)) dnl
+	')
+
+
+# Now starts gentoo specific but cannot use ifdef_distro gentoo here
+
+########################################
+## <summary>
+##	Relabel to and from the bin type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_relabel_bin_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_relabel_bin_dirs'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	relabel_dirs_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_relabel_bin_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from the bin type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corecmd_relabel_bin_lnk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corecmd_relabel_bin_lnk_files'($*)) dnl
+	
+	gen_require(`
+		type bin_t;
+	')
+
+	relabel_lnk_files_pattern($1, bin_t, bin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corecmd_relabel_bin_lnk_files'($*)) dnl
+	')
+
+## <summary>Policy for terminals.</summary>
+## <required val="true">
+##	Depended on by other required modules.
+## </required>
+
+########################################
+## <summary>
+##	Transform specified type into a pty type.
+## </summary>
+## <param name="pty_type">
+##	<summary>
+##	An object type that will applied to a pty.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_pty',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_pty'($*)) dnl
+	
+	gen_require(`
+		attribute ptynode;
+		type devpts_t;
+	')
+
+	dev_node($1)
+	allow $1 devpts_t:filesystem associate;
+	typeattribute $1 ptynode;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_pty'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transform specified type into an user
+##	pty type. This allows it to be relabeled via
+##	type change by login programs such as ssh.
+## </summary>
+## <param name="userdomain">
+##	<summary>
+##	The type of the user domain associated with
+##	this pty.
+##	</summary>
+## </param>
+## <param name="object_type">
+##	<summary>
+##	An object type that will applied to a pty.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_user_pty',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_user_pty'($*)) dnl
+	
+	gen_require(`
+		attribute server_ptynode;
+	')
+
+	term_pty($2)
+	type_change $1 server_ptynode:chr_file $2;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_user_pty'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transform specified type into a pty type
+##	used by login programs, such as sshd.
+## </summary>
+## <param name="pty_type">
+##	<summary>
+##	An object type that will applied to a pty.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_login_pty',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_login_pty'($*)) dnl
+	
+	gen_require(`
+		attribute server_ptynode;
+	')
+
+	term_pty($1)
+	typeattribute $1 server_ptynode;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_login_pty'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transform specified type into a tty type.
+## </summary>
+## <param name="tty_type">
+##	<summary>
+##	An object type that will applied to a tty.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_tty',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_tty'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode, serial_device;
+	')
+
+	typeattribute $1 ttynode, serial_device;
+
+	dev_node($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_tty'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transform specified type into a user tty type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	User domain that is related to this tty.
+##	</summary>
+## </param>
+## <param name="tty_type">
+##	<summary>
+##	An object type that will applied to a tty.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_user_tty',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_user_tty'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode;
+		type console_device_t;
+		type tty_device_t;
+	')
+
+	term_tty($2)
+
+	type_change $1 tty_device_t:chr_file $2;
+
+	# Debian login is from shadow utils and does not allow resetting the perms.
+	# have to fix this!
+	ifdef(`distro_debian',`
+		type_change $1 ttynode:chr_file $2;
+	')
+
+	tunable_policy(`console_login',`
+		# When user logs in from /dev/console, relabel it
+		# to user tty type as well.
+		type_change $1 console_device_t:chr_file $2;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_user_tty'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	mount a devpts_t filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process to mount it
+##	</summary>
+## </param>
+#
+ 	 	define(`term_mount_devpts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_mount_devpts'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	allow $1 devpts_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_mount_devpts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create directory /dev/pts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process creating the directory.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_create_devpts_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_create_devpts_dirs'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	allow $1 devpts_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_create_devpts_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a pty in the /dev/pts directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process creating the pty.
+##	</summary>
+## </param>
+## <param name="pty_type">
+##	<summary>
+##	The type of the pty.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_create_pty',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_create_pty'($*)) dnl
+	
+	gen_require(`
+		type bsdpty_device_t, devpts_t, ptmx_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ptmx_t:chr_file rw_file_perms;
+
+	allow $1 devpts_t:dir list_dir_perms;
+	allow $1 devpts_t:filesystem getattr;
+	dontaudit $1 bsdpty_device_t:chr_file { getattr read write };
+	type_transition $1 devpts_t:chr_file $2;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_create_pty'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write the console, all
+##	ttys and all ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_write_all_terms',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_write_all_terms'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode, ptynode;
+		type console_device_t, devpts_t, tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir list_dir_perms;
+	allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file write_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_write_all_terms'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the console, all
+##	ttys and all ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_use_all_terms',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_use_all_terms'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode, ptynode;
+		type console_device_t, devpts_t, tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir list_dir_perms;
+	allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_use_all_terms'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to the console.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_write_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_write_console'($*)) dnl
+	
+	gen_require(`
+		type console_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 console_device_t:chr_file write_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_write_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read from the console.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_read_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_read_console'($*)) dnl
+	
+	gen_require(`
+		type console_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 console_device_t:chr_file read_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_read_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read from the console.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_dontaudit_read_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_read_console'($*)) dnl
+	
+	gen_require(`
+		type console_device_t;
+	')
+
+	dontaudit $1 console_device_t:chr_file read_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_read_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read from and write to the console.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_use_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_use_console'($*)) dnl
+	
+	gen_require(`
+		type console_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 console_device_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_use_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attemtps to read from
+##	or write to the console.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_use_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_use_console'($*)) dnl
+	
+	gen_require(`
+		type console_device_t;
+	')
+
+	dontaudit $1 console_device_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_use_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the console
+##	device node.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_setattr_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_setattr_console'($*)) dnl
+	
+	gen_require(`
+		type console_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 console_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_setattr_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from and to the console type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_relabel_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_relabel_console'($*)) dnl
+	
+	gen_require(`
+		type console_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 console_device_t:chr_file relabel_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_relabel_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create the console device (/dev/console).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_create_console_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_create_console_dev'($*)) dnl
+	
+	gen_require(`
+		type console_device_t;
+	')
+
+	dev_add_entry_generic_dirs($1)
+	allow $1 console_device_t:chr_file create;
+	allow $1 self:capability mknod;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_create_console_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a pty filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_getattr_pty_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_getattr_pty_fs'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	allow $1 devpts_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_getattr_pty_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from and to pty filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_relabel_pty_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_relabel_pty_fs'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:filesystem { relabelto relabelfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_relabel_pty_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the
+##	/dev/pts directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_getattr_pty_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_getattr_pty_dirs'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	allow $1 devpts_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_getattr_pty_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of the /dev/pts directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_getattr_pty_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_getattr_pty_dirs'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dontaudit $1 devpts_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_getattr_pty_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of the /dev/pts directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_search_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_search_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_search_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the
+##	contents of the /dev/pts directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_search_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_search_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dev_dontaudit_list_all_dev_nodes($1)
+	dontaudit $1 devpts_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_search_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the /dev/pts directory to
+##	list all ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_list_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_list_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_list_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read the
+##	/dev/pts directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_list_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_list_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dontaudit $1 devpts_t:dir { getattr search read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_list_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read,
+##	write, or delete the /dev/pts directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_manage_pty_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_manage_pty_dirs'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dontaudit $1 devpts_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_manage_pty_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from and to pty directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_relabel_pty_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_relabel_pty_dirs'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir relabel_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_relabel_pty_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of generic pty devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to allow
+##	</summary>
+## </param>
+#
+ 	 	define(`term_getattr_generic_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_getattr_generic_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	allow $1 devpts_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_getattr_generic_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of generic pty devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_getattr_generic_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_getattr_generic_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dontaudit $1 devpts_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_getattr_generic_ptys'($*)) dnl
+	')
+
+########################################
+## <summary>
+##	ioctl of generic pty devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for ppp
+ 	 	define(`term_ioctl_generic_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_ioctl_generic_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir search;
+	allow $1 devpts_t:chr_file ioctl;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_ioctl_generic_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow setting the attributes of
+##	generic pty devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# dwalsh: added for rhgb
+ 	 	define(`term_setattr_generic_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_setattr_generic_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	allow $1 devpts_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_setattr_generic_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit setting the attributes of
+##	generic pty devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+# dwalsh: added for rhgb
+ 	 	define(`term_dontaudit_setattr_generic_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_setattr_generic_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dontaudit $1 devpts_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_setattr_generic_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the generic pty
+##	type.  This is generally only used in
+##	the targeted policy.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_use_generic_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_use_generic_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir list_dir_perms;
+	allow $1 devpts_t:chr_file { rw_term_perms lock append };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_use_generic_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dot not audit attempts to read and
+##	write the generic pty type.  This is
+##	generally only used in the targeted policy.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_use_generic_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_use_generic_ptys'($*)) dnl
+	
+	gen_require(`
+		type devpts_t;
+	')
+
+	dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_use_generic_ptys'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Set the attributes of the tty device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_setattr_controlling_term',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_setattr_controlling_term'($*)) dnl
+	
+	gen_require(`
+		type devtty_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devtty_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_setattr_controlling_term'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the controlling
+##	terminal (/dev/tty).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_use_controlling_term',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_use_controlling_term'($*)) dnl
+	
+	gen_require(`
+		type devtty_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devtty_t:chr_file { rw_term_perms lock append };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_use_controlling_term'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Get the attributes of the pty multiplexor (/dev/ptmx).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_getattr_ptmx',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_getattr_ptmx'($*)) dnl
+	
+	gen_require(`
+		type ptmx_t;
+	')
+
+	allow $1 ptmx_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_getattr_ptmx'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get attributes
+##	on the pty multiplexor (/dev/ptmx).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_getattr_ptmx',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_getattr_ptmx'($*)) dnl
+	
+	gen_require(`
+		type ptmx_t;
+	')
+
+	dontaudit $1 ptmx_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_getattr_ptmx'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the pty multiplexor (/dev/ptmx).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_use_ptmx',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_use_ptmx'($*)) dnl
+	
+	gen_require(`
+		type ptmx_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ptmx_t:chr_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_use_ptmx'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write the pty multiplexor (/dev/ptmx).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_use_ptmx',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_use_ptmx'($*)) dnl
+	
+	gen_require(`
+		type ptmx_t;
+	')
+
+	dontaudit $1 ptmx_t:chr_file { getattr read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_use_ptmx'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all
+##	pty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_getattr_all_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_getattr_all_ptys'($*)) dnl
+	
+	gen_require(`
+		attribute ptynode;
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir list_dir_perms;
+	allow $1 ptynode:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_getattr_all_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of any pty
+##	device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_getattr_all_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_getattr_all_ptys'($*)) dnl
+	
+	gen_require(`
+		attribute ptynode;
+	')
+
+	dontaudit $1 ptynode:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_getattr_all_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of all
+##	pty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_setattr_all_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_setattr_all_ptys'($*)) dnl
+	
+	gen_require(`
+		attribute ptynode;
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir list_dir_perms;
+	allow $1 ptynode:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_setattr_all_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to all ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_relabelto_all_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_relabelto_all_ptys'($*)) dnl
+	
+	gen_require(`
+		attribute ptynode;
+	')
+
+	allow $1 ptynode:chr_file relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_relabelto_all_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to all ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_write_all_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_write_all_ptys'($*)) dnl
+	
+	gen_require(`
+		attribute ptynode;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ptynode:chr_file write_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_write_all_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write all ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_use_all_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_use_all_ptys'($*)) dnl
+	
+	gen_require(`
+		attribute ptynode;
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir list_dir_perms;
+	allow $1 ptynode:chr_file { rw_term_perms lock append };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_use_all_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write any ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_use_all_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_use_all_ptys'($*)) dnl
+	
+	gen_require(`
+		attribute ptynode;
+	')
+
+	dontaudit $1 ptynode:chr_file { rw_term_perms lock append };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_use_all_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from and to all pty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_relabel_all_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_relabel_all_ptys'($*)) dnl
+	
+	gen_require(`
+		attribute ptynode;
+		type devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	relabel_chr_files_pattern($1, devpts_t, ptynode)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_relabel_all_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all unallocated
+##	tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_getattr_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_getattr_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tty_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_getattr_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Setattr and unlink unallocated tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_setattr_unlink_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_setattr_unlink_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tty_device_t:chr_file { getattr setattr unlink };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_setattr_unlink_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all unallocated tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_getattr_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_getattr_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dontaudit $1 tty_device_t:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_getattr_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of all unallocated
+##	tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_setattr_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_setattr_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tty_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_setattr_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes
+##	of unallocated tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_setattr_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_setattr_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dontaudit $1 tty_device_t:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_setattr_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to ioctl
+##	unallocated tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_ioctl_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_ioctl_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dontaudit $1 tty_device_t:chr_file ioctl;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_ioctl_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from and to the unallocated
+##	tty type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_relabel_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_relabel_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tty_device_t:chr_file relabel_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_relabel_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from all user tty types to
+##	the unallocated tty type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_reset_tty_labels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_reset_tty_labels'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode;
+		type tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ttynode:chr_file relabelfrom;
+	allow $1 tty_device_t:chr_file relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_reset_tty_labels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append to unallocated ttys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_append_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_append_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tty_device_t:chr_file append_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_append_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to unallocated ttys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_write_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_write_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tty_device_t:chr_file write_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_write_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write unallocated ttys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_use_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_use_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tty_device_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_use_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or
+##	write unallocated ttys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_use_unallocated_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_use_unallocated_ttys'($*)) dnl
+	
+	gen_require(`
+		type tty_device_t;
+	')
+
+	dontaudit $1 tty_device_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_use_unallocated_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_getattr_all_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_getattr_all_ttys'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ttynode:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_getattr_all_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of any tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_getattr_all_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_getattr_all_ttys'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode;
+	')
+
+	dev_list_all_dev_nodes($1)
+	dontaudit $1 ttynode:chr_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_getattr_all_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of all tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_setattr_all_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_setattr_all_ttys'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ttynode:chr_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_setattr_all_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from and to all tty device nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_relabel_all_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_relabel_all_ttys'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ttynode:chr_file relabel_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_relabel_all_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to all ttys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_write_all_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_write_all_ttys'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ttynode:chr_file write_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_write_all_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write all ttys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`term_use_all_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_use_all_ttys'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 ttynode:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_use_all_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	any ttys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_dontaudit_use_all_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_dontaudit_use_all_ttys'($*)) dnl
+	
+	gen_require(`
+		attribute ttynode;
+	')
+
+	dontaudit $1 ttynode:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_dontaudit_use_all_ttys'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read from and write virtio console.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`term_use_virtio_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `term_use_virtio_console'($*)) dnl
+	
+	gen_require(`
+		type virtio_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 virtio_device_t:chr_file rw_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `term_use_virtio_console'($*)) dnl
+	')
+
+## <summary>Policy for filesystems.</summary>
+## <required val="true">
+##	Contains the initial SID for the filesystems.
+## </required>
+
+########################################
+## <summary>
+##	Transform specified type into a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_type'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	typeattribute $1 filesystem_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transform specified type into a filesystem
+##	type which does not have extended attribute
+##	support.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_noxattr_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_noxattr_type'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	fs_type($1)
+
+	typeattribute $1 noxattrfs;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_noxattr_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Associate the specified file type to persistent
+##	filesystems with extended attributes.  This
+##	allows a file of this type to be created on
+##	a filesystem such as ext3, JFS, and XFS.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	The type of the to be associated.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_associate',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_associate'($*)) dnl
+	
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem associate;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_associate'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Associate the specified file type to
+##	filesystems which lack extended attributes
+##	support.  This allows a file of this type
+##	to be created on a filesystem such as
+##	FAT32, and NFS.
+## </summary>
+## <param name="file_type">
+##	<summary>
+##	The type of the to be associated.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_associate_noxattr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_associate_noxattr'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	allow $1 noxattrfs:filesystem associate;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_associate_noxattr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute files on a filesystem that does
+##	not support extended attributes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_exec_noxattr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_exec_noxattr'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	can_exec($1, noxattrfs)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_exec_noxattr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transform specified type into a filesystem
+##	type which has extended attribute
+##	support.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_xattr_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_xattr_type'($*)) dnl
+	
+	gen_require(`
+		attribute xattrfs;
+	')
+
+	fs_type($1)
+
+	typeattribute $1 xattrfs;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_xattr_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all the
+##	filesystems which have extended
+##	attributes.
+##	This includes pseudo filesystems.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to
+##	get the attributes of a filesystems
+##	which have extended attributes.
+##	Example attributes:
+##	</p>
+##	<ul>
+##		<li>Type of the file system (e.g., tmpfs)</li>
+##		<li>Size of the file system</li>
+##		<li>Available space on the file system</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="5"/>
+## <rolecap/>
+#
+ 	 	define(`fs_getattr_all_xattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_all_xattr_fs'($*)) dnl
+	
+	gen_require(`
+		attribute xattrfs;
+	')
+
+	allow $1 xattrfs:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_all_xattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a persistent filesystem which
+##	has extended attributes, such as
+##	ext3, JFS, or XFS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_xattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_xattr_fs'($*)) dnl
+	
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_xattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount a persistent filesystem which
+##	has extended attributes, such as
+##	ext3, JFS, or XFS.  This allows
+##	some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_xattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_xattr_fs'($*)) dnl
+	
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_xattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a persistent filesystem which
+##	has extended attributes, such as
+##	ext3, JFS, or XFS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_xattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_xattr_fs'($*)) dnl
+	
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_xattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of persistent
+##	filesystems which have extended
+##	attributes, such as ext3, JFS, or XFS.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to
+##	get the attributes of a persistent
+##	filesystems which have extended
+##	attributes, such as ext3, JFS, or XFS.
+##	Example attributes:
+##	</p>
+##	<ul>
+##		<li>Type of the file system (e.g., ext3)</li>
+##		<li>Size of the file system</li>
+##		<li>Available space on the file system</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="5"/>
+## <rolecap/>
+#
+ 	 	define(`fs_getattr_xattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_xattr_fs'($*)) dnl
+	
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_xattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to
+##	get the attributes of a persistent
+##	filesystem which has extended
+##	attributes, such as ext3, JFS, or XFS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_getattr_xattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_getattr_xattr_fs'($*)) dnl
+	
+	gen_require(`
+		type fs_t;
+	')
+
+	dontaudit $1 fs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_getattr_xattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow changing of the label of a
+##	filesystem with extended attributes
+##	using the context= mount option.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabelfrom_xattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabelfrom_xattr_fs'($*)) dnl
+	
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabelfrom_xattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the filesystem quotas of a filesystem
+##	with extended attributes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_get_xattr_fs_quotas',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_get_xattr_fs_quotas'($*)) dnl
+	
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem quotaget;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_get_xattr_fs_quotas'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the filesystem quotas of a filesystem
+##	with extended attributes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_set_xattr_fs_quotas',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_set_xattr_fs_quotas'($*)) dnl
+	
+	gen_require(`
+		type fs_t;
+	')
+
+	allow $1 fs_t:filesystem quotamod;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_set_xattr_fs_quotas'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files on anon_inodefs file systems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_anon_inodefs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_anon_inodefs_files'($*)) dnl
+	
+	gen_require(`
+		type anon_inodefs_t;
+
+	')
+
+	read_files_pattern($1, anon_inodefs_t, anon_inodefs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_anon_inodefs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write files on anon_inodefs
+##	file systems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_anon_inodefs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_anon_inodefs_files'($*)) dnl
+	
+	gen_require(`
+		type anon_inodefs_t;
+
+	')
+
+	rw_files_pattern($1, anon_inodefs_t, anon_inodefs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_anon_inodefs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write files on
+##	anon_inodefs file systems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_rw_anon_inodefs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_rw_anon_inodefs_files'($*)) dnl
+	
+	gen_require(`
+		type anon_inodefs_t;
+
+	')
+
+	dontaudit $1 anon_inodefs_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_rw_anon_inodefs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount an automount pseudo filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_autofs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_autofs'($*)) dnl
+	
+	gen_require(`
+		type autofs_t;
+	')
+
+	allow $1 autofs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_autofs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount an automount pseudo filesystem
+##	This allows some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_autofs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_autofs'($*)) dnl
+	
+	gen_require(`
+		type autofs_t;
+	')
+
+	allow $1 autofs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_autofs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount an automount pseudo filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_autofs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_autofs'($*)) dnl
+	
+	gen_require(`
+		type autofs_t;
+	')
+
+	allow $1 autofs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_autofs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of an automount
+##	pseudo filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_autofs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_autofs'($*)) dnl
+	
+	gen_require(`
+		type autofs_t;
+	')
+
+	allow $1 autofs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_autofs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search automount filesystem to use automatically
+##	mounted filesystems.
+## </summary>
+## <desc>
+##	Allow the specified domain to search mount points
+##	that have filesystems that are mounted by
+##	the automount service.  Generally this will
+##	be required for any domain that accesses objects
+##	on these filesystems.
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="5"/>
+#
+ 	 	define(`fs_search_auto_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_auto_mountpoints'($*)) dnl
+	
+	gen_require(`
+		type autofs_t;
+	')
+
+	allow $1 autofs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_auto_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read directories of automatically
+##	mounted filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_list_auto_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_auto_mountpoints'($*)) dnl
+	
+	gen_require(`
+		type autofs_t;
+	')
+
+	allow $1 autofs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_auto_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list directories of automatically
+##	mounted filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_list_auto_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_list_auto_mountpoints'($*)) dnl
+	
+	gen_require(`
+		type autofs_t;
+	')
+
+	dontaudit $1 autofs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_list_auto_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete symbolic links
+##	on an autofs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_autofs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_autofs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type autofs_t;
+	')
+
+	manage_lnk_files_pattern($1, autofs_t, autofs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_autofs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of directories on
+##	binfmt_misc filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_binfmt_misc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_binfmt_misc_dirs'($*)) dnl
+	
+	gen_require(`
+		type binfmt_misc_fs_t;
+	')
+
+	allow $1 binfmt_misc_fs_t:dir getattr;
+
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_binfmt_misc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Register an interpreter for new binary
+##	file types, using the kernel binfmt_misc
+##	support.
+## </summary>
+## <desc>
+##	<p>
+##	Register an interpreter for new binary
+##	file types, using the kernel binfmt_misc
+##	support.
+##	</p>
+##	<p>
+##	A common use for this is to
+##	register a JVM as an interpreter for
+##	Java byte code.  Registered binaries
+##	can be directly executed on a command line
+##	without specifying the interpreter.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_register_binary_executable_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_register_binary_executable_type'($*)) dnl
+	
+	gen_require(`
+		type binfmt_misc_fs_t;
+	')
+
+	# binfmt_misc filesystem is usually mounted on /proc/sys/fs/binfmt_misc
+	kernel_search_fs_sysctls($1)
+	rw_files_pattern($1, binfmt_misc_fs_t, binfmt_misc_fs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_register_binary_executable_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount cgroup filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_cgroup',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_cgroup'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	allow $1 cgroup_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_cgroup'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount cgroup filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_cgroup',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_cgroup'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	allow $1 cgroup_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_cgroup'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount cgroup filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_cgroup',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_cgroup'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	allow $1 cgroup_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_cgroup'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of cgroup filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_cgroup',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_cgroup'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	allow $1 cgroup_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_cgroup'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_cgroup_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_cgroup_dirs'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+
+	')
+
+	search_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_cgroup_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	list cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_cgroup_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_cgroup_dirs'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	list_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_cgroup_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_delete_cgroup_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_delete_cgroup_dirs'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	delete_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_delete_cgroup_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_cgroup_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_cgroup_dirs'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+
+	')
+
+	manage_dirs_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_cgroup_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabel_cgroup_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabel_cgroup_dirs'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	relabel_dirs_pattern($1, cgroup_t, cgroup_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabel_cgroup_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Get attributes of cgroup files.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`fs_getattr_cgroup_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_cgroup_files'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	getattr_files_pattern($1, cgroup_t, cgroup_t)
+	fs_search_tmpfs($1)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_cgroup_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cgroup files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_cgroup_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_cgroup_files'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+
+	')
+
+	read_files_pattern($1, cgroup_t, cgroup_t)
+	read_lnk_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_cgroup_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch cgroup files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_watch_cgroup_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_watch_cgroup_files'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+
+	')
+
+	allow $1 cgroup_t:file watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_watch_cgroup_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Create cgroup lnk_files.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`fs_create_cgroup_links',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_create_cgroup_links'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	create_lnk_files_pattern($1, cgroup_t, cgroup_t)
+	rw_lnk_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_create_cgroup_links'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write cgroup files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_write_cgroup_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_write_cgroup_files'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	write_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_write_cgroup_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write cgroup files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_cgroup_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_cgroup_files'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	rw_files_pattern($1, cgroup_t, cgroup_t)
+	read_lnk_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_cgroup_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to open,
+##	get attributes, read and write
+##	cgroup files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_rw_cgroup_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_rw_cgroup_files'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	dontaudit $1 cgroup_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_rw_cgroup_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage cgroup files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_cgroup_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_cgroup_files'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+
+	')
+
+	manage_files_pattern($1, cgroup_t, cgroup_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_cgroup_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel cgroup symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabel_cgroup_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabel_cgroup_symlinks'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	relabel_lnk_files_pattern($1, cgroup_t, cgroup_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabel_cgroup_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount on cgroup directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mounton_cgroup',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mounton_cgroup'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t;
+	')
+
+	allow $1 cgroup_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mounton_cgroup'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create an object in a cgroup tmpfs filesystem, with a private
+##	type using a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_cgroup_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_cgroup_filetrans'($*)) dnl
+	
+	gen_require(`
+		type cgroup_t, tmpfs_t;
+	')
+
+	allow $2 tmpfs_t:filesystem associate;
+	filetrans_pattern($1, cgroup_t, $2, $3, $4)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_cgroup_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read
+##	dirs on a CIFS or SMB filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_list_cifs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_list_cifs_dirs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	dontaudit $1 cifs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_list_cifs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_cifs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_cifs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_cifs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount a CIFS or SMB network filesystem.
+##	This allows some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_cifs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_cifs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_cifs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_cifs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_cifs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_cifs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a CIFS or
+##	SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_getattr_cifs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_cifs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_cifs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search directories on a CIFS or SMB filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_cifs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_cifs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_cifs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of directories on a
+##	CIFS or SMB filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_cifs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_cifs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_cifs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list the contents
+##	of directories on a CIFS or SMB filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_list_cifs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_list_cifs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	dontaudit $1 cifs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_list_cifs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mounton a CIFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mounton_cifs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mounton_cifs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mounton_cifs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files on a CIFS or SMB filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_read_cifs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_cifs_files'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:dir list_dir_perms;
+	read_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_cifs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of filesystems that
+##	do not have extended attribute support.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_getattr_noxattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_noxattr_fs'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	allow $1 noxattrfs:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_noxattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all noxattrfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_noxattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_noxattr_fs'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	allow $1 noxattrfs:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_noxattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list all
+##	noxattrfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_list_noxattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_list_noxattr_fs'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	dontaudit $1 noxattrfs:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_list_noxattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete all noxattrfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_noxattr_fs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_noxattr_fs_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	allow $1 noxattrfs:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_noxattr_fs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all noxattrfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_noxattr_fs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_noxattr_fs_files'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	fs_list_noxattr_fs($1)
+	read_files_pattern($1, noxattrfs, noxattrfs)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_noxattr_fs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read all
+##	noxattrfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_read_noxattr_fs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_read_noxattr_fs_files'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	dontaudit $1 noxattrfs:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_read_noxattr_fs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dont audit attempts to write to noxattrfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_write_noxattr_fs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_write_noxattr_fs_files'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	dontaudit $1 noxattrfs:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_write_noxattr_fs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete all noxattrfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_noxattr_fs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_noxattr_fs_files'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	fs_list_noxattr_fs($1)
+	manage_files_pattern($1, noxattrfs, noxattrfs)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_noxattr_fs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all noxattrfs symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_noxattr_fs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_noxattr_fs_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	fs_list_noxattr_fs($1)
+	read_lnk_files_pattern($1, noxattrfs, noxattrfs)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_noxattr_fs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all noxattrfs symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_noxattr_fs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_noxattr_fs_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	fs_list_noxattr_fs($1)
+	manage_lnk_files_pattern($1, noxattrfs, noxattrfs)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_noxattr_fs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel all objets from filesystems that
+##	do not support extended attributes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabelfrom_noxattr_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabelfrom_noxattr_fs'($*)) dnl
+	
+	gen_require(`
+		attribute noxattrfs;
+	')
+
+	allow $1 noxattrfs:dir list_dir_perms;
+	relabelfrom_dirs_pattern($1, noxattrfs, noxattrfs)
+	relabelfrom_files_pattern($1, noxattrfs, noxattrfs)
+	relabelfrom_lnk_files_pattern($1, noxattrfs, noxattrfs)
+	relabelfrom_fifo_files_pattern($1, noxattrfs, noxattrfs)
+	relabelfrom_sock_files_pattern($1, noxattrfs, noxattrfs)
+	relabelfrom_blk_files_pattern($1, noxattrfs, noxattrfs)
+	relabelfrom_chr_files_pattern($1, noxattrfs, noxattrfs)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabelfrom_noxattr_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read
+##	files on a CIFS or SMB filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_read_cifs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_read_cifs_files'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	dontaudit $1 cifs_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_read_cifs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append files
+##	on a CIFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_append_cifs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_append_cifs_files'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	append_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_append_cifs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit Append files
+##	on a CIFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_dontaudit_append_cifs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_append_cifs_files'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	dontaudit $1 cifs_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_append_cifs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or
+##	write files on a CIFS or SMB filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_rw_cifs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_rw_cifs_files'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	dontaudit $1 cifs_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_rw_cifs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links on a CIFS or SMB filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_cifs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_cifs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:dir list_dir_perms;
+	read_lnk_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_cifs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read named pipes
+##	on a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_cifs_named_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_cifs_named_pipes'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	read_fifo_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_cifs_named_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read named sockets
+##	on a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_cifs_named_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_cifs_named_sockets'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	read_sock_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_cifs_named_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute files on a CIFS or SMB
+##	network filesystem, in the caller
+##	domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_exec_cifs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_exec_cifs_files'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:dir list_dir_perms;
+	exec_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_exec_cifs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete directories
+##	on a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_manage_cifs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_cifs_dirs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_cifs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read,
+##	write, and delete directories
+##	on a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_manage_cifs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_manage_cifs_dirs'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	dontaudit $1 cifs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_manage_cifs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files
+##	on a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_manage_cifs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_cifs_files'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	manage_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_cifs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read,
+##	write, and delete files
+##	on a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_manage_cifs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_manage_cifs_files'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	dontaudit $1 cifs_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_manage_cifs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete symbolic links
+##	on a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_cifs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_cifs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	manage_lnk_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_cifs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete named pipes
+##	on a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_cifs_named_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_cifs_named_pipes'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	manage_fifo_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_cifs_named_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete named sockets
+##	on a CIFS or SMB network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_cifs_named_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_cifs_named_sockets'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	manage_sock_files_pattern($1, cifs_t, cifs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_cifs_named_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a file on a CIFS or SMB filesystem
+##	in the specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute a file on a CIFS or SMB filesystem
+##	in the specified domain.  This allows
+##	the specified domain to execute any file
+##	on these filesystems in the specified
+##	domain.  This is not suggested.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+##	<p>
+##	This interface was added to handle
+##	home directories on CIFS/SMB filesystems,
+##	in particular used by the ssh-agent policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the new process.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_cifs_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_cifs_domtrans'($*)) dnl
+	
+	gen_require(`
+		type cifs_t;
+	')
+
+	allow $1 cifs_t:dir search_dir_perms;
+	domain_auto_transition_pattern($1, cifs_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_cifs_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete dirs
+##	on a configfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_configfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_configfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type configfs_t;
+	')
+
+	manage_dirs_pattern($1, configfs_t, configfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_configfs_dirs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete files
+##	on a configfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_configfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_configfs_files'($*)) dnl
+	
+	gen_require(`
+		type configfs_t;
+	')
+
+	manage_files_pattern($1, configfs_t, configfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_configfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a DOS filesystem, such as
+##	FAT32 or NTFS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_dos_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_dos_fs'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	allow $1 dosfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_dos_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount a DOS filesystem, such as
+##	FAT32 or NTFS.  This allows
+##	some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_dos_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_dos_fs'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	allow $1 dosfs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_dos_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a DOS filesystem, such as
+##	FAT32 or NTFS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_dos_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_dos_fs'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	allow $1 dosfs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_dos_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a DOS
+##	filesystem, such as FAT32 or NTFS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_getattr_dos_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_dos_fs'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	allow $1 dosfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_dos_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow changing of the label of a
+##	DOS filesystem using the context= mount option.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabelfrom_dos_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabelfrom_dos_fs'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	allow $1 dosfs_t:filesystem relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabelfrom_dos_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of directories on a dosfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_dos_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_dos_dirs'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	allow $1 dosfs_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_dos_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search dosfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_dos',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_dos'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	allow $1 dosfs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_dos'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List dirs DOS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_dos',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_dos'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	list_dirs_pattern($1, dosfs_t, dosfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_dos'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete dirs
+##	on a DOS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_dos_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_dos_dirs'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	manage_dirs_pattern($1, dosfs_t, dosfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_dos_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files on a DOS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_dos_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_dos_files'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	read_files_pattern($1, dosfs_t, dosfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_dos_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files
+##	on a DOS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_dos_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_dos_files'($*)) dnl
+	
+	gen_require(`
+		type dosfs_t;
+	')
+
+	manage_files_pattern($1, dosfs_t, dosfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_dos_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List dirs in efivarfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_efivars',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_efivars'($*)) dnl
+	
+	gen_require(`
+		type efivarfs_t;
+	')
+
+	list_dirs_pattern($1, efivarfs_t, efivarfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_efivars'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##      Read files in efivarfs
+##      - contains Linux Kernel configuration options for UEFI systems
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_read_efivarfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_efivarfs_files'($*)) dnl
+	
+	gen_require(`
+		type efivarfs_t;
+	')
+
+	read_files_pattern($1, efivarfs_t, efivarfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_efivarfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	stat a FUSE filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_fusefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_fusefs'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	allow $1 fusefs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_fusefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a FUSE filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_fusefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_fusefs'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	allow $1 fusefs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_fusefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a FUSE filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_fusefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_fusefs'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	allow $1 fusefs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_fusefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mounton a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mounton_fusefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mounton_fusefs'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	allow $1 fusefs_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mounton_fusefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search directories
+##	on a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_search_fusefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_fusefs'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	allow $1 fusefs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_fusefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list the contents
+##	of directories on a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_list_fusefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_list_fusefs'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	dontaudit $1 fusefs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_list_fusefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete directories
+##	on a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_manage_fusefs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_fusefs_dirs'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	allow $1 fusefs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_fusefs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read,
+##	write, and delete directories
+##	on a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_manage_fusefs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_manage_fusefs_dirs'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	dontaudit $1 fusefs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_manage_fusefs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read, a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_read_fusefs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_fusefs_files'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	read_files_pattern($1, fusefs_t, fusefs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_fusefs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute files on a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_exec_fusefs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_exec_fusefs_files'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	exec_files_pattern($1, fusefs_t, fusefs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_exec_fusefs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files
+##	on a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_manage_fusefs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_fusefs_files'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	manage_files_pattern($1, fusefs_t, fusefs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_fusefs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create,
+##	read, write, and delete files
+##	on a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_manage_fusefs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_manage_fusefs_files'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	dontaudit $1 fusefs_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_manage_fusefs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links on a FUSEFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_fusefs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_fusefs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type fusefs_t;
+	')
+
+	allow $1 fusefs_t:dir list_dir_perms;
+	read_lnk_files_pattern($1, fusefs_t, fusefs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_fusefs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of an hugetlbfs
+##	filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_hugetlbfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_hugetlbfs'($*)) dnl
+	
+	gen_require(`
+		type hugetlbfs_t;
+	')
+
+	allow $1 hugetlbfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_hugetlbfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List hugetlbfs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_hugetlbfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_hugetlbfs'($*)) dnl
+	
+	gen_require(`
+		type hugetlbfs_t;
+	')
+
+	allow $1 hugetlbfs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_hugetlbfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage hugetlbfs dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_hugetlbfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_hugetlbfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type hugetlbfs_t;
+	')
+
+	manage_dirs_pattern($1, hugetlbfs_t, hugetlbfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_hugetlbfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write inherited hugetlbfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_inherited_hugetlbfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_inherited_hugetlbfs_files'($*)) dnl
+	
+	gen_require(`
+		type hugetlbfs_t;
+	')
+
+	allow $1 hugetlbfs_t:file rw_inherited_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_inherited_hugetlbfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write hugetlbfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_hugetlbfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_hugetlbfs_files'($*)) dnl
+	
+	gen_require(`
+		type hugetlbfs_t;
+	')
+
+	rw_files_pattern($1, hugetlbfs_t, hugetlbfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_hugetlbfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Read, map and write hugetlbfs files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`fs_mmap_rw_hugetlbfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mmap_rw_hugetlbfs_files'($*)) dnl
+	
+        gen_require(`
+                type hugetlbfs_t;
+        ')
+
+        fs_rw_hugetlbfs_files($1)
+	allow $1 hugetlbfs_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mmap_rw_hugetlbfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the type to associate to hugetlbfs filesystems.
+## </summary>
+## <param name="type">
+##	<summary>
+##	The type of the object to be associated.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_associate_hugetlbfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_associate_hugetlbfs'($*)) dnl
+	
+	gen_require(`
+		type hugetlbfs_t;
+	')
+
+	allow $1 hugetlbfs_t:filesystem associate;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_associate_hugetlbfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search inotifyfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_inotifyfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_inotifyfs'($*)) dnl
+	
+	gen_require(`
+		type inotifyfs_t;
+	')
+
+	allow $1 inotifyfs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_inotifyfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List inotifyfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_inotifyfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_inotifyfs'($*)) dnl
+	
+	gen_require(`
+		type inotifyfs_t;
+	')
+
+	allow $1 inotifyfs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_inotifyfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit List inotifyfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_list_inotifyfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_list_inotifyfs'($*)) dnl
+	
+	gen_require(`
+		type inotifyfs_t;
+	')
+
+	dontaudit $1 inotifyfs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_list_inotifyfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create an object in a hugetlbfs filesystem, with a private
+##	type using a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_hugetlbfs_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_hugetlbfs_filetrans'($*)) dnl
+	
+	gen_require(`
+		type hugetlbfs_t;
+	')
+
+	allow $2 hugetlbfs_t:filesystem associate;
+	filetrans_pattern($1, hugetlbfs_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_hugetlbfs_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount an iso9660 filesystem, which
+##	is usually used on CDs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_iso9660_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_iso9660_fs'($*)) dnl
+	
+	gen_require(`
+		type iso9660_t;
+	')
+
+	allow $1 iso9660_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_iso9660_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount an iso9660 filesystem, which
+##	is usually used on CDs.  This allows
+##	some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_iso9660_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_iso9660_fs'($*)) dnl
+	
+	gen_require(`
+		type iso9660_t;
+	')
+
+	allow $1 iso9660_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_iso9660_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow changing of the label of a
+##	filesystem with iso9660 type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabelfrom_iso9660_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabelfrom_iso9660_fs'($*)) dnl
+	
+	gen_require(`
+		type iso9660_t;
+	')
+
+	allow $1 iso9660_t:filesystem relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabelfrom_iso9660_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount an iso9660 filesystem, which
+##	is usually used on CDs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_iso9660_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_iso9660_fs'($*)) dnl
+	
+	gen_require(`
+		type iso9660_t;
+	')
+
+	allow $1 iso9660_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_iso9660_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of an iso9660
+##	filesystem, which is usually used on CDs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_getattr_iso9660_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_iso9660_fs'($*)) dnl
+	
+	gen_require(`
+		type iso9660_t;
+	')
+
+	allow $1 iso9660_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_iso9660_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of files on an iso9660
+##	filesystem, which is usually used on CDs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_iso9660_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_iso9660_files'($*)) dnl
+	
+	gen_require(`
+		type iso9660_t;
+	')
+
+	allow $1 iso9660_t:dir list_dir_perms;
+	allow $1 iso9660_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_iso9660_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files on an iso9660 filesystem, which
+##	is usually used on CDs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_iso9660_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_iso9660_files'($*)) dnl
+	
+	gen_require(`
+		type iso9660_t;
+	')
+
+	allow $1 iso9660_t:dir list_dir_perms;
+	read_files_pattern($1, iso9660_t, iso9660_t)
+	read_lnk_files_pattern($1, iso9660_t, iso9660_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_iso9660_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_nfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_nfs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_nfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount a NFS filesystem.  This allows
+##	some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_nfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_nfs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_nfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_nfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_nfs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_nfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_getattr_nfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_nfs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_nfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search directories on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_nfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_nfs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_nfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_nfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_nfs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_nfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list the contents
+##	of directories on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_list_nfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_list_nfs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	dontaudit $1 nfs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_list_nfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mounton a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mounton_nfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mounton_nfs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mounton_nfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_read_nfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_nfs_files'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:dir list_dir_perms;
+	read_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_nfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read
+##	files on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_read_nfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_read_nfs_files'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	dontaudit $1 nfs_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_read_nfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_write_nfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_write_nfs_files'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:dir list_dir_perms;
+	write_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_write_nfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute files on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_exec_nfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_exec_nfs_files'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:dir list_dir_perms;
+	exec_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_exec_nfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append files
+##	on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_append_nfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_append_nfs_files'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	append_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_append_nfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit Append files
+##	on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_dontaudit_append_nfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_append_nfs_files'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	dontaudit $1 nfs_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_append_nfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or
+##	write files on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_rw_nfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_rw_nfs_files'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	dontaudit $1 nfs_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_rw_nfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_nfs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_nfs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:dir list_dir_perms;
+	read_lnk_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_nfs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit read symbolic links on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_read_nfs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_read_nfs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	dontaudit $1 nfs_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_read_nfs_symlinks'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read named sockets on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_nfs_named_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_nfs_named_sockets'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	read_sock_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_nfs_named_sockets'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read named pipes on a NFS network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_read_nfs_named_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_nfs_named_pipes'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	read_fifo_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_nfs_named_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of directories of RPC
+##	file system pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_rpc_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_rpc_dirs'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:dir getattr;
+
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_rpc_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search directories of RPC file system pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_rpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_rpc'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_rpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search removable storage directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_removable',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_removable'($*)) dnl
+	
+	gen_require(`
+		type removable_t;
+	')
+
+	allow $1 removable_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_removable'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list removable storage directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain not to audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_list_removable',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_list_removable'($*)) dnl
+	
+	gen_require(`
+		type removable_t;
+	')
+
+	dontaudit $1 removable_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_list_removable'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read removable storage files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_removable_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_removable_files'($*)) dnl
+	
+	gen_require(`
+		type removable_t;
+	')
+
+	read_files_pattern($1, removable_t, removable_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_removable_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read removable storage files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain not to audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_read_removable_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_read_removable_files'($*)) dnl
+	
+	gen_require(`
+		type removable_t;
+	')
+
+	dontaudit $1 removable_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_read_removable_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write removable storage files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain not to audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_write_removable_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_write_removable_files'($*)) dnl
+	
+	gen_require(`
+		type removable_t;
+	')
+
+	dontaudit $1 removable_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_write_removable_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read removable storage symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_removable_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_removable_symlinks'($*)) dnl
+	
+	gen_require(`
+		type removable_t;
+	')
+
+	read_lnk_files_pattern($1, removable_t, removable_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_removable_symlinks'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read block nodes on removable filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_removable_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_removable_blk_files'($*)) dnl
+	
+	gen_require(`
+		type removable_t;
+	')
+
+	allow $1 removable_t:dir list_dir_perms;
+	read_blk_files_pattern($1, removable_t, removable_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_removable_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write block nodes on removable filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_removable_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_removable_blk_files'($*)) dnl
+	
+	gen_require(`
+		type removable_t;
+	')
+
+	allow $1 removable_t:dir list_dir_perms;
+	rw_blk_files_pattern($1, removable_t, removable_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_removable_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read directories of RPC file system pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_rpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_rpc'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_rpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files of RPC file system pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_rpc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_rpc_files'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	read_files_pattern($1, rpc_pipefs_t, rpc_pipefs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_rpc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read symbolic links of RPC file system pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_rpc_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_rpc_symlinks'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	read_lnk_files_pattern($1, rpc_pipefs_t, rpc_pipefs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_rpc_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read sockets of RPC file system pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_rpc_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_rpc_sockets'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:sock_file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_rpc_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write sockets of RPC file system pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_rpc_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_rpc_sockets'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:sock_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_rpc_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete directories
+##	on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_manage_nfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_nfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_nfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read,
+##	write, and delete directories
+##	on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_manage_nfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_manage_nfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	dontaudit $1 nfs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_manage_nfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files
+##	on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_manage_nfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_nfs_files'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	manage_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_nfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create,
+##	read, write, and delete files
+##	on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_manage_nfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_manage_nfs_files'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	dontaudit $1 nfs_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_manage_nfs_files'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Create, read, write, and delete symbolic links
+##	on a NFS network filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_manage_nfs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_nfs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	manage_lnk_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_nfs_symlinks'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Create, read, write, and delete named pipes
+##	on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_nfs_named_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_nfs_named_pipes'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	manage_fifo_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_nfs_named_pipes'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Create, read, write, and delete named sockets
+##	on a NFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_nfs_named_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_nfs_named_sockets'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	manage_sock_files_pattern($1, nfs_t, nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_nfs_named_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a file on a NFS filesystem
+##	in the specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute a file on a NFS filesystem
+##	in the specified domain.  This allows
+##	the specified domain to execute any file
+##	on a NFS filesystem in the specified
+##	domain.  This is not suggested.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+##	<p>
+##	This interface was added to handle
+##	home directories on NFS filesystems,
+##	in particular used by the ssh-agent policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the new process.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_nfs_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_nfs_domtrans'($*)) dnl
+	
+	gen_require(`
+		type nfs_t;
+	')
+
+	allow $1 nfs_t:dir search_dir_perms;
+	domain_auto_transition_pattern($1, nfs_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_nfs_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a NFS server pseudo filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_nfsd_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_nfsd_fs'($*)) dnl
+	
+	gen_require(`
+		type nfsd_fs_t;
+	')
+
+	allow $1 nfsd_fs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_nfsd_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a NFS server pseudo filesystem.
+##	This allows some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_nfsd_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_nfsd_fs'($*)) dnl
+	
+	gen_require(`
+		type nfsd_fs_t;
+	')
+
+	allow $1 nfsd_fs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_nfsd_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a NFS server pseudo filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_nfsd_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_nfsd_fs'($*)) dnl
+	
+	gen_require(`
+		type nfsd_fs_t;
+	')
+
+	allow $1 nfsd_fs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_nfsd_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a NFS server
+##	pseudo filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_nfsd_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_nfsd_fs'($*)) dnl
+	
+	gen_require(`
+		type nfsd_fs_t;
+	')
+
+	allow $1 nfsd_fs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_nfsd_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search NFS server directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_nfsd_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_nfsd_fs'($*)) dnl
+	
+	gen_require(`
+		type nfsd_fs_t;
+	')
+
+	allow $1 nfsd_fs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_nfsd_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List NFS server directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_nfsd_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_nfsd_fs'($*)) dnl
+	
+	gen_require(`
+		type nfsd_fs_t;
+	')
+
+	allow $1 nfsd_fs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_nfsd_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr files on an nfsd filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_nfsd_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_nfsd_files'($*)) dnl
+	
+	gen_require(`
+		type nfsd_fs_t;
+	')
+
+	getattr_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_nfsd_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write NFS server files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_nfsd_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_nfsd_fs'($*)) dnl
+	
+	gen_require(`
+		type nfsd_fs_t;
+	')
+
+	rw_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_nfsd_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read nsfs inodes (e.g. /proc/pid/ns/uts)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_nsfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_nsfs_files'($*)) dnl
+	
+	gen_require(`
+		type nsfs_t;
+	')
+
+	allow $1 nsfs_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_nsfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a pstore filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_pstorefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_pstorefs'($*)) dnl
+	
+	gen_require(`
+		type pstore_t;
+	')
+
+	allow $1 pstore_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_pstorefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of directories
+##	of a pstore filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_pstore_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_pstore_dirs'($*)) dnl
+	
+	gen_require(`
+		type pstore_t;
+	')
+
+	getattr_files_pattern($1, pstore_t, pstore_t)
+	dev_search_sysfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_pstore_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Relabel to/from pstore_t directories.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`fs_relabel_pstore_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabel_pstore_dirs'($*)) dnl
+	
+	gen_require(`
+		type pstore_t;
+	')
+
+	relabel_dirs_pattern($1, pstore_t, pstore_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabel_pstore_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the type to associate to ramfs filesystems.
+## </summary>
+## <param name="type">
+##	<summary>
+##	The type of the object to be associated.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_associate_ramfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_associate_ramfs'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	allow $1 ramfs_t:filesystem associate;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_associate_ramfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a RAM filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_ramfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_ramfs'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	allow $1 ramfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_ramfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount a RAM filesystem.  This allows
+##	some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_ramfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_ramfs'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	allow $1 ramfs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_ramfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a RAM filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_ramfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_ramfs'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	allow $1 ramfs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_ramfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a RAM filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_ramfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_ramfs'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	allow $1 ramfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_ramfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search directories on a ramfs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_ramfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_ramfs'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	allow $1 ramfs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_ramfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit Search directories on a ramfs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_search_ramfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_search_ramfs'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	dontaudit $1 ramfs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_search_ramfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	directories on a ramfs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_ramfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_ramfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	allow $1 ramfs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_ramfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit read on a ramfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_read_ramfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_read_ramfs_files'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	dontaudit $1 ramfs_t:file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_read_ramfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit read on a ramfs fifo_files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_read_ramfs_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_read_ramfs_pipes'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	dontaudit $1 ramfs_t:fifo_file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_read_ramfs_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	files on a ramfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_ramfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_ramfs_files'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	manage_files_pattern($1, ramfs_t, ramfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_ramfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to named pipe on a ramfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_write_ramfs_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_write_ramfs_pipes'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	write_fifo_files_pattern($1, ramfs_t, ramfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_write_ramfs_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write to named
+##	pipes on a ramfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_write_ramfs_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_write_ramfs_pipes'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	dontaudit $1 ramfs_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_write_ramfs_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write a named pipe on a ramfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_ramfs_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_ramfs_pipes'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	rw_fifo_files_pattern($1, ramfs_t, ramfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_ramfs_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	named pipes on a ramfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_ramfs_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_ramfs_pipes'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	manage_fifo_files_pattern($1, ramfs_t, ramfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_ramfs_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to named socket on a ramfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_write_ramfs_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_write_ramfs_sockets'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	write_sock_files_pattern($1, ramfs_t, ramfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_write_ramfs_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	named sockets on a ramfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_ramfs_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_ramfs_sockets'($*)) dnl
+	
+	gen_require(`
+		type ramfs_t;
+	')
+
+	manage_sock_files_pattern($1, ramfs_t, ramfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_ramfs_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a ROM filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_romfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_romfs'($*)) dnl
+	
+	gen_require(`
+		type romfs_t;
+	')
+
+	allow $1 romfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_romfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount a ROM filesystem.  This allows
+##	some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_romfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_romfs'($*)) dnl
+	
+	gen_require(`
+		type romfs_t;
+	')
+
+	allow $1 romfs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_romfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a ROM filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_romfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_romfs'($*)) dnl
+	
+	gen_require(`
+		type romfs_t;
+	')
+
+	allow $1 romfs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_romfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a ROM
+##	filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_romfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_romfs'($*)) dnl
+	
+	gen_require(`
+		type romfs_t;
+	')
+
+	allow $1 romfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_romfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a RPC pipe filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_rpc_pipefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_rpc_pipefs'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_rpc_pipefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount a RPC pipe filesystem.  This
+##	allows some mount option to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_rpc_pipefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_rpc_pipefs'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_rpc_pipefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a RPC pipe filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_rpc_pipefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_rpc_pipefs'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_rpc_pipefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a RPC pipe
+##	filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_rpc_pipefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_rpc_pipefs'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_rpc_pipefs'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read and write RPC pipe filesystem named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_rpc_named_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_rpc_named_pipes'($*)) dnl
+	
+	gen_require(`
+		type rpc_pipefs_t;
+	')
+
+	allow $1 rpc_pipefs_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_rpc_named_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a tmpfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount a tmpfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount a tmpfs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit getting the attributes of a tmpfs filesystem
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_getattr_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_getattr_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	dontaudit $1 tmpfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_getattr_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a tmpfs
+##	filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_getattr_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the type to associate to tmpfs filesystems.
+## </summary>
+## <param name="type">
+##	<summary>
+##	The type of the object to be associated.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_associate_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_associate_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:filesystem associate;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_associate_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from tmpfs filesystem.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabelfrom_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabelfrom_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:filesystem relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabelfrom_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of tmpfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_tmpfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_tmpfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_tmpfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of tmpfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_getattr_tmpfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_getattr_tmpfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	dontaudit $1 tmpfs_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_getattr_tmpfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount on tmpfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mounton_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mounton_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mounton_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount on tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mounton_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mounton_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:file mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mounton_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of tmpfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_setattr_tmpfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_setattr_tmpfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_setattr_tmpfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search tmpfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of generic tmpfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list the
+##	contents of generic tmpfs directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_list_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_list_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	dontaudit $1 tmpfs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_list_tmpfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	tmpfs directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_tmpfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_tmpfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_tmpfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write
+##	tmpfs directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_write_tmpfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_write_tmpfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	dontaudit $1 tmpfs_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_write_tmpfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Relabel from tmpfs_t dir
+## </summary>
+## <param name="type">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`fs_relabelfrom_tmpfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabelfrom_tmpfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabelfrom_tmpfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Relabel directory on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabel_tmpfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabel_tmpfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+	relabel_dirs_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabel_tmpfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create an object in a tmpfs filesystem, with a private
+##	type using a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_tmpfs_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_tmpfs_filetrans'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $2 tmpfs_t:filesystem associate;
+	filetrans_pattern($1, tmpfs_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_tmpfs_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to getattr
+##	generic tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_getattr_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_getattr_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	dontaudit $1 tmpfs_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_getattr_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	generic tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_rw_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_rw_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	dontaudit $1 tmpfs_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_rw_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete tmpfs symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_delete_tmpfs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_delete_tmpfs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:lnk_file delete_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_delete_tmpfs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	auto moutpoints.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_auto_mountpoints',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_auto_mountpoints'($*)) dnl
+	
+	gen_require(`
+		type autofs_t;
+	')
+
+	allow $1 autofs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_auto_mountpoints'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	read_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	rw_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Relabel files on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabel_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabel_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	relabel_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabel_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read tmpfs link files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_read_tmpfs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_read_tmpfs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	read_lnk_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_read_tmpfs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabelfrom socket files on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabelfrom_tmpfs_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabelfrom_tmpfs_sockets'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:sock_file relabelfrom_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabelfrom_tmpfs_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabelfrom tmpfs link files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabelfrom_tmpfs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabelfrom_tmpfs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:lnk_file { getattr relabelfrom };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabelfrom_tmpfs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write character nodes on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_tmpfs_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_tmpfs_chr_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir list_dir_perms;
+	rw_chr_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_tmpfs_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit Read and write character nodes on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_use_tmpfs_chr_dev',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_use_tmpfs_chr_dev'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	dontaudit $1 tmpfs_t:dir list_dir_perms;
+	dontaudit $1 tmpfs_t:chr_file rw_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_use_tmpfs_chr_dev'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel character nodes on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabel_tmpfs_chr_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabel_tmpfs_chr_file'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir list_dir_perms;
+	relabel_chr_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabel_tmpfs_chr_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write block nodes on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_rw_tmpfs_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_rw_tmpfs_blk_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir list_dir_perms;
+	rw_blk_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_rw_tmpfs_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel block nodes on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabel_tmpfs_blk_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabel_tmpfs_blk_file'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	allow $1 tmpfs_t:dir list_dir_perms;
+	relabel_blk_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabel_tmpfs_blk_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write, create and delete generic
+##	files on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	manage_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write, create and delete symbolic
+##	links on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_tmpfs_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_tmpfs_symlinks'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	manage_lnk_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_tmpfs_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write, create and delete socket
+##	files on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_tmpfs_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_tmpfs_sockets'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	manage_sock_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_tmpfs_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write, create and delete character
+##	nodes on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_tmpfs_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_tmpfs_chr_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	manage_chr_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_tmpfs_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write, create and delete block nodes
+##	on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_manage_tmpfs_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_tmpfs_blk_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfs_t;
+	')
+
+	manage_blk_files_pattern($1, tmpfs_t, tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_tmpfs_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a trace filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_tracefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_tracefs'($*)) dnl
+	
+	gen_require(`
+		type tracefs_t;
+	')
+
+        allow $1 tracefs_t:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_tracefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of dirs on tracefs filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_tracefs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_tracefs_dirs'($*)) dnl
+	
+	gen_require(`
+		type tracefs_t;
+	')
+
+	allow $1 tracefs_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_tracefs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      search directories on a tracefs filesystem
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`fs_search_tracefs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_tracefs'($*)) dnl
+	
+	gen_require(`
+		type tracefs_t;
+	')
+
+        allow $1 tracefs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_tracefs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Get the attributes of files
+##	on a trace filesystem.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`fs_getattr_tracefs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_tracefs_files'($*)) dnl
+	
+	gen_require(`
+		type tracefs_t;
+	')
+
+        allow $1 tracefs_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_tracefs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a XENFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_xenfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_xenfs'($*)) dnl
+	
+	gen_require(`
+		type xenfs_t;
+	')
+
+	allow $1 xenfs_t:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_xenfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the XENFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_xenfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_xenfs'($*)) dnl
+	
+	gen_require(`
+		type xenfs_t;
+	')
+
+	allow $1 xenfs_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_xenfs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete directories
+##	on a XENFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_manage_xenfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_xenfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type xenfs_t;
+	')
+
+	allow $1 xenfs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_xenfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read,
+##	write, and delete directories
+##	on a XENFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_manage_xenfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_manage_xenfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type xenfs_t;
+	')
+
+	dontaudit $1 xenfs_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_manage_xenfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files
+##	on a XENFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_manage_xenfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_manage_xenfs_files'($*)) dnl
+	
+	gen_require(`
+		type xenfs_t;
+	')
+
+	manage_files_pattern($1, xenfs_t, xenfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_manage_xenfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create,
+##	read, write, and delete files
+##	on a XENFS filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_manage_xenfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_manage_xenfs_files'($*)) dnl
+	
+	gen_require(`
+		type xenfs_t;
+	')
+
+	dontaudit $1 xenfs_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_manage_xenfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount all filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_mount_all_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_mount_all_fs'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:filesystem mount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_mount_all_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Remount all filesystems.  This
+##	allows some mount options to be changed.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_remount_all_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_remount_all_fs'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:filesystem remount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_remount_all_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unmount all filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unmount_all_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unmount_all_fs'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:filesystem unmount;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unmount_all_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all filesystems.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to
+##	get the attributes of all filesystems.
+##	Example attributes:
+##	</p>
+##	<ul>
+##		<li>Type of the file system (e.g., ext3)</li>
+##		<li>Size of the file system</li>
+##		<li>Available space on the file system</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="5"/>
+## <rolecap/>
+#
+ 	 	define(`fs_getattr_all_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_all_fs'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:filesystem getattr;
+	files_getattr_all_file_type_fs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_all_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	all filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_getattr_all_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_getattr_all_fs'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	dontaudit $1 filesystem_type:filesystem getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_getattr_all_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the quotas of all filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_get_all_fs_quotas',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_get_all_fs_quotas'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:filesystem quotaget;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_get_all_fs_quotas'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the quotas of all filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fs_set_all_quotas',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_set_all_quotas'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:filesystem quotamod;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_set_all_quotas'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabelfrom all filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_relabelfrom_all_fs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_relabelfrom_all_fs'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:filesystem relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_relabelfrom_all_fs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all directories
+##	with a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_all_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_all_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_all_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search all directories with a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_search_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_search_all'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_search_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List all directories with a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_list_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_list_all'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	allow $1 filesystem_type:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_list_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all files with
+##	a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_all_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_all_files'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	getattr_files_pattern($1, filesystem_type, filesystem_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_all_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all files with a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_getattr_all_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_getattr_all_files'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	dontaudit $1 filesystem_type:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_getattr_all_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all symbolic links with
+##	a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_all_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_all_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	getattr_lnk_files_pattern($1, filesystem_type, filesystem_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_all_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all symbolic links with a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_getattr_all_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_getattr_all_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	dontaudit $1 filesystem_type:lnk_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_getattr_all_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all named pipes with
+##	a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_all_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_all_pipes'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	getattr_fifo_files_pattern($1, filesystem_type, filesystem_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_all_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all named pipes with a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_getattr_all_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_getattr_all_pipes'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	dontaudit $1 filesystem_type:fifo_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_getattr_all_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all named sockets with
+##	a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_all_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_all_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	getattr_sock_files_pattern($1, filesystem_type, filesystem_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_all_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all named sockets with a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_dontaudit_getattr_all_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_dontaudit_getattr_all_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	dontaudit $1 filesystem_type:sock_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_dontaudit_getattr_all_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all block device nodes with
+##	a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_all_blk_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_all_blk_files'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	getattr_blk_files_pattern($1, filesystem_type, filesystem_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_all_blk_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all character device nodes with
+##	a filesystem type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_getattr_all_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_getattr_all_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_type;
+	')
+
+	getattr_chr_files_pattern($1, filesystem_type, filesystem_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_getattr_all_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to filesystems
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fs_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fs_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute filesystem_unconfined_type;
+	')
+
+	typeattribute $1 filesystem_unconfined_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fs_unconfined'($*)) dnl
+	')
+
+## <summary>Multilevel security policy</summary>
+## <desc>
+##	<p>
+##	This module contains interfaces for handling multilevel
+##	security.  The interfaces allow the specified subjects
+##	and objects to be allowed certain privileges in the
+##	MLS rules.
+##	</p>
+## </desc>
+## <required val="true">
+##	Contains attributes used in MLS policy.
+## </required>
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from files up to its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_file_read_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_file_read_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfilereadtoclr;
+	')
+
+	typeattribute $1 mlsfilereadtoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_file_read_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from files at all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_file_read_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_file_read_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfileread;
+	')
+
+	typeattribute $1 mlsfileread;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_file_read_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for write to files up to its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_file_write_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_file_write_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfilewritetoclr;
+	')
+
+	typeattribute $1 mlsfilewritetoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_file_write_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to files at all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_file_write_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_file_write_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfilewrite;
+	')
+
+	typeattribute $1 mlsfilewrite;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_file_write_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for relabelto to files up to its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_file_relabel_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_file_relabel_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfilerelabeltoclr;
+	')
+
+	typeattribute $1 mlsfilerelabeltoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_file_relabel_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for relabelto to files at all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_file_relabel',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_file_relabel'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfilerelabel;
+	')
+
+	typeattribute $1 mlsfilerelabel;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_file_relabel'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for raising the level of files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_file_upgrade',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_file_upgrade'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfileupgrade;
+	')
+
+	typeattribute $1 mlsfileupgrade;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_file_upgrade'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for lowering the level of files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_file_downgrade',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_file_downgrade'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfiledowngrade;
+	')
+
+	typeattribute $1 mlsfiledowngrade;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_file_downgrade'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain trusted to
+##	be written to within its MLS range.
+##	The subject's MLS range must be a
+##	proper subset of the object's MLS range.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_file_write_within_range',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_file_write_within_range'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfilewriteinrange;
+	')
+
+	typeattribute $1 mlsfilewriteinrange;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_file_write_within_range'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from sockets at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_socket_read_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_socket_read_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsnetread;
+	')
+
+	typeattribute $1 mlsnetread;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_socket_read_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from sockets at any level
+##	that is dominated by the process clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_socket_read_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_socket_read_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsnetreadtoclr;
+	')
+
+	typeattribute $1 mlsnetreadtoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_socket_read_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to sockets up to
+##	its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_socket_write_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_socket_write_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsnetwritetoclr;
+	')
+
+	typeattribute $1 mlsnetwritetoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_socket_write_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to sockets at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_socket_write_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_socket_write_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsnetwrite;
+	')
+
+	typeattribute $1 mlsnetwrite;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_socket_write_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for receiving network data from
+##	network interfaces or hosts at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_net_receive_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_net_receive_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsnetrecvall;
+	')
+
+	typeattribute $1 mlsnetrecvall;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_net_receive_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain trusted to
+##	write to network objects within its MLS range.
+##	The subject's MLS range must be a
+##	proper subset of the object's MLS range.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_net_write_within_range',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_net_write_within_range'($*)) dnl
+	
+	gen_require(`
+		attribute mlsnetwriteranged;
+	')
+
+	typeattribute $1 mlsnetwriteranged;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_net_write_within_range'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain trusted to
+##	write inbound packets regardless of the
+##	network's or node's MLS range.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_net_inbound_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_net_inbound_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsnetinbound;
+	')
+
+	typeattribute $1 mlsnetinbound;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_net_inbound_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain trusted to
+##	write outbound packets regardless of the
+##	network's or node's MLS range.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_net_outbound_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_net_outbound_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsnetoutbound;
+	')
+
+	typeattribute $1 mlsnetoutbound;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_net_outbound_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from System V IPC objects
+##	up to its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_sysvipc_read_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_sysvipc_read_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsipcreadtoclr;
+	')
+
+	typeattribute $1 mlsipcreadtoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_sysvipc_read_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from System V IPC objects
+##	at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_sysvipc_read_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_sysvipc_read_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsipcread;
+	')
+
+	typeattribute $1 mlsipcread;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_sysvipc_read_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to System V IPC objects
+##	up to its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_sysvipc_write_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_sysvipc_write_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsipcwritetoclr;
+	')
+
+	typeattribute $1 mlsipcwritetoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_sysvipc_write_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to System V IPC objects
+##	at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_sysvipc_write_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_sysvipc_write_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsipcwrite;
+	')
+
+	typeattribute $1 mlsipcwrite;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_sysvipc_write_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to keys up to
+##	its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_key_write_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_key_write_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlskeywritetoclr;
+	')
+
+	typeattribute $1 mlskeywritetoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_key_write_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to keys at all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_key_write_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_key_write_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlskeywrite;
+	')
+
+	typeattribute $1 mlskeywrite;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_key_write_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to do a MLS
+##	range transition that changes
+##	the current level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mls_rangetrans_source',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_rangetrans_source'($*)) dnl
+	
+	gen_require(`
+		attribute privrangetrans;
+	')
+
+	typeattribute $1 privrangetrans;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_rangetrans_source'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain a target domain
+##	for MLS range transitions that change
+##	the current level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mls_rangetrans_target',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_rangetrans_target'($*)) dnl
+	
+	gen_require(`
+		attribute mlsrangetrans;
+	')
+
+	typeattribute $1 mlsrangetrans;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_rangetrans_target'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from processes up to
+##	its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_process_read_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_process_read_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsprocreadtoclr;
+	')
+
+	typeattribute $1 mlsprocreadtoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_process_read_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from processes at all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_process_read_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_process_read_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsprocread;
+	')
+
+	typeattribute $1 mlsprocread;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_process_read_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to processes up to
+##	its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_process_write_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_process_write_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsprocwritetoclr;
+	')
+
+	typeattribute $1 mlsprocwritetoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_process_write_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to processes at all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_process_write_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_process_write_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsprocwrite;
+	')
+
+	typeattribute $1 mlsprocwrite;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_process_write_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for setting the level of processes
+##	it executes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_process_set_level',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_process_set_level'($*)) dnl
+	
+	gen_require(`
+		attribute mlsprocsetsl;
+	')
+
+	typeattribute $1 mlsprocsetsl;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_process_set_level'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from X objects up to its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_xwin_read_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_xwin_read_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsxwinreadtoclr;
+	')
+
+	typeattribute $1 mlsxwinreadtoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_xwin_read_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from X objects at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_xwin_read_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_xwin_read_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsxwinread;
+	')
+
+	typeattribute $1 mlsxwinread;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_xwin_read_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for write to X objects up to its clearance.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_xwin_write_to_clearance',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_xwin_write_to_clearance'($*)) dnl
+	
+	gen_require(`
+		attribute mlsxwinwritetoclr;
+	')
+
+	typeattribute $1 mlsxwinwritetoclr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_xwin_write_to_clearance'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to X objects at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_xwin_write_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_xwin_write_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsxwinwrite;
+	')
+
+	typeattribute $1 mlsxwinwrite;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_xwin_write_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from X colormaps at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_colormap_read_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_colormap_read_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsxwinreadcolormap;
+	')
+
+	typeattribute $1 mlsxwinreadcolormap;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_colormap_read_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to X colormaps at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_colormap_write_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_colormap_write_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsxwinwritecolormap;
+	')
+
+	typeattribute $1 mlsxwinwritecolormap;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_colormap_write_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified object MLS trusted.
+## </summary>
+## <desc>
+##	<p>
+##	Make specified object MLS trusted.  This
+##	allows all levels to read and write the
+##	object.
+##	</p>
+##	<p>
+##	This currently only applies to filesystem
+##	objects, for example, files and directories.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	The type of the object.
+##	</summary>
+## </param>
+#
+ 	 	define(`mls_trusted_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_trusted_object'($*)) dnl
+	
+	gen_require(`
+		attribute mlstrustedobject;
+	')
+
+	typeattribute $1 mlstrustedobject;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_trusted_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified socket MLS trusted.
+## </summary>
+## <desc>
+##	<p>
+##	Make specified socket MLS trusted. For sockets
+##	marked as such, this allows all levels to:
+##	 * sendto to unix_dgram_sockets
+##	 * connectto to unix_stream_sockets
+##	respectively.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	The type of the object.
+##	</summary>
+## </param>
+#
+ 	 	define(`mls_trusted_socket',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_trusted_socket'($*)) dnl
+	
+	gen_require(`
+		attribute mlstrustedsocket;
+	')
+
+	typeattribute $1 mlstrustedsocket;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_trusted_socket'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified domain trusted
+##	to inherit and use file descriptors
+##	from all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_fd_use_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_fd_use_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfduse;
+	')
+
+	typeattribute $1 mlsfduse;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_fd_use_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the file descriptors from the
+##	specifed domain inheritable by
+##	all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_fd_share_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_fd_share_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsfdshare;
+	')
+
+	typeattribute $1 mlsfdshare;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_fd_share_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for translating contexts at all levels.  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_context_translate_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_context_translate_all_levels'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_context_translate_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for reading from databases at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_db_read_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_db_read_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsdbread;
+	')
+
+	typeattribute $1 mlsdbread;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_db_read_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for writing to databases at any level.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_db_write_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_db_write_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsdbwrite;
+	')
+
+	typeattribute $1 mlsdbwrite;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_db_write_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for raising the level of databases.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_db_upgrade',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_db_upgrade'($*)) dnl
+	
+	gen_require(`
+		attribute mlsdbupgrade;
+	')
+
+	typeattribute $1 mlsdbupgrade;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_db_upgrade'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for lowering the level of databases.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_db_downgrade',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_db_downgrade'($*)) dnl
+	
+	gen_require(`
+		attribute mlsdbdowngrade;
+	')
+
+	typeattribute $1 mlsdbdowngrade;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_db_downgrade'($*)) dnl
+	')
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for sending dbus messages to
+##	all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_dbus_send_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_dbus_send_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsdbussend;
+	')
+
+	typeattribute $1 mlsdbussend;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_dbus_send_all_levels'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make specified domain MLS trusted
+##	for receiving dbus messages from
+##	all levels.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mls_dbus_recv_all_levels',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mls_dbus_recv_all_levels'($*)) dnl
+	
+	gen_require(`
+		attribute mlsdbusrecv;
+	')
+
+	typeattribute $1 mlsdbusrecv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mls_dbus_recv_all_levels'($*)) dnl
+	')
+
+## <summary>Core policy for domains.</summary>
+## <required val="true">
+##	Contains the concept of a domain.
+## </required>
+
+########################################
+## <summary>
+##	Make the specified type usable as a basic domain.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable as a basic domain.
+##	</p>
+##	<p>
+##	This is primarily used for kernel threads;
+##	generally the domain_type() interface is
+##	more appropriate for userland processes.
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be used as a basic domain type.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_base_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_base_type'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	typeattribute $1 domain;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_base_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable as a domain.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable as a domain.  This,
+##	or an interface that calls this interface, must be
+##	used on all types that are used as domains.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>application_domain()</li>
+##		<li>init_daemon_domain()</li>
+##		<li>init_domaion()</li>
+##		<li>init_ranged_daemon_domain()</li>
+##		<li>init_ranged_domain()</li>
+##		<li>init_ranged_system_domain()</li>
+##		<li>init_script_domain()</li>
+##		<li>init_system_domain()</li>
+##	</ul>
+##	<p>
+##	Example:
+##	</p>
+##	<p>
+##	type mydomain_t;
+##	domain_type(mydomain_t)
+##	type myfile_t;
+##	files_type(myfile_t)
+##	allow mydomain_t myfile_t:file read_file_perms;
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be used as a domain type.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`domain_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_type'($*)) dnl
+	
+	# start with basic domain
+	domain_base_type($1)
+
+	ifdef(`distro_redhat',`
+		optional_policy(`
+			unconfined_use_fds($1)
+		')
+	')
+
+	# send init a sigchld and signull
+	optional_policy(`
+		init_sigchld($1)
+		init_signull($1)
+	')
+
+	# these seem questionable:
+
+	optional_policy(`
+		rpm_use_fds($1)
+		rpm_read_pipes($1)
+	')
+
+	optional_policy(`
+		selinux_dontaudit_getattr_fs($1)
+		selinux_dontaudit_read_fs($1)
+	')
+
+	optional_policy(`
+		seutil_dontaudit_read_config($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable as
+##	an entry point for the domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be entered.
+##	</summary>
+## </param>
+## <param name="type">
+##	<summary>
+##	Type of program used for entering
+##	the domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_entry_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_entry_file'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	allow $1 $2:file entrypoint;
+	allow $1 $2:file { mmap_exec_file_perms ioctl lock };
+
+	typeattribute $2 entry_type;
+
+	corecmd_executable_file($2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_entry_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the file descriptors of the specified
+##	domain for interactive use (widely inheritable)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_interactive_fd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_interactive_fd'($*)) dnl
+	
+	gen_require(`
+		attribute privfd;
+	')
+
+	typeattribute $1 privfd;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_interactive_fd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to perform
+##	dynamic transitions.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to perform
+##	dynamic transitions.
+##	</p>
+##	<p>
+##	This violates process tranquility, and it
+##	is strongly suggested that this not be used.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dyntrans_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dyntrans_type'($*)) dnl
+	
+	gen_require(`
+		attribute set_curr_context;
+	')
+
+	typeattribute $1 set_curr_context;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dyntrans_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Makes caller and execption to the constraint
+##	preventing changing to the system user
+##	identity and system role.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_system_change_exemption',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_system_change_exemption'($*)) dnl
+	
+	gen_require(`
+		attribute can_system_change;
+	')
+
+	typeattribute $1 can_system_change;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_system_change_exemption'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Makes caller an exception to the constraint preventing
+##	changing of user identity.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The process type to make an exception to the constraint.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_subj_id_change_exemption',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_subj_id_change_exemption'($*)) dnl
+	
+	gen_require(`
+		attribute can_change_process_identity;
+	')
+
+	typeattribute $1 can_change_process_identity;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_subj_id_change_exemption'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Makes caller an exception to the constraint preventing
+##	changing of role.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The process type to make an exception to the constraint.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_role_change_exemption',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_role_change_exemption'($*)) dnl
+	
+	gen_require(`
+		attribute can_change_process_role;
+	')
+
+	typeattribute $1 can_change_process_role;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_role_change_exemption'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Makes caller an exception to the constraint preventing
+##	changing the user identity in object contexts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The process type to make an exception to the constraint.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_obj_id_change_exemption',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_obj_id_change_exemption'($*)) dnl
+	
+	gen_require(`
+		attribute can_change_object_identity;
+	')
+
+	typeattribute $1 can_change_object_identity;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_obj_id_change_exemption'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified domain the target of
+##	the user domain exception of the
+##	SELinux role and identity change
+##	constraints.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified domain the target of
+##	the user domain exception of the
+##	SELinux role and identity change
+##	constraints.
+##	</p>
+##	<p>
+##	This interface is needed to decouple
+##	the user domains from the base module.
+##	It should not be used other than on
+##	user domains.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain target for user exemption.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_user_exemption_target',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_user_exemption_target'($*)) dnl
+	
+	gen_require(`
+		attribute process_user_target;
+	')
+
+	typeattribute $1 process_user_target;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_user_exemption_target'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified domain the source of
+##	the cron domain exception of the
+##	SELinux role and identity change
+##	constraints.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified domain the source of
+##	the cron domain exception of the
+##	SELinux role and identity change
+##	constraints.
+##	</p>
+##	<p>
+##	This interface is needed to decouple
+##	the cron domains from the base module.
+##	It should not be used other than on
+##	cron domains.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain target for user exemption.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_cron_exemption_source',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_cron_exemption_source'($*)) dnl
+	
+	gen_require(`
+		attribute cron_source_domain;
+	')
+
+	typeattribute $1 cron_source_domain;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_cron_exemption_source'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified domain the target of
+##	the cron domain exception of the
+##	SELinux role and identity change
+##	constraints.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified domain the target of
+##	the cron domain exception of the
+##	SELinux role and identity change
+##	constraints.
+##	</p>
+##	<p>
+##	This interface is needed to decouple
+##	the cron domains from the base module.
+##	It should not be used other than on
+##	user cron jobs.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain target for user exemption.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_cron_exemption_target',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_cron_exemption_target'($*)) dnl
+	
+	gen_require(`
+		attribute cron_job_domain;
+	')
+
+	typeattribute $1 cron_job_domain;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_cron_exemption_target'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use file descriptors from
+##	domains with interactive programs.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to inherit and use file
+##	descriptors from domains with interactive programs.
+##	This does not allow access to the objects being referenced
+##	by the file descriptors.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="1"/>
+#
+ 	 	define(`domain_use_interactive_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_use_interactive_fds'($*)) dnl
+	
+	gen_require(`
+		attribute privfd;
+	')
+
+	allow $1 privfd:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_use_interactive_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit file
+##	descriptors from domains with interactive
+##	programs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_use_interactive_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_use_interactive_fds'($*)) dnl
+	
+	gen_require(`
+		attribute privfd;
+	')
+
+	dontaudit $1 privfd:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_use_interactive_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGCHLD signal to domains whose file
+##	discriptors are widely inheritable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: this was added because of newrole
+ 	 	define(`domain_sigchld_interactive_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_sigchld_interactive_fds'($*)) dnl
+	
+	gen_require(`
+		attribute privfd;
+	')
+
+	allow $1 privfd:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_sigchld_interactive_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the nice level of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_setpriority_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_setpriority_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process setsched;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_setpriority_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send general signals to all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_signal_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_signal_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_signal_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send general
+##	signals to all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_dontaudit_signal_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_signal_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_signal_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a null signal to all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_signull_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_signull_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_signull_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a stop signal to all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_sigstop_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_sigstop_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process sigstop;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_sigstop_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a child terminated signal to all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_sigchld_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_sigchld_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_sigchld_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a kill signal to all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_kill_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_kill_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process sigkill;
+	allow $1 self:capability kill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_kill_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the process state directory (/proc/pid) of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_search_all_domains_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_search_all_domains_state'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	kernel_search_proc($1)
+	allow $1 domain:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_search_all_domains_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the process
+##	state directory (/proc/pid) of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_search_all_domains_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_search_all_domains_state'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_search_all_domains_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the process state (/proc/pid) of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_read_all_domains_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_read_all_domains_state'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	kernel_search_proc($1)
+	allow $1 domain:dir list_dir_perms;
+	read_files_pattern($1, domain, domain)
+	read_lnk_files_pattern($1, domain, domain)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_read_all_domains_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all domains of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_getattr_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getattr_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getattr_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:process getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the process state (/proc/pid) of all confined domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_read_confined_domains_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_read_confined_domains_state'($*)) dnl
+	
+	gen_require(`
+		attribute domain, unconfined_domain_type;
+	')
+
+	kernel_search_proc($1)
+	allow $1 { domain -unconfined_domain_type }:dir list_dir_perms;
+	read_files_pattern($1, { domain -unconfined_domain_type }, { domain -unconfined_domain_type })
+	read_lnk_files_pattern($1, { domain -unconfined_domain_type }, { domain -unconfined_domain_type })
+
+	dontaudit $1 unconfined_domain_type:dir search_dir_perms;
+	dontaudit $1 unconfined_domain_type:file read_file_perms;
+	dontaudit $1 unconfined_domain_type:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_read_confined_domains_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all confined domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_getattr_confined_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getattr_confined_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain, unconfined_domain_type;
+	')
+
+	allow $1 { domain -unconfined_domain_type }:process getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getattr_confined_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Ptrace all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_ptrace_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_ptrace_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process ptrace;
+	allow domain $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_ptrace_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to ptrace all domains.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to ptrace all domains.
+##	</p>
+##	<p>
+##	Generally this needs to be suppressed because procps tries to access
+##	/proc/pid/environ and this now triggers a ptrace check in recent kernels
+##	(2.4 and 2.6).
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_ptrace_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_ptrace_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:process ptrace;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_ptrace_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to ptrace confined domains.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to ptrace confined domains.
+##	</p>
+##	<p>
+##	Generally this needs to be suppressed because procps tries to access
+##	/proc/pid/environ and this now triggers a ptrace check in recent kernels
+##	(2.4 and 2.6).
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_ptrace_confined_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_ptrace_confined_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain, unconfined_domain_type;
+	')
+
+	dontaudit $1 { domain -unconfined_domain_type }:process ptrace;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_ptrace_confined_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read the process
+##	state (/proc/pid) of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_read_all_domains_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_read_all_domains_state'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:dir list_dir_perms;
+	dontaudit $1 domain:lnk_file read_lnk_file_perms;
+	dontaudit $1 domain:file read_file_perms;
+
+	# cjp: these should be removed:
+	dontaudit $1 domain:sock_file read_sock_file_perms;
+	dontaudit $1 domain:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_read_all_domains_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read the process state
+##	directories of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_list_all_domains_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_list_all_domains_state'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_list_all_domains_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the session ID of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_getsession_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getsession_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process getsession;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getsession_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	session ID of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getsession_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getsession_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:process getsession;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getsession_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the process group ID of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_getpgid_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getpgid_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process getpgid;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getpgid_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the scheduler information of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_getsched_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getsched_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process getsched;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getsched_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the capability information of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_getcap_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getcap_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:process getcap;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getcap_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all domains
+##	sockets, for all socket types.
+## </summary>
+## <desc>
+##	<p>
+##	Get the attributes of all domains
+##	sockets, for all socket types.
+##	</p>
+##	<p>
+##	This is commonly used for domains
+##	that can use lsof on all domains.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_getattr_all_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getattr_all_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:socket_class_set getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getattr_all_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all domains sockets, for all socket types.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to get the attributes
+##	of all domains sockets, for all socket types.
+##	</p>
+##	<p>
+##	This interface was added for PCMCIA cardmgr
+##	and is probably excessive.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:socket_class_set getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all domains TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:tcp_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all domains UDP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_udp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_udp_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:udp_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_udp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	all domains UDP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_rw_all_udp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_rw_all_udp_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:udp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_rw_all_udp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get attribues of
+##	all domains IPSEC key management sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_key_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_key_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:key_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_key_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get attribues of
+##	all domains packet sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_packet_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_packet_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:packet_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_packet_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get attribues of
+##	all domains raw sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_raw_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_raw_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:rawip_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_raw_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	all domains key sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_rw_all_key_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_rw_all_key_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:key_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_rw_all_key_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all domains unix datagram sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_dgram_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_dgram_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:unix_dgram_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_dgram_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes
+##	of all domains unix datagram sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_getattr_all_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getattr_all_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:unix_stream_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getattr_all_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all domains unix stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:unix_stream_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all domains
+##	unnamed pipes.
+## </summary>
+## <desc>
+##	<p>
+##	Get the attributes of all domains
+##	unnamed pipes.
+##	</p>
+##	<p>
+##	This is commonly used for domains
+##	that can use lsof on all domains.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_getattr_all_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getattr_all_pipes'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:fifo_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getattr_all_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all domains unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_pipes'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:fifo_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified type to set context of all
+##	domains IPSEC associations.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_ipsec_setcontext_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_ipsec_setcontext_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:association setcontext;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_ipsec_setcontext_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of entry point
+##	files for all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_getattr_all_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_getattr_all_entry_files'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	allow $1 entry_type:lnk_file read_lnk_file_perms;
+	allow $1 entry_type:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_getattr_all_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of all entry point files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getattr_all_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getattr_all_entry_files'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	dontaudit $1 entry_type:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getattr_all_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the entry point files for all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_read_all_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_read_all_entry_files'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	allow $1 entry_type:lnk_file read_lnk_file_perms;
+	allow $1 entry_type:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_read_all_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the entry point files for all
+##	domains in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`domain_exec_all_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_exec_all_entry_files'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	can_exec($1, entry_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_exec_all_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit checking for execute on all entry point files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_exec_all_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_exec_all_entry_files'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	dontaudit $1 entry_type:file exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_exec_all_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete all
+##	entrypoint files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`domain_manage_all_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_manage_all_entry_files'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	allow $1 entry_type:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_manage_all_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from all entry point
+##	file types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`domain_relabel_all_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_relabel_all_entry_files'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	allow $1 entry_type:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_relabel_all_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mmap all entry point files as executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`domain_mmap_all_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_mmap_all_entry_files'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	allow $1 entry_type:file mmap_exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_mmap_all_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute an entry_type in the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the new process.
+##	</summary>
+## </param>
+#
+# cjp: added for userhelper
+ 	 	define(`domain_entry_file_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_entry_file_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		attribute entry_type;
+	')
+
+	domain_transition_pattern($1, entry_type, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_entry_file_spec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Ability to mmap a low area of the address
+##	space conditionally, as configured by
+##	/proc/sys/kernel/mmap_min_addr.
+##	Preventing such mappings helps protect against
+##	exploiting null deref bugs in the kernel.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`domain_mmap_low',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_mmap_low'($*)) dnl
+	
+	gen_require(`
+		attribute mmap_low_domain_type;
+	')
+
+	typeattribute $1 mmap_low_domain_type;
+
+	tunable_policy(`mmap_low_allowed',`
+		allow $1 self:memprotect mmap_zero;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_mmap_low'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Ability to mmap a low area of the address
+##	space unconditionally, as configured
+##	by /proc/sys/kernel/mmap_min_addr.
+##	Preventing such mappings helps protect against
+##	exploiting null deref bugs in the kernel.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`domain_mmap_low_uncond',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_mmap_low_uncond'($*)) dnl
+	
+	gen_require(`
+		attribute mmap_low_domain_type;
+	')
+
+	typeattribute $1 mmap_low_domain_type;
+
+	allow $1 self:memprotect mmap_zero;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_mmap_low_uncond'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified type to receive labeled
+##	networking packets from all domains, over
+##	all protocols (TCP, UDP, etc)
+## </summary>
+## <param name="type">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_all_recvfrom_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_all_recvfrom_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+ 	')
+
+	corenet_all_recvfrom_labeled($1, domain)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_all_recvfrom_all_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_unconfined_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_unconfined_signal'($*)) dnl
+	
+	gen_require(`
+		attribute unconfined_domain_type;
+	')
+
+	allow $1 unconfined_domain_type:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_unconfined_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute set_curr_context;
+		attribute can_change_object_identity;
+		attribute unconfined_domain_type;
+		attribute process_uncond_exempt;
+	')
+
+	typeattribute $1 unconfined_domain_type;
+
+	# pass constraints
+	typeattribute $1 can_change_object_identity;
+	typeattribute $1 set_curr_context;
+	typeattribute $1 process_uncond_exempt;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_unconfined'($*)) dnl
+	')
+
+
+# Gentoo specific stuff, but I cannot use ifdef distro_gentoo in if files
+
+########################################
+## <summary>
+##	Do not audit getting the scheduler information of all domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`domain_dontaudit_getsched_all_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `domain_dontaudit_getsched_all_domains'($*)) dnl
+	
+	gen_require(`
+		attribute domain;
+	')
+
+	dontaudit $1 domain:process getsched;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `domain_dontaudit_getsched_all_domains'($*)) dnl
+	')
+
+## <summary>Least privledge xwindows user role.</summary>
+
+########################################
+## <summary>
+##	Change to the xguest role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`xguest_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xguest_role_change'($*)) dnl
+	
+	gen_require(`
+		role xguest_r;
+	')
+
+	allow $1 xguest_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xguest_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the xguest role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the xguest role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`xguest_role_change_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xguest_role_change_to'($*)) dnl
+	
+	gen_require(`
+		role xguest_r;
+	')
+
+	allow xguest_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xguest_role_change_to'($*)) dnl
+	')
+
+## <summary>Generic unprivileged user role</summary>
+
+########################################
+## <summary>
+##	Change to the generic user role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`unprivuser_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unprivuser_role_change'($*)) dnl
+	
+	gen_require(`
+		role user_r;
+	')
+
+	allow $1 user_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unprivuser_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the generic user role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the generic user role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`unprivuser_role_change_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unprivuser_role_change_to'($*)) dnl
+	
+	gen_require(`
+		role user_r;
+	')
+
+	allow user_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unprivuser_role_change_to'($*)) dnl
+	')
+
+## <summary>Web administrator role.</summary>
+
+########################################
+## <summary>
+##	Change to the web administrator role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`webadm_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `webadm_role_change'($*)) dnl
+	
+	gen_require(`
+		role webadm_r;
+	')
+
+	allow $1 webadm_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `webadm_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the web administrator role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the web administrator role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`webadm_role_change_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `webadm_role_change_to'($*)) dnl
+	
+	gen_require(`
+		role webadm_r;
+	')
+
+	allow webadm_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `webadm_role_change_to'($*)) dnl
+	')
+
+## <summary>General system administration role</summary>
+
+########################################
+## <summary>
+##	Change to the system administrator role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysadm_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_role_change'($*)) dnl
+	
+	gen_require(`
+		role sysadm_r;
+	')
+
+	allow $1 sysadm_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the system administrator role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the system administrator role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysadm_role_change_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_role_change_to'($*)) dnl
+	
+	gen_require(`
+		role sysadm_r;
+	')
+
+	allow sysadm_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_role_change_to'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a shell in the sysadm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysadm_shell_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_shell_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sysadm_t;
+	')
+
+	corecmd_shell_domtrans($1, sysadm_t)
+	allow sysadm_t $1:fd use;
+	allow sysadm_t $1:fifo_file rw_file_perms;
+	allow sysadm_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_shell_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a generic bin program in the sysadm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysadm_bin_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_bin_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sysadm_t;
+	')
+
+	corecmd_bin_spec_domtrans($1, sysadm_t)
+	allow sysadm_t $1:fd use;
+	allow sysadm_t $1:fifo_file rw_file_perms;
+	allow sysadm_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_bin_spec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute all entrypoint files in the sysadm domain. This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysadm_entry_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_entry_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sysadm_t;
+	')
+
+	domain_entry_file_spec_domtrans($1, sysadm_t)
+	allow sysadm_t $1:fd use;
+	allow sysadm_t $1:fifo_file rw_file_perms;
+	allow sysadm_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_entry_spec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow sysadm to execute all entrypoint files in
+##	a specified domain.  This is an explicit transition,
+##	requiring the caller to use setexeccon().
+## </summary>
+## <desc>
+##	<p>
+##	Allow sysadm to execute all entrypoint files in
+##	a specified domain.  This is an explicit transition,
+##	requiring the caller to use setexeccon().
+##	</p>
+##	<p>
+##	This is a interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysadm_entry_spec_domtrans_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_entry_spec_domtrans_to'($*)) dnl
+	
+	gen_require(`
+		type sysadm_t;
+	')
+
+	domain_entry_file_spec_domtrans(sysadm_t, $1)
+	allow $1 sysadm_t:fd use;
+	allow $1 sysadm_t:fifo_file rw_file_perms;
+	allow $1 sysadm_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_entry_spec_domtrans_to'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow sysadm to execute a generic bin program in
+##	a specified domain.  This is an explicit transition,
+##	requiring the caller to use setexeccon().
+## </summary>
+## <desc>
+##	<p>
+##	Allow sysadm to execute a generic bin program in
+##	a specified domain.
+##	</p>
+##	<p>
+##	This is a interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to execute in.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysadm_bin_spec_domtrans_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_bin_spec_domtrans_to'($*)) dnl
+	
+	gen_require(`
+		type sysadm_t;
+	')
+
+	corecmd_bin_spec_domtrans(sysadm_t, $1)
+	allow $1 sysadm_t:fd use;
+	allow $1 sysadm_t:fifo_file rw_file_perms;
+	allow $1 sysadm_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_bin_spec_domtrans_to'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGCHLD signal to sysadm users.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysadm_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_sigchld'($*)) dnl
+	
+	gen_require(`
+		type sysadm_t;
+	')
+
+	allow $1 sysadm_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use sysadm file descriptors
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysadm_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_use_fds'($*)) dnl
+	
+	gen_require(`
+		type sysadm_t;
+	')
+
+	allow $1 sysadm_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write sysadm user unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysadm_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysadm_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type sysadm_t;
+	')
+
+	allow $1 sysadm_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysadm_rw_pipes'($*)) dnl
+	')
+
+## <summary>Administrator's unprivileged user role</summary>
+
+########################################
+## <summary>
+##	Change to the staff role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`staff_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `staff_role_change'($*)) dnl
+	
+	gen_require(`
+		role staff_r;
+	')
+
+	allow $1 staff_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `staff_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the staff role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the staff role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`staff_role_change_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `staff_role_change_to'($*)) dnl
+	
+	gen_require(`
+		role staff_r;
+	')
+
+	allow staff_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `staff_role_change_to'($*)) dnl
+	')
+
+## <summary>Least privledge terminal user role.</summary>
+
+########################################
+## <summary>
+##	Change to the guest role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`guest_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `guest_role_change'($*)) dnl
+	
+	gen_require(`
+		role guest_r;
+	')
+
+	allow $1 guest_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `guest_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the guest role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the guest role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`guest_role_change_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `guest_role_change_to'($*)) dnl
+	
+	gen_require(`
+		role guest_r;
+	')
+
+	allow guest_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `guest_role_change_to'($*)) dnl
+	')
+
+## <summary>Log administrator role</summary>
+
+########################################
+## <summary>
+##	Change to the log administrator role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logadm_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logadm_role_change'($*)) dnl
+	
+	gen_require(`
+		role logadm_r;
+	')
+
+	allow $1 logadm_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logadm_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the log administrator role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the log administrator role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logadm_role_change_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logadm_role_change_to'($*)) dnl
+	
+	gen_require(`
+		role logadm_r;
+	')
+
+	allow logadm_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logadm_role_change_to'($*)) dnl
+	')
+
+## <summary>Audit administrator role</summary>
+
+########################################
+## <summary>
+##	Change to the audit administrator role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`auditadm_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auditadm_role_change'($*)) dnl
+	
+	gen_require(`
+		role auditadm_r;
+	')
+
+	allow $1 auditadm_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auditadm_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the audit administrator role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the audit administrator role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`auditadm_role_change_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auditadm_role_change_to'($*)) dnl
+	
+	gen_require(`
+		role auditadm_r;
+	')
+
+	allow auditadm_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auditadm_role_change_to'($*)) dnl
+	')
+
+## <summary>Database administrator role.</summary>
+
+########################################
+## <summary>
+##	Change to the database administrator role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dbadm_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbadm_role_change'($*)) dnl
+	
+	gen_require(`
+		role dbadm_r;
+	')
+
+	allow $1 dbadm_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbadm_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the database administrator role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the database administrator role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dbadm_role_change_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbadm_role_change_to'($*)) dnl
+	
+	gen_require(`
+		role dbadm_r;
+	')
+
+	allow dbadm_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbadm_role_change_to'($*)) dnl
+	')
+
+## <summary>Security administrator role</summary>
+
+########################################
+## <summary>
+##	Change to the security administrator role.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`secadm_role_change',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `secadm_role_change'($*)) dnl
+	
+	gen_require(`
+		role secadm_r;
+	')
+
+	allow $1 secadm_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `secadm_role_change'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Change from the security administrator role.
+## </summary>
+## <desc>
+##	<p>
+##	Change from the security administrator role to
+##	the specified role.
+##	</p>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`secadm_role_change_to_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `secadm_role_change_to_template'($*)) dnl
+	
+	gen_require(`
+		role secadm_r;
+	')
+
+	allow secadm_r $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `secadm_role_change_to_template'($*)) dnl
+	')
+
+
+## <summary>Bluetooth tools and system services.</summary>
+
+########################################
+## <summary>
+##	Role access for bluetooth.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`bluetooth_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bluetooth_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role bluetooth_helper_roles;
+		type bluetooth_t, bluetooth_helper_t, bluetooth_helper_exec_t;
+		type bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_runtime_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $1 bluetooth_helper_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($2, bluetooth_helper_exec_t, bluetooth_helper_t)
+
+	ps_process_pattern($2, bluetooth_helper_t)
+	allow $2 bluetooth_helper_t:process { ptrace signal_perms };
+
+	allow $2 bluetooth_t:socket rw_socket_perms;
+
+	allow $2 { bluetooth_helper_tmp_t bluetooth_helper_tmpfs_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { bluetooth_helper_tmp_t bluetooth_helper_tmpfs_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 bluetooth_helper_tmp_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	stream_connect_pattern($2, bluetooth_runtime_t, bluetooth_runtime_t, bluetooth_t)
+	files_search_pids($2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bluetooth_role'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to bluetooth over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bluetooth_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bluetooth_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type bluetooth_t, bluetooth_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 bluetooth_t:socket rw_socket_perms;
+	stream_connect_pattern($1, bluetooth_runtime_t, bluetooth_runtime_t, bluetooth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bluetooth_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute bluetooth in the bluetooth domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`bluetooth_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bluetooth_domtrans'($*)) dnl
+	
+	gen_require(`
+		type bluetooth_t, bluetooth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, bluetooth_exec_t, bluetooth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bluetooth_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read bluetooth configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bluetooth_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bluetooth_read_config'($*)) dnl
+	
+	gen_require(`
+		type bluetooth_conf_t;
+	')
+
+	allow $1 bluetooth_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bluetooth_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	bluetooth over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bluetooth_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bluetooth_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type bluetooth_t;
+		class dbus send_msg;
+	')
+
+	allow $1 bluetooth_t:dbus send_msg;
+	allow bluetooth_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bluetooth_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read
+##	bluetooth process state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`bluetooth_dontaudit_read_helper_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bluetooth_dontaudit_read_helper_state'($*)) dnl
+	
+	gen_require(`
+		type bluetooth_helper_t;
+	')
+
+	dontaudit $1 bluetooth_helper_t:dir search_dir_perms;
+	dontaudit $1 bluetooth_helper_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bluetooth_dontaudit_read_helper_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an bluetooth environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bluetooth_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bluetooth_admin'($*)) dnl
+	
+	gen_require(`
+		type bluetooth_t, bluetooth_tmp_t, bluetooth_lock_t;
+		type bluetooth_var_lib_t, bluetooth_runtime_t;
+		type bluetooth_conf_t, bluetooth_conf_rw_t, bluetooth_var_lib_t;
+		type bluetooth_initrc_exec_t;
+	')
+
+	allow $1 bluetooth_t:process { ptrace signal_perms };
+	ps_process_pattern($1, bluetooth_t)
+
+	init_startstop_service($1, $2, bluetooth_t, bluetooth_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, bluetooth_tmp_t)
+
+	files_list_var($1)
+	admin_pattern($1, bluetooth_lock_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { bluetooth_conf_t bluetooth_conf_rw_t })
+
+	files_list_var_lib($1)
+	admin_pattern($1, bluetooth_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, bluetooth_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bluetooth_admin'($*)) dnl
+	')
+
+## <summary>Trivial file transfer protocol daemon.</summary>
+
+########################################
+## <summary>
+##	Read tftp content files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tftp_read_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tftp_read_content'($*)) dnl
+	
+	gen_require(`
+		type tftpdir_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 tftpdir_t:dir list_dir_perms;
+	allow $1 tftpdir_t:file read_file_perms;
+	allow $1 tftpdir_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tftp_read_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	tftp rw content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tftp_manage_rw_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tftp_manage_rw_content'($*)) dnl
+	
+	gen_require(`
+		type tftpdir_rw_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 tftpdir_rw_t:dir manage_dir_perms;
+	allow $1 tftpdir_rw_t:file manage_file_perms;
+	allow $1 tftpdir_rw_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tftp_manage_rw_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read tftpd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tftp_read_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tftp_read_config_files'($*)) dnl
+	
+	gen_require(`
+		type tftpd_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 tftpd_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tftp_read_config_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	tftpd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tftp_manage_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tftp_manage_config_files'($*)) dnl
+	
+	gen_require(`
+		type tftpd_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 tftpd_conf_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tftp_manage_config_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in etc directories
+##	with tftp conf type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`tftp_etc_filetrans_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tftp_etc_filetrans_config'($*)) dnl
+	
+	gen_require(`
+		type tftpd_conf_t;
+	')
+
+	files_etc_filetrans($1, tftpd_conf_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tftp_etc_filetrans_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in tftpdir directories
+##	with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`tftp_filetrans_tftpdir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tftp_filetrans_tftpdir'($*)) dnl
+	
+	gen_require(`
+		type tftpdir_rw_t;
+	')
+
+	files_search_var_lib($1)
+	filetrans_pattern($1, tftpdir_rw_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tftp_filetrans_tftpdir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an tftp environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tftp_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tftp_admin'($*)) dnl
+	
+	gen_require(`
+		type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_runtime_t;
+		type tftpd_conf_t;
+	')
+
+	allow $1 tftpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, tftpd_t)
+
+	files_search_etc($1)
+	admin_pattern($1, tftpd_conf_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, { tftpdir_t tftpdir_rw_t })
+
+	files_list_pids($1)
+	admin_pattern($1, tftpd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tftp_admin'($*)) dnl
+	')
+
+## <summary>Trusted Platform Module 2.0</summary>
+
+########################################
+## <summary>
+##	Allow specified domain to enable/disable tpm2-abrmd unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tpm2_enabledisable_abrmd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tpm2_enabledisable_abrmd'($*)) dnl
+	
+	gen_require(`
+		type tpm2_abrmd_unit_t;
+		class service { enable disable };
+	')
+
+	allow $1 tpm2_abrmd_unit_t:service { enable disable };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tpm2_enabledisable_abrmd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to start/stop tpm2-abrmd unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tpm2_startstop_abrmd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tpm2_startstop_abrmd'($*)) dnl
+	
+	gen_require(`
+		type tpm2_abrmd_unit_t;
+		class service { start stop };
+	')
+
+	allow $1 tpm2_abrmd_unit_t:service { start stop };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tpm2_startstop_abrmd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to get status of tpm2-abrmd unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tpm2_status_abrmd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tpm2_status_abrmd'($*)) dnl
+	
+	gen_require(`
+		type tpm2_abrmd_unit_t;
+		class service status;
+	')
+
+	allow $1 tpm2_abrmd_unit_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tpm2_status_abrmd'($*)) dnl
+	')
+
+## <summary>ShoutCast compatible streaming media server.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run icecast.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`icecast_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `icecast_domtrans'($*)) dnl
+	
+	gen_require(`
+		type icecast_t, icecast_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, icecast_exec_t, icecast_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `icecast_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to icecast.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`icecast_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `icecast_signal'($*)) dnl
+	
+	gen_require(`
+		type icecast_t;
+	')
+
+	allow $1 icecast_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `icecast_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute icecast server in the icecast domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`icecast_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `icecast_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type icecast_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, icecast_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `icecast_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read icecast pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`icecast_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `icecast_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type icecast_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 icecast_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `icecast_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	icecast pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`icecast_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `icecast_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type icecast_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, icecast_runtime_t, icecast_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `icecast_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read icecast log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`icecast_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `icecast_read_log'($*)) dnl
+	
+	gen_require(`
+		type icecast_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, icecast_log_t, icecast_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `icecast_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append icecast log files.
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+#
+ 	 	define(`icecast_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `icecast_append_log'($*)) dnl
+	
+	gen_require(`
+		type icecast_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, icecast_log_t, icecast_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `icecast_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	icecast log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allow access.
+##	</summary>
+## </param>
+#
+ 	 	define(`icecast_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `icecast_manage_log'($*)) dnl
+	
+	gen_require(`
+		type icecast_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, icecast_log_t, icecast_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `icecast_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an icecast environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`icecast_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `icecast_admin'($*)) dnl
+	
+	gen_require(`
+		type icecast_t, icecast_initrc_exec_t, icecast_log_t;
+		type icecast_runtime_t;
+	')
+
+	init_startstop_service($1, $2, icecast_t, icecast_initrc_exec_t)
+
+	allow $1 icecast_t:process { ptrace signal_perms };
+	ps_process_pattern($1, icecast_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, icecast_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, icecast_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `icecast_admin'($*)) dnl
+	')
+
+## <summary>UUID generation daemon.</summary>
+
+########################################
+## <summary>
+##	Execute uuidd in the uuidd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`uuidd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uuidd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type uuidd_t, uuidd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, uuidd_exec_t, uuidd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uuidd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute uuidd init scripts in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uuidd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uuidd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type uuidd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, uuidd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uuidd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search uuidd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uuidd_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uuidd_search_lib'($*)) dnl
+	
+	gen_require(`
+		type uuidd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 uuidd_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uuidd_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read uuidd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uuidd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uuidd_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type uuidd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, uuidd_var_lib_t, uuidd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uuidd_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	uuidd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uuidd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uuidd_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type uuidd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, uuidd_var_lib_t, uuidd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uuidd_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	uuidd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uuidd_manage_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uuidd_manage_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type uuidd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, uuidd_var_lib_t, uuidd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uuidd_manage_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read uuidd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uuidd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uuidd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type uuidd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 uuidd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uuidd_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to uuidd with an unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uuidd_stream_connect_manager',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uuidd_stream_connect_manager'($*)) dnl
+	
+	gen_require(`
+		type uuidd_t, uuidd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, uuidd_runtime_t, uuidd_runtime_t, uuidd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uuidd_stream_connect_manager'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an uuidd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`uuidd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uuidd_admin'($*)) dnl
+	
+	gen_require(`
+		type uuidd_t, uuidd_initrc_exec_t;
+		type uuidd_runtime_t, uuidd_var_lib_t;
+	')
+
+	allow $1 uuidd_t:process signal_perms;
+	ps_process_pattern($1, uuidd_t)
+
+	init_startstop_service($1, $2, uuidd_t, uuidd_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, uuidd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, uuidd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uuidd_admin'($*)) dnl
+	')
+
+## <summary>Cyrus is an IMAP service intended to be run on sealed servers.</summary>
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	cyrus data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cyrus_manage_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cyrus_manage_data'($*)) dnl
+	
+	gen_require(`
+		type cyrus_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cyrus_manage_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to Cyrus using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cyrus_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cyrus_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type cyrus_t, cyrus_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	stream_connect_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t, cyrus_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cyrus_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cyrus environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cyrus_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cyrus_admin'($*)) dnl
+	
+	gen_require(`
+		type cyrus_t, cyrus_tmp_t, cyrus_var_lib_t;
+		type cyrus_runtime_t, cyrus_initrc_exec_t;
+		type cyrus_keytab_t;
+	')
+
+	allow $1 cyrus_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cyrus_t)
+
+	init_startstop_service($1, $2, cyrus_t, cyrus_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, cyrus_keytab_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, cyrus_tmp_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, cyrus_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, cyrus_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cyrus_admin'($*)) dnl
+	')
+
+## <summary>Portable Transparent Proxy Solution.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an transproxy environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`transproxy_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `transproxy_admin'($*)) dnl
+	
+	gen_require(`
+		type transproxy_t, transproxy_initrc_exec_t, transproxy_runtime_t;
+	')
+
+	allow $1 transproxy_t:process { ptrace signal_perms };
+	ps_process_pattern($1, transproxy_t)
+
+	init_startstop_service($1, $2, transproxy_t, transproxy_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, transproxy_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `transproxy_admin'($*)) dnl
+	')
+
+## <summary>SSH dictionary attack mitigation.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run denyhosts.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`denyhosts_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `denyhosts_domtrans'($*)) dnl
+	
+	gen_require(`
+		type denyhosts_t, denyhosts_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, denyhosts_exec_t, denyhosts_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `denyhosts_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute denyhost server in the
+##	denyhost domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`denyhosts_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `denyhosts_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type denyhosts_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, denyhosts_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `denyhosts_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an denyhosts environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`denyhosts_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `denyhosts_admin'($*)) dnl
+	
+	gen_require(`
+		type denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lock_t;
+		type denyhosts_var_log_t, denyhosts_initrc_exec_t;
+	')
+
+	allow $1 denyhosts_t:process { ptrace signal_perms };
+	ps_process_pattern($1, denyhosts_t)
+
+	init_startstop_service($1, $2, denyhosts_t, denyhosts_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, denyhosts_var_lib_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, denyhosts_var_log_t)
+
+	files_search_locks($1)
+	admin_pattern($1, denyhosts_var_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `denyhosts_admin'($*)) dnl
+	')
+
+## <summary>UNIX Client-Server Program Interface for TCP.</summary>
+
+########################################
+## <summary>
+##	Define a specified domain as a ucspitcp service.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type associated with the process program.
+##	</summary>
+## </param>
+#
+ 	 	define(`ucspitcp_service_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ucspitcp_service_domain'($*)) dnl
+	
+	gen_require(`
+		type ucspitcp_t;
+	')
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+
+	role system_r types $1;
+
+	domtrans_pattern(ucspitcp_t, $2, $1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ucspitcp_service_domain'($*)) dnl
+	')
+
+## <summary>Universal Addresses to RPC Program Number Mapper.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run rpcbind.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`rpcbind_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpcbind_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rpcbind_t, rpcbind_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rpcbind_exec_t, rpcbind_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpcbind_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to rpcbind with a
+##	unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpcbind_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpcbind_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type rpcbind_t, rpcbind_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, rpcbind_runtime_t, rpcbind_runtime_t, rpcbind_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpcbind_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rpcbind pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpcbind_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpcbind_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type rpcbind_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 rpcbind_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpcbind_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search rpcbind lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpcbind_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpcbind_search_lib'($*)) dnl
+	
+	gen_require(`
+		type rpcbind_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 rpcbind_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpcbind_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rpcbind lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpcbind_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpcbind_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type rpcbind_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, rpcbind_var_lib_t, rpcbind_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpcbind_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rpcbind lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpcbind_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpcbind_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type rpcbind_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, rpcbind_var_lib_t, rpcbind_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpcbind_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to rpcbind.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpcbind_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpcbind_signull'($*)) dnl
+	
+	gen_require(`
+		type rpcbind_t;
+	')
+
+	allow $1 rpcbind_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpcbind_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rpcbind environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rpcbind_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpcbind_admin'($*)) dnl
+	
+	gen_require(`
+		type rpcbind_t, rpcbind_var_lib_t, rpcbind_runtime_t;
+		type rpcbind_initrc_exec_t;
+	')
+
+	allow $1 rpcbind_t:process { ptrace signal_perms };
+	ps_process_pattern($1, rpcbind_t)
+
+	init_startstop_service($1, $2, rpcbind_t, rpcbind_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, rpcbind_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, rpcbind_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpcbind_admin'($*)) dnl
+	')
+
+## <summary>Dictionary daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dictd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dictd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dictd_admin'($*)) dnl
+	
+	gen_require(`
+		type dictd_t, dictd_etc_t, dictd_var_lib_t;
+		type dictd_runtime_t, dictd_initrc_exec_t;
+	')
+
+	allow $1 dictd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dictd_t)
+
+	init_startstop_service($1, $2, dictd_t, dictd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, dictd_etc_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, dictd_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, dictd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dictd_admin'($*)) dnl
+	')
+
+## <summary>console font and keymap setup program for debian</summary>
+
+########################################
+## <summary>
+##  Execute console-setup in the consolesetup domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`consolesetup_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolesetup_domtrans'($*)) dnl
+	
+    gen_require(`
+        type consolesetup_t, consolesetup_conf_t, consolesetup_exec_t, consolesetup_runtime_t;
+    ')
+
+    corecmd_search_bin($1)
+    domtrans_pattern($1, consolesetup_exec_t, consolesetup_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolesetup_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##  Read console-setup configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`consolesetup_read_conf',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolesetup_read_conf'($*)) dnl
+	
+	gen_require(`
+        type consolesetup_conf_t;
+	')
+
+    files_search_etc($1)
+    allow $1 consolesetup_conf_t:dir list_dir_perms;
+    allow $1 consolesetup_conf_t:file read_file_perms;
+    allow $1 consolesetup_conf_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolesetup_read_conf'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##  Execute console-setup configuration files
+##  in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`consolesetup_exec_conf',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolesetup_exec_conf'($*)) dnl
+	
+    gen_require(`
+        type consolesetup_conf_t;
+    ')
+
+    files_search_etc($1)
+    exec_files_pattern($1, consolesetup_conf_t, consolesetup_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolesetup_exec_conf'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##  Allow the caller to manage
+##  consolesetup_runtime_t files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`consolesetup_manage_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolesetup_manage_runtime'($*)) dnl
+	
+    gen_require(`
+        type consolesetup_runtime_t;
+    ')
+
+    files_search_pids($1)
+    manage_dirs_pattern($1, consolesetup_runtime_t, consolesetup_runtime_t)
+    manage_files_pattern($1, consolesetup_runtime_t, consolesetup_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolesetup_manage_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##  Create a console-setup directory in
+##  the runtime directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`consolesetup_pid_filetrans_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolesetup_pid_filetrans_runtime'($*)) dnl
+	
+    gen_require(`
+        type consolesetup_runtime_t;
+    ')
+
+    files_pid_filetrans($1, consolesetup_runtime_t, dir, "console-setup")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolesetup_pid_filetrans_runtime'($*)) dnl
+	')
+
+## <summary>The onion router.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run tor.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tor_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tor_domtrans'($*)) dnl
+	
+	gen_require(`
+		type tor_t, tor_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, tor_exec_t, tor_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tor_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an tor environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tor_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tor_admin'($*)) dnl
+	
+	gen_require(`
+		type tor_t, tor_var_log_t, tor_etc_t;
+		type tor_var_lib_t, tor_runtime_t, tor_initrc_exec_t;
+	')
+
+	allow $1 tor_t:process { ptrace signal_perms };
+	ps_process_pattern($1, tor_t)
+
+	init_startstop_service($1, $2, tor_t, tor_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, tor_etc_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, tor_var_lib_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, tor_var_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, tor_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tor_admin'($*)) dnl
+	')
+
+## <summary>University of Washington IMAP toolkit POP3 and IMAP mail server.</summary>
+
+########################################
+## <summary>
+##	Execute imapd in the imapd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`uwimap_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uwimap_domtrans'($*)) dnl
+	
+	gen_require(`
+		type imapd_t, imapd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, imapd_exec_t, imapd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uwimap_domtrans'($*)) dnl
+	')
+
+## <summary>IRQ balancing daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an irqbalance environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`irqbalance_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `irqbalance_admin'($*)) dnl
+	
+	gen_require(`
+		type irqbalance_t, irqbalance_initrc_exec_t;
+		type irqbalance_pid_t, irqbalance_unit_t;
+	')
+
+	allow $1 irqbalance_t:process { ptrace signal_perms };
+	ps_process_pattern($1, irqbalance_t)
+
+	init_startstop_service($1, $2, irqbalance_t, irqbalance_initrc_exec_t, irqbalance_unit_t)
+
+	files_search_pids($1)
+	admin_pattern($1, irqbalance_pid_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `irqbalance_admin'($*)) dnl
+	')
+
+## <summary>Roundup Issue Tracking System.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an roundup environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`roundup_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `roundup_admin'($*)) dnl
+	
+	gen_require(`
+		type roundup_t, roundup_var_lib_t, roundup_runtime_t;
+		type roundup_initrc_exec_t;
+	')
+
+	allow $1 roundup_t:process { ptrace signal_perms };
+	ps_process_pattern($1, roundup_t)
+
+	init_startstop_service($1, $2, roundup_t, roundup_initrc_exec_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, roundup_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, roundup_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `roundup_admin'($*)) dnl
+	')
+
+## <summary>Manage electronic mail discussion and e-newsletter lists.</summary>
+
+#######################################
+## <summary>
+##	The template to define a mailman domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute mailman_domain;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type mailman_$1_t, mailman_domain;
+	type mailman_$1_exec_t;
+	domain_type(mailman_$1_t)
+	domain_entry_file(mailman_$1_t, mailman_$1_exec_t)
+	role system_r types mailman_$1_t;
+
+	type mailman_$1_tmp_t;
+	files_tmp_file(mailman_$1_tmp_t)
+
+	####################################
+	#
+	# Policy
+	#
+
+	manage_dirs_pattern(mailman_$1_t, mailman_$1_tmp_t, mailman_$1_tmp_t)
+	manage_files_pattern(mailman_$1_t, mailman_$1_tmp_t, mailman_$1_tmp_t)
+	files_tmp_filetrans(mailman_$1_t, mailman_$1_tmp_t, { file dir })
+
+	auth_use_nsswitch(mailman_$1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_domain_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute mailman in the mailman domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mailman_mail_exec_t, mailman_mail_t;
+	')
+
+	libs_search_lib($1)
+	domtrans_pattern($1, mailman_mail_exec_t, mailman_mail_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the mailman program in the
+##	mailman domain and allow the
+##	specified role the mailman domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mailman_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role mailman_roles;
+	')
+
+	mailman_domtrans($1)
+	roleattribute $2 mailman_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_run'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute mailman CGI scripts in the
+##	mailman CGI domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_domtrans_cgi',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_domtrans_cgi'($*)) dnl
+	
+	gen_require(`
+		type mailman_cgi_exec_t, mailman_cgi_t;
+	')
+
+	libs_search_lib($1)
+	domtrans_pattern($1, mailman_cgi_exec_t, mailman_cgi_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_domtrans_cgi'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute mailman in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowd access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_exec'($*)) dnl
+	
+	gen_require(`
+		type mailman_mail_exec_t;
+	')
+
+	libs_search_lib($1)
+	can_exec($1, mailman_mail_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_exec'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send generic signals to mailman cgi.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_signal_cgi',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_signal_cgi'($*)) dnl
+	
+	gen_require(`
+		type mailman_cgi_t;
+	')
+
+	allow $1 mailman_cgi_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_signal_cgi'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Search mailman data directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_search_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_search_data'($*)) dnl
+	
+	gen_require(`
+		type mailman_data_t;
+	')
+
+	files_search_spool($1)
+	allow $1 mailman_data_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_search_data'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read mailman data content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_read_data_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_read_data_files'($*)) dnl
+	
+	gen_require(`
+		type mailman_data_t;
+	')
+
+	files_search_spool($1)
+	list_dirs_pattern($1, mailman_data_t, mailman_data_t)
+	read_files_pattern($1, mailman_data_t, mailman_data_t)
+	read_lnk_files_pattern($1, mailman_data_t, mailman_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_read_data_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	mailman data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_manage_data_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_manage_data_files'($*)) dnl
+	
+	gen_require(`
+		type mailman_data_t;
+	')
+
+	files_search_spool($1)
+	manage_dirs_pattern($1, mailman_data_t, mailman_data_t)
+	manage_files_pattern($1, mailman_data_t, mailman_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_manage_data_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	List mailman data directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_list_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_list_data'($*)) dnl
+	
+	gen_require(`
+		type mailman_data_t;
+	')
+
+	files_search_spool($1)
+	allow $1 mailman_data_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_list_data'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read mailman data symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_read_data_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_read_data_symlinks'($*)) dnl
+	
+	gen_require(`
+		type mailman_data_t;
+	')
+
+	read_lnk_files_pattern($1, mailman_data_t, mailman_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_read_data_symlinks'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read mailman log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_read_log'($*)) dnl
+	
+	gen_require(`
+		type mailman_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, mailman_log_t, mailman_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_read_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Append mailman log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_append_log'($*)) dnl
+	
+	gen_require(`
+		type mailman_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, mailman_log_t, mailman_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_append_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	mailman log content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_manage_log'($*)) dnl
+	
+	gen_require(`
+		type mailman_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, mailman_log_t, mailman_log_t)
+	manage_lnk_files_pattern($1, mailman_log_t, mailman_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_manage_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read mailman archive content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_read_archive',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_read_archive'($*)) dnl
+	
+	gen_require(`
+		type mailman_archive_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 mailman_archive_t:dir list_dir_perms;
+	read_files_pattern($1, mailman_archive_t, mailman_archive_t)
+	read_lnk_files_pattern($1, mailman_archive_t, mailman_archive_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_read_archive'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute mailman_queue in the
+##	mailman_queue domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mailman_domtrans_queue',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mailman_domtrans_queue'($*)) dnl
+	
+	gen_require(`
+		type mailman_queue_exec_t, mailman_queue_t;
+	')
+
+	libs_search_lib($1)
+	domtrans_pattern($1, mailman_queue_exec_t, mailman_queue_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mailman_domtrans_queue'($*)) dnl
+	')
+
+## <summary>Remote login daemon.</summary>
+
+########################################
+## <summary>
+##	Execute rlogind in the rlogin domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rlogin_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rlogin_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rlogind_t, rlogind_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rlogind_exec_t, rlogind_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rlogin_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rlogin user home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rlogin_read_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rlogin_read_home_content'($*)) dnl
+	
+	gen_require(`
+		type rlogind_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	list_dirs_pattern($1, rlogind_home_t, rlogind_home_t)
+	read_files_pattern($1, rlogind_home_t, rlogind_home_t)
+	read_lnk_files_pattern($1, rlogind_home_t, rlogind_home_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rlogin_read_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rlogind home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rlogin_manage_rlogind_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rlogin_manage_rlogind_home_files'($*)) dnl
+	
+	gen_require(`
+		type rlogind_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 rlogind_home_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rlogin_manage_rlogind_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel rlogind home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rlogin_relabel_rlogind_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rlogin_relabel_rlogind_home_files'($*)) dnl
+	
+	gen_require(`
+		type rlogind_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 rlogind_home_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rlogin_relabel_rlogind_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the rlogind home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`rlogin_home_filetrans_logind_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rlogin_home_filetrans_logind_home'($*)) dnl
+	
+	gen_require(`
+		type rlogind_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, rlogind_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rlogin_home_filetrans_logind_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rlogind temporary content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rlogin_manage_rlogind_tmp_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rlogin_manage_rlogind_tmp_content'($*)) dnl
+	
+	gen_require(`
+		type rlogind_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 rlogind_tmp_t:dir manage_dir_perms;
+	allow $1 rlogind_tmp_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rlogin_manage_rlogind_tmp_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel rlogind temporary content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rlogin_relabel_rlogind_tmp_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rlogin_relabel_rlogind_tmp_content'($*)) dnl
+	
+	gen_require(`
+		type rlogind_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 rlogind_tmp_t:dir relabel_dir_perms;
+	allow $1 rlogind_tmp_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rlogin_relabel_rlogind_tmp_content'($*)) dnl
+	')
+
+## <summary>Linux Target Framework Daemon.</summary>
+
+#####################################
+## <summary>
+##	Read and write tgtd semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tgtd_rw_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tgtd_rw_semaphores'($*)) dnl
+	
+	gen_require(`
+		type tgtd_t;
+	')
+
+	allow $1 tgtd_t:sem rw_sem_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tgtd_rw_semaphores'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Create, read, write, and delete
+##	tgtd sempaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tgtd_manage_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tgtd_manage_semaphores'($*)) dnl
+	
+	gen_require(`
+		type tgtd_t;
+	')
+
+	allow $1 tgtd_t:sem create_sem_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tgtd_manage_semaphores'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Connect to tgtd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tgtd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tgtd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type tgtd_t, tgtd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, tgtd_runtime_t, tgtd_runtime_t, tgtd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tgtd_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an tgtd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tgtd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tgtd_admin'($*)) dnl
+	
+	gen_require(`
+		type tgtd_t, tgtd_initrc_exec_t, tgtd_var_lib_t;
+		type tgtd_runtime_t, tgtd_tmp_t, tgtd_tmpfs_t;
+	')
+
+	allow $1 tgtd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, tgtd_t)
+
+	init_startstop_service($1, $2, tgtd_t, tgtd_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, tgtd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, tgtd_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, tgtd_tmp_t)
+
+	fs_search_tmpfs($1)
+	admin_pattern($1, tgtd_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tgtd_admin'($*)) dnl
+	')
+
+## <summary>Common e-mail transfer agent policy.</summary>
+
+########################################
+## <summary>
+##	MTA stub interface.  No access allowed.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_stub',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_stub'($*)) dnl
+	
+	gen_require(`
+		type sendmail_exec_t;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_stub'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template to define a mail domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_base_mail_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_base_mail_template'($*)) dnl
+	
+	gen_require(`
+		attribute user_mail_domain;
+		type sendmail_exec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_mail_t, user_mail_domain;
+	application_domain($1_mail_t, sendmail_exec_t)
+
+	type $1_mail_tmp_t;
+	files_tmp_file($1_mail_tmp_t)
+
+	########################################
+	#
+	# Declarations
+	#
+
+	manage_dirs_pattern($1_mail_t, $1_mail_tmp_t, $1_mail_tmp_t)
+	manage_files_pattern($1_mail_t, $1_mail_tmp_t, $1_mail_tmp_t)
+	files_tmp_filetrans($1_mail_t, $1_mail_tmp_t, { file dir })
+
+	auth_use_nsswitch($1_mail_t)
+
+	optional_policy(`
+		postfix_domtrans_user_mail_handler($1_mail_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_base_mail_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for mta.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_role'($*)) dnl
+	
+	gen_require(`
+		attribute mta_user_agent;
+		attribute_role user_mail_roles;
+		type user_mail_t, sendmail_exec_t, mail_home_t;
+		type user_mail_tmp_t, mail_home_rw_t;
+	')
+
+	roleattribute $1 user_mail_roles;
+
+	# this is something i need to fix
+	# i dont know if and why it is needed
+	# will role attribute work?
+	role $1 types mta_user_agent;
+
+	domtrans_pattern($2, sendmail_exec_t, user_mail_t)
+	allow $2 sendmail_exec_t:lnk_file read_lnk_file_perms;
+
+	allow $2 { user_mail_t mta_user_agent }:process { ptrace signal_perms };
+	ps_process_pattern($2, { user_mail_t mta_user_agent })
+
+	allow $2 mail_home_t:file { manage_file_perms relabel_file_perms };
+	userdom_user_home_dir_filetrans($2, mail_home_t, file, ".esmtp_queue")
+	userdom_user_home_dir_filetrans($2, mail_home_t, file, ".forward")
+	userdom_user_home_dir_filetrans($2, mail_home_t, file, ".mailrc")
+	userdom_user_home_dir_filetrans($2, mail_home_t, file, "dead.letter")
+
+	allow $2 mail_home_rw_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 mail_home_rw_t:file { manage_file_perms relabel_file_perms };
+	allow $2 mail_home_rw_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	userdom_user_home_dir_filetrans($2, mail_home_rw_t, dir, "Maildir")
+	userdom_user_home_dir_filetrans($2, mail_home_rw_t, dir, ".maildir")
+
+	allow $2 user_mail_tmp_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 user_mail_tmp_t:file { manage_file_perms relabel_file_perms };
+
+	optional_policy(`
+		exim_run($2, $1)
+	')
+
+	optional_policy(`
+		mailman_run($2, $1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified domain usable for a mail server.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a mail server domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_mailserver',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_mailserver'($*)) dnl
+	
+	gen_require(`
+		attribute mailserver_domain;
+	')
+
+	init_daemon_domain($1, $2)
+	typeattribute $1 mailserver_domain;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_mailserver'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type a MTA executable file.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a mail client.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_agent_executable',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_agent_executable'($*)) dnl
+	
+	gen_require(`
+		attribute mta_exec_type;
+	')
+
+	typeattribute $1 mta_exec_type;
+
+	application_executable_file($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_agent_executable'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read mta mail home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_read_mail_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_read_mail_home_files'($*)) dnl
+	
+	gen_require(`
+		type mail_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 mail_home_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_read_mail_home_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	mta mail home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_manage_mail_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_manage_mail_home_files'($*)) dnl
+	
+	gen_require(`
+		type mail_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 mail_home_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_manage_mail_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	directories with the generic mail
+##	home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_home_filetrans_mail_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_home_filetrans_mail_home'($*)) dnl
+	
+	gen_require(`
+		type mail_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, mail_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_home_filetrans_mail_home'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	mta mail home rw content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_manage_mail_home_rw_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_manage_mail_home_rw_content'($*)) dnl
+	
+	gen_require(`
+		type mail_home_rw_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	manage_dirs_pattern($1, mail_home_rw_t, mail_home_rw_t)
+	manage_files_pattern($1, mail_home_rw_t, mail_home_rw_t)
+	manage_lnk_files_pattern($1, mail_home_rw_t, mail_home_rw_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_manage_mail_home_rw_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	directories with the generic mail
+##	home rw type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_home_filetrans_mail_home_rw',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_home_filetrans_mail_home_rw'($*)) dnl
+	
+	gen_require(`
+		type mail_home_rw_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, mail_home_rw_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_home_filetrans_mail_home_rw'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type by a system MTA.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a mail client.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_system_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_system_content'($*)) dnl
+	
+	gen_require(`
+		attribute mailcontent_type;
+	')
+
+	typeattribute $1 mailcontent_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_system_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Modified mailserver interface for
+##	sendmail daemon use.
+## </summary>
+## <desc>
+##	<p>
+##	A modified MTA mail server interface for
+##	the sendmail program.  It's design does
+##	not fit well with policy, and using the
+##	regular interface causes a type_transition
+##	conflict if direct running of init scripts
+##	is enabled.
+##	</p>
+##	<p>
+##	This interface should most likely only be used
+##	by the sendmail policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	The type to be used for the mail server.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_sendmail_mailserver',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_sendmail_mailserver'($*)) dnl
+	
+	gen_require(`
+		attribute mailserver_domain;
+		type sendmail_exec_t;
+	')
+
+	init_system_domain($1, sendmail_exec_t)
+
+	typeattribute $1 mailserver_domain;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_sendmail_mailserver'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit FDs from mailserver_domain domains
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type for a list server or delivery agent that inherits fds
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_use_mailserver_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_use_mailserver_fds'($*)) dnl
+	
+	gen_require(`
+		attribute mailserver_domain;
+	')
+
+	allow $1 mailserver_domain:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_use_mailserver_fds'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Make a type a mailserver type used
+##	for sending mail.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Mail server domain type used for sending mail.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_mailserver_sender',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_mailserver_sender'($*)) dnl
+	
+	gen_require(`
+		attribute mailserver_sender;
+	')
+
+	typeattribute $1 mailserver_sender;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_mailserver_sender'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Make a type a mailserver type used
+##	for delivering mail to local users.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Mail server domain type used for delivering mail.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_mailserver_delivery',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_mailserver_delivery'($*)) dnl
+	
+	gen_require(`
+		attribute mailserver_delivery;
+	')
+
+	typeattribute $1 mailserver_delivery;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_mailserver_delivery'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Make a type a mailserver type used
+##	for sending mail on behalf of local
+##	users to the local mail spool.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Mail server domain type used for sending local mail.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_mailserver_user_agent',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_mailserver_user_agent'($*)) dnl
+	
+	gen_require(`
+		attribute mta_user_agent;
+	')
+
+	typeattribute $1 mta_user_agent;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_mailserver_user_agent'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send mail from the system.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_send_mail',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_send_mail'($*)) dnl
+	
+	gen_require(`
+		type system_mail_t;
+		attribute mta_exec_type;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mta_exec_type, system_mail_t)
+
+	allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
+
+	ifdef(`distro_gentoo',`
+		gen_require(`
+			attribute mta_user_agent;
+		')
+
+		dontaudit mta_user_agent $1:fd use;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_send_mail'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute send mail in a specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute send mail in a specified domain.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="source_domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	Domain to transition to.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_sendmail_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_sendmail_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sendmail_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domain_auto_transition_pattern($1, sendmail_exec_t, $2)
+
+	allow $1 sendmail_exec_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_sendmail_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send signals to system mail.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`mta_signal_system_mail',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_signal_system_mail'($*)) dnl
+	
+	gen_require(`
+		type system_mail_t;
+	')
+
+	allow $1 system_mail_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_signal_system_mail'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to system mail.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_kill_system_mail',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_kill_system_mail'($*)) dnl
+	
+	gen_require(`
+		type system_mail_t;
+	')
+
+	allow $1 system_mail_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_kill_system_mail'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute sendmail in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_sendmail_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_sendmail_exec'($*)) dnl
+	
+	gen_require(`
+		type sendmail_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, sendmail_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_sendmail_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make sendmail usable as an entry
+##      point for the domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to be entered.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_sendmail_entry_point',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_sendmail_entry_point'($*)) dnl
+	
+	gen_require(`
+		type sendmail_exec_t;
+	')
+
+	domain_entry_file($1, sendmail_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_sendmail_entry_point'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read mail server configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mta_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_read_config'($*)) dnl
+	
+	gen_require(`
+		type etc_mail_t;
+	')
+
+	files_search_etc($1)
+	allow $1 etc_mail_t:dir list_dir_perms;
+	allow $1 etc_mail_t:file read_file_perms;
+	allow $1 etc_mail_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write mail server configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mta_write_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_write_config'($*)) dnl
+	
+	gen_require(`
+		type etc_mail_t;
+	')
+
+	files_search_etc($1)
+	write_files_pattern($1, etc_mail_t, etc_mail_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_write_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read mail address alias files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_read_aliases',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_read_aliases'($*)) dnl
+	
+	gen_require(`
+		type etc_aliases_t;
+	')
+
+	files_search_etc($1)
+	allow $1 etc_aliases_t:file read_file_perms;
+
+	ifdef(`distro_gentoo',`
+		gen_require(`
+			type etc_mail_t;
+		')
+
+		search_dirs_pattern($1, etc_mail_t, etc_aliases_t)
+		read_files_pattern($1, etc_mail_t, etc_aliases_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_read_aliases'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read mail address alias files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_map_aliases',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_map_aliases'($*)) dnl
+	
+	gen_require(`
+		type etc_aliases_t;
+	')
+
+	allow $1 etc_aliases_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_map_aliases'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mail address alias content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_manage_aliases',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_manage_aliases'($*)) dnl
+	
+	gen_require(`
+		type etc_aliases_t;
+	')
+
+	files_search_etc($1)
+	manage_files_pattern($1, etc_aliases_t, etc_aliases_t)
+	manage_lnk_files_pattern($1, etc_aliases_t, etc_aliases_t)
+	
+	ifdef(`distro_gentoo',`
+		gen_require(`
+			type etc_mail_t;
+		')
+
+		search_dirs_pattern($1, etc_mail_t, etc_aliases_t)
+		manage_files_pattern($1, etc_mail_t, etc_aliases_t)
+		manage_lnk_files_pattern($1, etc_mail_t, etc_aliases_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_manage_aliases'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified object in generic
+##	etc directories with the mail address
+##	alias type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_etc_filetrans_aliases',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_etc_filetrans_aliases'($*)) dnl
+	
+	gen_require(`
+		type etc_aliases_t;
+	')
+
+	files_etc_filetrans($1, etc_aliases_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_etc_filetrans_aliases'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in specified
+##	directories with a type transition to
+##	the mail address alias type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	Directory to transition on.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_spec_filetrans_aliases',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_spec_filetrans_aliases'($*)) dnl
+	
+	gen_require(`
+		type etc_aliases_t;
+	')
+
+	filetrans_pattern($1, $2, etc_aliases_t, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_spec_filetrans_aliases'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write mail alias files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mta_rw_aliases',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_rw_aliases'($*)) dnl
+	
+	gen_require(`
+		type etc_aliases_t;
+	')
+
+	files_search_etc($1)
+	allow $1 etc_aliases_t:file rw_file_perms;
+
+	ifdef(`distro_gentoo',`
+		gen_require(`
+			type etc_mail_t;
+		')
+
+		search_dirs_pattern($1, etc_mail_t, etc_aliases_t)
+		rw_files_pattern($1, etc_mail_t, etc_aliases_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_rw_aliases'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attempts to read
+##	and write TCP sockets of mail
+##	delivery domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_dontaudit_rw_delivery_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_dontaudit_rw_delivery_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute mailserver_delivery;
+	')
+
+	dontaudit $1 mailserver_delivery:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_dontaudit_rw_delivery_tcp_sockets'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attempts to read
+##	mail spool symlinks.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_dontaudit_read_spool_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_dontaudit_read_spool_symlinks'($*)) dnl
+	
+	gen_require(`
+		type mail_spool_t;
+	')
+
+	dontaudit $1 mail_spool_t:lnk_file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_dontaudit_read_spool_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of mail spool content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_getattr_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_getattr_spool'($*)) dnl
+	
+	gen_require(`
+		type mail_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 mail_spool_t:dir list_dir_perms;
+	getattr_files_pattern($1, mail_spool_t, mail_spool_t)
+	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_getattr_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get
+##	attributes of mail spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_dontaudit_getattr_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_dontaudit_getattr_spool_files'($*)) dnl
+	
+	gen_require(`
+		type mail_spool_t;
+	')
+
+	files_dontaudit_search_spool($1)
+	dontaudit $1 mail_spool_t:dir search_dir_perms;
+	dontaudit $1 mail_spool_t:lnk_file read_lnk_file_perms;
+	dontaudit $1 mail_spool_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_dontaudit_getattr_spool_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create specified objects in the
+##	mail spool directory with a
+##	private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_spool_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_spool_filetrans'($*)) dnl
+	
+	gen_require(`
+		type mail_spool_t;
+	')
+
+	files_search_spool($1)
+	filetrans_pattern($1, mail_spool_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_spool_filetrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Read mail spool files.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`mta_read_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_read_spool_files'($*)) dnl
+	
+	gen_require(`
+		type mail_spool_t;
+	')
+
+	files_search_spool($1)
+	read_files_pattern($1, mail_spool_t, mail_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_read_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write mail spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_rw_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_rw_spool'($*)) dnl
+	
+	gen_require(`
+		type mail_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 mail_spool_t:dir list_dir_perms;
+	allow $1 mail_spool_t:file rw_file_perms;
+	allow $1 mail_spool_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_rw_spool'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, and write mail spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_append_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_append_spool'($*)) dnl
+	
+	gen_require(`
+		type mail_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 mail_spool_t:dir list_dir_perms;
+	manage_files_pattern($1, mail_spool_t, mail_spool_t)
+	allow $1 mail_spool_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_append_spool'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Delete mail spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_delete_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_delete_spool'($*)) dnl
+	
+	gen_require(`
+		type mail_spool_t;
+	')
+
+	files_search_spool($1)
+	delete_files_pattern($1, mail_spool_t, mail_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_delete_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mail spool content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_manage_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_manage_spool'($*)) dnl
+	
+	gen_require(`
+		type mail_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_dirs_pattern($1, mail_spool_t, mail_spool_t)
+	manage_files_pattern($1, mail_spool_t, mail_spool_t)
+	manage_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_manage_spool'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create specified objects in the
+##	mail queue spool directory with a
+##	private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_queue_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_queue_filetrans'($*)) dnl
+	
+	gen_require(`
+		type mqueue_spool_t;
+	')
+
+	files_search_spool($1)
+	filetrans_pattern($1, mqueue_spool_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_queue_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search mail queue directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_search_queue',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_search_queue'($*)) dnl
+	
+	gen_require(`
+		type mqueue_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 mqueue_spool_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_search_queue'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	List mail queue directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_list_queue',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_list_queue'($*)) dnl
+	
+	gen_require(`
+		type mqueue_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 mqueue_spool_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_list_queue'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read mail queue files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_read_queue',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_read_queue'($*)) dnl
+	
+	gen_require(`
+		type mqueue_spool_t;
+	')
+
+	files_search_spool($1)
+	read_files_pattern($1, mqueue_spool_t, mqueue_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_read_queue'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attempts to read and
+##	write mail queue content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_dontaudit_rw_queue',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_dontaudit_rw_queue'($*)) dnl
+	
+	gen_require(`
+		type mqueue_spool_t;
+	')
+
+	dontaudit $1 mqueue_spool_t:dir search_dir_perms;
+	dontaudit $1 mqueue_spool_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_dontaudit_rw_queue'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mail queue content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_manage_queue',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_manage_queue'($*)) dnl
+	
+	gen_require(`
+		type mqueue_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_dirs_pattern($1, mqueue_spool_t, mqueue_spool_t)
+	manage_files_pattern($1, mqueue_spool_t, mqueue_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_manage_queue'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read sendmail binary.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_read_sendmail_bin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_read_sendmail_bin'($*)) dnl
+	
+	gen_require(`
+		type sendmail_exec_t;
+	')
+
+	allow $1 sendmail_exec_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_read_sendmail_bin'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write unix domain stream
+##	sockets of all base mail domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mta_rw_user_mail_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mta_rw_user_mail_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute user_mail_domain;
+	')
+
+	allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mta_rw_user_mail_stream_sockets'($*)) dnl
+	')
+
+## <summary>Ricci cluster management agent.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run ricci.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`ricci_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ricci_t, ricci_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ricci_exec_t, ricci_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run ricci modcluster.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`ricci_domtrans_modcluster',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_domtrans_modcluster'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_t, ricci_modcluster_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ricci_modcluster_exec_t, ricci_modcluster_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_domtrans_modcluster'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use
+##	ricci modcluster file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`ricci_dontaudit_use_modcluster_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_dontaudit_use_modcluster_fds'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_t;
+	')
+
+	dontaudit $1 ricci_modcluster_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_dontaudit_use_modcluster_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read write
+##	ricci modcluster unamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`ricci_dontaudit_rw_modcluster_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_dontaudit_rw_modcluster_pipes'($*)) dnl
+	
+	gen_require(`
+		type ricci_modcluster_t;
+	')
+
+	dontaudit $1 ricci_modcluster_t:fifo_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_dontaudit_rw_modcluster_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to ricci_modclusterd with
+##	a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ricci_stream_connect_modclusterd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_stream_connect_modclusterd'($*)) dnl
+	
+	gen_require(`
+		type ricci_modclusterd_t, ricci_modcluster_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, ricci_modcluster_runtime_t, ricci_modcluster_runtime_t, ricci_modclusterd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_stream_connect_modclusterd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run ricci modlog.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ricci_domtrans_modlog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_domtrans_modlog'($*)) dnl
+	
+	gen_require(`
+		type ricci_modlog_t, ricci_modlog_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ricci_modlog_exec_t, ricci_modlog_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_domtrans_modlog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run ricci modrpm.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ricci_domtrans_modrpm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_domtrans_modrpm'($*)) dnl
+	
+	gen_require(`
+		type ricci_modrpm_t, ricci_modrpm_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ricci_modrpm_exec_t, ricci_modrpm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_domtrans_modrpm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run ricci modservice.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ricci_domtrans_modservice',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_domtrans_modservice'($*)) dnl
+	
+	gen_require(`
+		type ricci_modservice_t, ricci_modservice_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ricci_modservice_exec_t, ricci_modservice_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_domtrans_modservice'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run ricci modstorage.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ricci_domtrans_modstorage',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_domtrans_modstorage'($*)) dnl
+	
+	gen_require(`
+		type ricci_modstorage_t, ricci_modstorage_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ricci_modstorage_exec_t, ricci_modstorage_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_domtrans_modstorage'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ricci environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ricci_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ricci_admin'($*)) dnl
+	
+	gen_require(`
+		type ricci_t, ricci_initrc_exec_t, ricci_tmp_t;
+		type ricci_var_lib_t, ricci_var_log_t, ricci_runtime_t;
+	')
+
+	allow $1 ricci_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ricci_t)
+
+	init_startstop_service($1, $2, ricci_t, ricci_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, ricci_tmp_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, ricci_var_lib_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, ricci_var_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, ricci_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ricci_admin'($*)) dnl
+	')
+
+## <summary>GNUstep distributed object mapper.</summary>
+
+########################################
+## <summary>
+##	Read gdomap configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gdomap_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gdomap_read_config'($*)) dnl
+	
+	gen_require(`
+		type gdomap_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 gdomap_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gdomap_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an gdomap environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`gdomap_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gdomap_admin'($*)) dnl
+	
+	gen_require(`
+		type gdomap_t, gdomap_conf_t, gdomap_initrc_exec_t;
+		type gdomap_runtime_t;
+	')
+
+	allow $1 gdomap_t:process { ptrace signal_perms };
+	ps_process_pattern($1, gdomap_t)
+
+	init_startstop_service($1, $2, gdomap_t, gdomap_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, gdomap_conf_t)
+
+	files_search_pids($1)
+	admin_pattern($1, gdomap_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gdomap_admin'($*)) dnl
+	')
+
+## <summary>Resource Group Manager.</summary>
+
+#######################################
+## <summary>
+##	Execute a domain transition to run rgmanager.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`rgmanager_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rgmanager_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rgmanager_t, rgmanager_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rgmanager_exec_t, rgmanager_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rgmanager_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to rgmanager with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rgmanager_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rgmanager_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type rgmanager_t, rgmanager_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, rgmanager_runtime_t, rgmanager_runtime_t, rgmanager_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rgmanager_stream_connect'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Create, read, write, and delete
+##	rgmanager tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rgmanager_manage_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rgmanager_manage_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type rgmanager_tmp_t;
+	')
+
+	files_search_tmp($1)
+	manage_files_pattern($1, rgmanager_tmp_t, rgmanager_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rgmanager_manage_tmp_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Create, read, write, and delete
+##	rgmanager tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rgmanager_manage_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rgmanager_manage_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type rgmanager_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rgmanager_manage_tmpfs_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	All of the rules required to
+##	administrate an rgmanager environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rgmanager_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rgmanager_admin'($*)) dnl
+	
+	gen_require(`
+		type rgmanager_t, rgmanager_initrc_exec_t, rgmanager_tmp_t;
+		type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_runtime_t;
+	')
+
+	allow $1 rgmanager_t:process { ptrace signal_perms };
+	ps_process_pattern($1, rgmanager_t)
+
+	init_startstop_service($1, $2, rgmanager_t, rgmanager_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, rgmanager_tmp_t)
+
+	admin_pattern($1, rgmanager_tmpfs_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, rgmanager_var_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, rgmanager_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rgmanager_admin'($*)) dnl
+	')
+
+## <summary>Remote Procedure Call Daemon.</summary>
+
+########################################
+## <summary>
+##	RPC stub interface.  No access allowed.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_stub',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_stub'($*)) dnl
+	
+	gen_require(`
+		type exports_t;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_stub'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template to define a rpc domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute rpc_domain;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_t, rpc_domain;
+	type $1_exec_t;
+	init_daemon_domain($1_t, $1_exec_t)
+
+	domain_use_interactive_fds($1_t)
+
+	########################################
+	#
+	# Policy
+	#
+
+	auth_use_nsswitch($1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get
+##	attributes of export files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_dontaudit_getattr_exports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_dontaudit_getattr_exports'($*)) dnl
+	
+	gen_require(`
+		type exports_t;
+	')
+
+	dontaudit $1 exports_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_dontaudit_getattr_exports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read export files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_read_exports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_read_exports'($*)) dnl
+	
+	gen_require(`
+		type exports_t;
+	')
+
+	allow $1 exports_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_read_exports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write export files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_write_exports',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_write_exports'($*)) dnl
+	
+	gen_require(`
+		type exports_t;
+	')
+
+	allow $1 exports_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_write_exports'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute nfsd in the nfsd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_domtrans_nfsd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_domtrans_nfsd'($*)) dnl
+	
+	gen_require(`
+		type nfsd_t, nfsd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, nfsd_exec_t, nfsd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_domtrans_nfsd'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute nfsd init scripts in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_initrc_domtrans_nfsd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_initrc_domtrans_nfsd'($*)) dnl
+	
+	gen_require(`
+		type nfsd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, nfsd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_initrc_domtrans_nfsd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute rpcd in the rpcd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_domtrans_rpcd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_domtrans_rpcd'($*)) dnl
+	
+	gen_require(`
+		type rpcd_t, rpcd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rpcd_exec_t, rpcd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_domtrans_rpcd'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute rpcd init scripts in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_initrc_domtrans_rpcd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_initrc_domtrans_rpcd'($*)) dnl
+	
+	gen_require(`
+		type rpcd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, rpcd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_initrc_domtrans_rpcd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read nfs exported content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rpc_read_nfs_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_read_nfs_content'($*)) dnl
+	
+	gen_require(`
+		type nfsd_ro_t, nfsd_rw_t;
+	')
+
+	allow $1 { nfsd_ro_t nfsd_rw_t }:dir list_dir_perms;
+	allow $1 { nfsd_ro_t nfsd_rw_t }:file read_file_perms;
+	allow $1 { nfsd_ro_t nfsd_rw_t }:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_read_nfs_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	nfs exported read write content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rpc_manage_nfs_rw_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_manage_nfs_rw_content'($*)) dnl
+	
+	gen_require(`
+		type nfsd_rw_t;
+	')
+
+	manage_dirs_pattern($1, nfsd_rw_t, nfsd_rw_t)
+	manage_files_pattern($1, nfsd_rw_t, nfsd_rw_t)
+	manage_lnk_files_pattern($1, nfsd_rw_t, nfsd_rw_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_manage_nfs_rw_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	nfs exported read only content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rpc_manage_nfs_ro_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_manage_nfs_ro_content'($*)) dnl
+	
+	gen_require(`
+		type nfsd_ro_t;
+	')
+
+	manage_dirs_pattern($1, nfsd_ro_t, nfsd_ro_t)
+	manage_files_pattern($1, nfsd_ro_t, nfsd_ro_t)
+	manage_lnk_files_pattern($1, nfsd_ro_t, nfsd_ro_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_manage_nfs_ro_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to nfsd tcp sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_tcp_rw_nfs_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_tcp_rw_nfs_sockets'($*)) dnl
+	
+	gen_require(`
+		type nfsd_t;
+	')
+
+	allow $1 nfsd_t:tcp_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_tcp_rw_nfs_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to nfsd udp sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_udp_rw_nfs_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_udp_rw_nfs_sockets'($*)) dnl
+	
+	gen_require(`
+		type nfsd_t;
+	')
+
+	allow $1 nfsd_t:udp_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_udp_rw_nfs_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search nfs lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_search_nfs_state_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_search_nfs_state_data'($*)) dnl
+	
+	gen_require(`
+		type var_lib_nfs_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 var_lib_nfs_t:dir search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_search_nfs_state_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read nfs lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_read_nfs_state_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_read_nfs_state_data'($*)) dnl
+	
+	gen_require(`
+		type var_lib_nfs_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_read_nfs_state_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	nfs lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rpc_manage_nfs_state_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_manage_nfs_state_data'($*)) dnl
+	
+	gen_require(`
+		type var_lib_nfs_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
+
+	ifdef(`distro_gentoo',`
+		rw_dirs_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_manage_nfs_state_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rpc environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rpc_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rpc_admin'($*)) dnl
+	
+	gen_require(`
+		attribute rpc_domain;
+		type nfsd_initrc_exec_t, rpcd_initrc_exec_t, exports_t;
+		type var_lib_nfs_t, rpcd_runtime_t, gssd_tmp_t;
+		type nfsd_ro_t, nfsd_rw_t, gssd_keytab_t;
+		type nfsd_t, rpcd_t;
+	')
+
+	allow $1 rpc_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, rpc_domain)
+
+	init_startstop_service($1, $2, nfsd_t, nfsd_initrc_exec_t)
+	init_startstop_service($1, $2, rpcd_t, rpcd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { gssd_keytab_t exports_t })
+
+	files_list_var_lib($1)
+	admin_pattern($1, var_lib_nfs_t)
+
+	files_list_pids($1)
+	admin_pattern($1, rpcd_runtime_t)
+
+	files_list_all($1)
+	admin_pattern($1, { nfsd_ro_t nfsd_rw_t })
+
+	files_list_tmp($1)
+	admin_pattern($1, gssd_tmp_t)
+
+	fs_search_nfsd_fs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rpc_admin'($*)) dnl
+	')
+
+## <summary>Linux infared remote control daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run lircd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`lircd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lircd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type lircd_t, lircd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domain_auto_transition_pattern($1, lircd_exec_t, lircd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lircd_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Connect to lircd over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lircd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lircd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type lircd_runtime_t, lircd_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, lircd_runtime_t, lircd_runtime_t, lircd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lircd_stream_connect'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read lircd etc files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`lircd_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lircd_read_config'($*)) dnl
+	
+	gen_require(`
+		type lircd_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, lircd_etc_t, lircd_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lircd_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate a lircd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lircd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lircd_admin'($*)) dnl
+	
+	gen_require(`
+		type lircd_t, lircd_runtime_t;
+		type lircd_initrc_exec_t, lircd_etc_t;
+	')
+
+	allow $1 lircd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, lircd_t)
+
+	init_startstop_service($1, $2, lircd_t, lircd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, lircd_etc_t)
+
+	files_search_pids($1)
+	admin_pattern($1, lircd_runtime_t)
+	dev_list_all_dev_nodes($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lircd_admin'($*)) dnl
+	')
+
+## <summary>Kana-kanji conversion server.</summary>
+
+########################################
+## <summary>
+##	Connect to Canna using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`canna_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `canna_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type canna_t, canna_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, canna_runtime_t, canna_runtime_t, canna_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `canna_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an canna environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`canna_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `canna_admin'($*)) dnl
+	
+	gen_require(`
+		type canna_t, canna_log_t, canna_var_lib_t;
+		type canna_runtime_t, canna_initrc_exec_t;
+	')
+
+	allow $1 canna_t:process { ptrace signal_perms };
+	ps_process_pattern($1, canna_t)
+
+	init_startstop_service($1, $2, canna_t, canna_initrc_exec_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, canna_log_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, canna_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, canna_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `canna_admin'($*)) dnl
+	')
+
+## <summary>Munin network-wide load graphing.</summary>
+
+#######################################
+## <summary>
+##	The template to define a munin plugin domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`munin_plugin_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `munin_plugin_template'($*)) dnl
+	
+	gen_require(`
+		attribute munin_plugin_domain, munin_plugin_tmp_content;
+		type munin_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_munin_plugin_t, munin_plugin_domain;
+	type $1_munin_plugin_exec_t;
+	application_domain($1_munin_plugin_t, $1_munin_plugin_exec_t)
+	role system_r types $1_munin_plugin_t;
+
+	type $1_munin_plugin_tmp_t, munin_plugin_tmp_content;
+	files_tmp_file($1_munin_plugin_tmp_t)
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern(munin_t, $1_munin_plugin_exec_t, $1_munin_plugin_t)
+
+	manage_files_pattern($1_munin_plugin_t, $1_munin_plugin_tmp_t, $1_munin_plugin_tmp_t)
+	manage_dirs_pattern($1_munin_plugin_t, $1_munin_plugin_tmp_t, $1_munin_plugin_tmp_t)
+	files_tmp_filetrans($1_munin_plugin_t, $1_munin_plugin_tmp_t, { dir file })
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `munin_plugin_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to munin over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`munin_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `munin_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type munin_runtime_t, munin_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, munin_runtime_t, munin_runtime_t, munin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `munin_stream_connect'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read munin configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`munin_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `munin_read_config'($*)) dnl
+	
+	gen_require(`
+		type munin_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 munin_etc_t:dir list_dir_perms;
+	allow $1 munin_etc_t:file read_file_perms;
+	allow $1 munin_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `munin_read_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Append munin log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`munin_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `munin_append_log'($*)) dnl
+	
+	gen_require(`
+		type munin_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 munin_log_t:dir list_dir_perms;
+	append_files_pattern($1, munin_log_t, munin_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `munin_append_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Search munin library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`munin_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `munin_search_lib'($*)) dnl
+	
+	gen_require(`
+		type munin_var_lib_t;
+	')
+
+	allow $1 munin_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `munin_search_lib'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attempts to search
+##	munin library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`munin_dontaudit_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `munin_dontaudit_search_lib'($*)) dnl
+	
+	gen_require(`
+		type munin_var_lib_t;
+	')
+
+	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `munin_dontaudit_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an munin environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`munin_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `munin_admin'($*)) dnl
+	
+	gen_require(`
+		attribute munin_plugin_domain, munin_plugin_tmp_content;
+		type munin_t, munin_etc_t, munin_tmp_t;
+		type munin_log_t, munin_var_lib_t, munin_runtime_t;
+		type httpd_munin_content_t, munin_plugin_state_t, munin_initrc_exec_t;
+	')
+
+	allow $1 { munin_plugin_domain munin_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { munin_plugin_domain munin_t })
+
+	init_startstop_service($1, $2, munin_t, munin_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, { munin_tmp_t munin_plugin_tmp_content })
+
+	logging_list_logs($1)
+	admin_pattern($1, munin_log_t)
+
+	files_list_etc($1)
+	admin_pattern($1, munin_etc_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, { munin_var_lib_t munin_plugin_state_t })
+
+	files_list_pids($1)
+	admin_pattern($1, munin_runtime_t)
+
+	admin_pattern($1, httpd_munin_content_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `munin_admin'($*)) dnl
+	')
+
+## <summary>Software watchdog.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an watchdog environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`watchdog_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `watchdog_admin'($*)) dnl
+	
+	gen_require(`
+		type watchdog_t, watchdog_initrc_exec_t, watchdog_log_t;
+		type watchdog_runtime_t;
+	')
+
+	allow $1 watchdog_t:process { ptrace signal_perms };
+	ps_process_pattern($1, watchdog_t)
+
+	init_startstop_service($1, $2, watchdog_t, watchdog_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, watchdog_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, watchdog_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `watchdog_admin'($*)) dnl
+	')
+
+## <summary> Red Hat Graphical Boot.</summary>
+
+########################################
+## <summary>
+##	RHGB stub interface.  No access allowed.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	N/A
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_stub',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_stub'($*)) dnl
+	
+	gen_require(`
+		type rhgb_t;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_stub'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use rhgb file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_use_fds'($*)) dnl
+	
+	gen_require(`
+		type rhgb_t;
+	')
+
+	allow $1 rhgb_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the process group of rhgb.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_getpgid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_getpgid'($*)) dnl
+	
+	gen_require(`
+		type rhgb_t;
+	')
+
+	allow $1 rhgb_t:process getpgid;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_getpgid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to rhgb.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_signal'($*)) dnl
+	
+	gen_require(`
+		type rhgb_t;
+	')
+
+	allow $1 rhgb_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write inherited rhgb unix
+##	domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type rhgb_t;
+	')
+
+	allow $1 rhgb_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	rhgb unix domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_dontaudit_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_dontaudit_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type rhgb_t;
+	')
+
+	dontaudit $1 rhgb_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_dontaudit_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connected to rhgb with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type rhgb_t, rhgb_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	stream_connect_pattern($1, rhgb_tmpfs_t, rhgb_tmpfs_t, rhgb_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to rhgb shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type rhgb_t;
+	')
+
+	allow $1 rhgb_t:shm rw_shm_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_rw_shm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write rhgb pty devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_use_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_use_ptys'($*)) dnl
+	
+	gen_require(`
+		type rhgb_devpts_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 rhgb_devpts_t:chr_file rw_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_use_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write rhgb pty devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_dontaudit_use_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_dontaudit_use_ptys'($*)) dnl
+	
+	gen_require(`
+		type rhgb_devpts_t;
+	')
+
+	dontaudit $1 rhgb_devpts_t:chr_file rw_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_dontaudit_use_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to rhgb tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhgb_rw_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhgb_rw_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type rhgb_tmpfs_t;
+	')
+
+
+	fs_search_tmpfs($1)
+	allow $1 rhgb_tmpfs_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhgb_rw_tmpfs_files'($*)) dnl
+	')
+
+## <summary>Bugtracker.</summary>
+
+########################################
+## <summary>
+##	Search bugzilla directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bugzilla_search_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bugzilla_search_content'($*)) dnl
+	
+	gen_require(`
+		type httpd_bugzilla_content_t;
+	')
+
+	allow $1 httpd_bugzilla_content_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bugzilla_search_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write bugzilla script unix domain
+##	stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`bugzilla_dontaudit_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bugzilla_dontaudit_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type httpd_bugzilla_script_t;
+	')
+
+	dontaudit $1 httpd_bugzilla_script_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bugzilla_dontaudit_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an bugzilla environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bugzilla_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bugzilla_admin'($*)) dnl
+	
+	gen_require(`
+		type httpd_bugzilla_script_t, httpd_bugzilla_content_t, httpd_bugzilla_ra_content_t;
+		type httpd_bugzilla_rw_content_t, httpd_bugzilla_script_exec_t;
+		type httpd_bugzilla_htaccess_t;
+	')
+
+	allow $1 httpd_bugzilla_script_t:process { ptrace signal_perms };
+	ps_process_pattern($1, httpd_bugzilla_script_t)
+
+	files_search_usr($1)
+	admin_pattern($1, httpd_bugzilla_script_exec_t)
+	admin_pattern($1, httpd_bugzilla_script_t)
+	admin_pattern($1, httpd_bugzilla_content_t)
+	admin_pattern($1, httpd_bugzilla_htaccess_t)
+	admin_pattern($1, httpd_bugzilla_ra_content_t)
+
+	files_search_tmp($1)
+	files_search_var_lib($1)
+	admin_pattern($1, httpd_bugzilla_rw_content_t)
+
+	apache_list_sys_content($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bugzilla_admin'($*)) dnl
+	')
+
+## <summary>Squid caching http proxy server.</summary>
+
+########################################
+## <summary>
+##	Execute squid in the squid domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`squid_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_domtrans'($*)) dnl
+	
+	gen_require(`
+		type squid_t, squid_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, squid_exec_t, squid_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute squid in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`squid_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_exec'($*)) dnl
+	
+	gen_require(`
+		type squid_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, squid_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to squid.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`squid_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_signal'($*)) dnl
+	
+	gen_require(`
+		type squid_t;
+	')
+
+	allow $1 squid_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write squid unix
+##	domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`squid_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type squid_t;
+	')
+
+	allow $1 squid_t:unix_stream_socket { getattr read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search
+##	squid cache directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`squid_dontaudit_search_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_dontaudit_search_cache'($*)) dnl
+	
+	gen_require(`
+		type squid_cache_t;
+	')
+
+	dontaudit $1 squid_cache_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_dontaudit_search_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read squid configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`squid_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_read_config'($*)) dnl
+	
+	gen_require(`
+		type squid_conf_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, squid_conf_t, squid_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read squid log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`squid_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_read_log'($*)) dnl
+	
+	gen_require(`
+		type squid_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, squid_log_t, squid_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append squid log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`squid_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_append_log'($*)) dnl
+	
+	gen_require(`
+		type squid_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, squid_log_t, squid_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	squid log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`squid_manage_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_manage_logs'($*)) dnl
+	
+	gen_require(`
+		type squid_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, squid_log_t, squid_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_manage_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit statting tmpfs files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not be audited
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`squid_dontaudit_read_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_dontaudit_read_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type squid_tmpfs_t;
+	')
+
+	dontaudit $1 squid_tmpfs_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_dontaudit_read_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an squid environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`squid_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `squid_admin'($*)) dnl
+	
+	gen_require(`
+		type squid_t, squid_cache_t, squid_conf_t;
+		type squid_log_t, squid_runtime_t, squid_tmpfs_t;
+		type squid_initrc_exec_t, squid_tmp_t;
+	')
+
+	allow $1 squid_t:process { ptrace signal_perms };
+	ps_process_pattern($1, squid_t)
+
+	init_startstop_service($1, $2, squid_t, squid_initrc_exec_t)
+
+	files_list_var($1)
+	admin_pattern($1, squid_cache_t)
+
+	files_list_etc($1)
+	admin_pattern($1, squid_conf_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, squid_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, squid_runtime_t)
+
+	fs_list_tmpfs($1)
+	admin_pattern($1, squid_tmpfs_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, squid_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `squid_admin'($*)) dnl
+	')
+
+## <summary>Document database server.</summary>
+
+########################################
+## <summary>
+##	Read couchdb log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`couchdb_read_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `couchdb_read_log_files'($*)) dnl
+	
+	gen_require(`
+		type couchdb_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, couchdb_log_t, couchdb_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `couchdb_read_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read, write, and create couchdb lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`couchdb_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `couchdb_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type couchdb_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, couchdb_var_lib_t, couchdb_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `couchdb_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read couchdb config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`couchdb_read_conf_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `couchdb_read_conf_files'($*)) dnl
+	
+	gen_require(`
+		type couchdb_conf_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, couchdb_conf_t, couchdb_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `couchdb_read_conf_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read couchdb pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`couchdb_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `couchdb_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type couchdb_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, couchdb_runtime_t, couchdb_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `couchdb_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an couchdb environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`couchdb_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `couchdb_admin'($*)) dnl
+	
+	gen_require(`
+		type couchdb_t, couchdb_conf_t, couchdb_initrc_exec_t;
+		type couchdb_log_t, couchdb_var_lib_t, couchdb_runtime_t;
+		type couchdb_tmp_t;
+	')
+
+	allow $1 couchdb_t:process { ptrace signal_perms };
+	ps_process_pattern($1, couchdb_t)
+
+	init_startstop_service($1, $2, couchdb_t, couchdb_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, couchdb_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, couchdb_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, couchdb_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, couchdb_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, couchdb_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `couchdb_admin'($*)) dnl
+	')
+
+## <summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run usbmuxd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`usbmuxd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usbmuxd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type usbmuxd_t, usbmuxd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, usbmuxd_exec_t, usbmuxd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usbmuxd_domtrans'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to usbmuxd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`usbmuxd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `usbmuxd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type usbmuxd_t, usbmuxd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, usbmuxd_runtime_t, usbmuxd_runtime_t, usbmuxd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `usbmuxd_stream_connect'($*)) dnl
+	')
+
+## <summary>sound server for network audio server programs, nasd, yiff, etc</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an soundd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`soundserver_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `soundserver_admin'($*)) dnl
+	
+	gen_require(`
+		type soundd_t, soundd_etc_t, soundd_initrc_exec_t;
+		type soundd_tmp_t, soundd_runtime_t, soundd_tmpfs_t;
+		type soundd_state_t;
+	')
+
+	allow $1 soundd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, soundd_t)
+
+	init_startstop_service($1, $2, soundd_t, soundd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, soundd_etc_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, soundd_tmp_t)
+
+	fs_list_tmpfs($1)
+	admin_pattern($1, soundd_tmpfs_t)
+
+	files_list_var($1)
+	admin_pattern($1, soundd_state_t)
+
+	files_list_pids($1)
+	admin_pattern($1, soundd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `soundserver_admin'($*)) dnl
+	')
+
+## <summary>instrumentation system for Linux.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an stapserver environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`stapserver_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `stapserver_admin'($*)) dnl
+	
+	gen_require(`
+		type stapserver_t, stapserver_conf_t, stapserver_log_t;
+		type stapserver_runtime_t, stapserver_initrc_exec_t, stapserver_var_lib_t;
+	')
+
+	allow $1 stapserver_t:process { ptrace signal_perms };
+	ps_process_pattern($1, stapserver_t)
+
+	init_startstop_service($1, $2, stapserver_t, stapserver_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, stapserver_conf_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, stapserver_var_lib_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, stapserver_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, stapserver_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `stapserver_admin'($*)) dnl
+	')
+
+## <summary>IIIMF htt server.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an i18n input environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`i18n_input_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `i18n_input_admin'($*)) dnl
+	
+	gen_require(`
+		type i18n_input_t, i18n_input_initrc_exec_t, i18n_input_runtime_t;
+		type i18n_input_log_t;
+	')
+
+	allow $1 i18n_input_t:process { ptrace signal_perms };
+	ps_process_pattern($1, i18n_input_t)
+
+	init_startstop_service($1, $2, i18n_input_t, i18n_input_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, i18n_input_runtime_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, i18n_input_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `i18n_input_admin'($*)) dnl
+	')
+
+## <summary>Console network traffic monitor.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run vnstat.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`vnstatd_domtrans_vnstat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vnstatd_domtrans_vnstat'($*)) dnl
+	
+	gen_require(`
+		type vnstat_t, vnstat_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, vnstat_exec_t, vnstat_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vnstatd_domtrans_vnstat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute vnstat in the vnstat domain,
+##	and allow the specified role
+##	the vnstat domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vnstatd_run_vnstat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vnstatd_run_vnstat'($*)) dnl
+	
+	gen_require(`
+		attribute_role vnstat_roles;
+	')
+
+	vnstatd_domtrans_vnstat($1)
+	roleattribute $2 vnstat_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vnstatd_run_vnstat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run vnstatd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`vnstatd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vnstatd_domtrans'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	gen_require(`
+		type vnstatd_t, vnstatd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, vnstatd_exec_t, vnstatd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vnstatd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search vnstatd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vnstatd_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vnstatd_search_lib'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	gen_require(`
+		type vnstatd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 vnstatd_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vnstatd_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	vnstatd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vnstatd_manage_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vnstatd_manage_lib_dirs'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	gen_require(`
+		type vnstatd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vnstatd_manage_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read vnstatd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vnstatd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vnstatd_read_lib_files'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	gen_require(`
+		type vnstatd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vnstatd_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	vnstatd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vnstatd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vnstatd_manage_lib_files'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	gen_require(`
+		type vnstatd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vnstatd_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an vnstatd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`vnstatd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vnstatd_admin'($*)) dnl
+	
+	gen_require(`
+		type vnstatd_t, vnstatd_initrc_exec_t;
+		type vnstatd_pid_t, vnstatd_unit_t, vnstatd_var_lib_t;
+	')
+
+	admin_process_pattern($1, vnstatd_t)
+
+	init_startstop_service($1, $2, vnstatd_t, vnstatd_initrc_exec_t, vnstatd_unit_t)
+
+	files_search_pids($1)
+	admin_pattern($1, vnstatd_pid_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, vnstatd_var_lib_t)
+
+	vnstatd_run_vnstat($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vnstatd_admin'($*)) dnl
+	')
+
+## <summary>Ethernet activity monitor.</summary>
+
+########################################
+## <summary>
+##	Execute arpwatch server in the
+##	arpwatch domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`arpwatch_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `arpwatch_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type arpwatch_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, arpwatch_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `arpwatch_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search arpwatch data file directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`arpwatch_search_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `arpwatch_search_data'($*)) dnl
+	
+	gen_require(`
+		type arpwatch_data_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 arpwatch_data_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `arpwatch_search_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	arpwatch data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`arpwatch_manage_data_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `arpwatch_manage_data_files'($*)) dnl
+	
+	gen_require(`
+		type arpwatch_data_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, arpwatch_data_t, arpwatch_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `arpwatch_manage_data_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write arpwatch temporary
+##	files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`arpwatch_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `arpwatch_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type arpwatch_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 arpwatch_tmp_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `arpwatch_rw_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	arpwatch temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`arpwatch_manage_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `arpwatch_manage_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type arpwatch_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 arpwatch_tmp_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `arpwatch_manage_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write arpwatch packet sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`arpwatch_dontaudit_rw_packet_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `arpwatch_dontaudit_rw_packet_sockets'($*)) dnl
+	
+	gen_require(`
+		type arpwatch_t;
+	')
+
+	dontaudit $1 arpwatch_t:packet_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `arpwatch_dontaudit_rw_packet_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an arpwatch environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`arpwatch_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `arpwatch_admin'($*)) dnl
+	
+	gen_require(`
+		type arpwatch_t, arpwatch_tmp_t, arpwatch_initrc_exec_t;
+		type arpwatch_data_t, arpwatch_pid_t, arpwatch_unit_t;
+	')
+
+	admin_process_pattern($1, arpwatch_t)
+
+	init_startstop_service($1, $2, arpwatch_t, arpwatch_initrc_exec_t, arpwatch_unit_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, arpwatch_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, arpwatch_data_t)
+
+	files_search_pids($1)
+	admin_pattern($1, arpwatch_pid_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `arpwatch_admin'($*)) dnl
+	')
+
+## <summary>Periodic execution of scheduled commands.</summary>
+
+#######################################
+## <summary>
+##	The template to define a crontab domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_common_crontab_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_common_crontab_template'($*)) dnl
+	
+	gen_require(`
+		attribute crontab_domain;
+		type crontab_exec_t;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	type $1_t, crontab_domain;
+	userdom_user_application_domain($1_t, crontab_exec_t)
+
+	type $1_tmp_t;
+	userdom_user_tmp_file($1_tmp_t)
+
+	##############################
+	#
+	# Local policy
+	#
+
+	manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t)
+	manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
+	files_tmp_filetrans($1_t, $1_tmp_t, { dir file })
+
+	auth_domtrans_chk_passwd($1_t)
+	auth_use_nsswitch($1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_common_crontab_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for cron.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cron_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_role'($*)) dnl
+	
+	gen_require(`
+		type cronjob_t, crontab_t, crontab_exec_t;
+		type user_cron_spool_t, crond_t;
+		bool cron_userdomain_transition;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	role $1 types { cronjob_t crontab_t };
+
+	##############################
+	#
+	# Local policy
+	#
+
+	domtrans_pattern($2, crontab_exec_t, crontab_t)
+
+	dontaudit crond_t $2:process { noatsecure siginh rlimitinh };
+	allow $2 crond_t:process sigchld;
+
+	allow $2 user_cron_spool_t:file { getattr read write ioctl };
+
+	allow $2 crontab_t:process { ptrace signal_perms };
+	ps_process_pattern($2, crontab_t)
+
+	corecmd_exec_bin(crontab_t)
+	corecmd_exec_shell(crontab_t)
+
+	tunable_policy(`cron_userdomain_transition',`
+		allow crond_t $2:process transition;
+		allow crond_t $2:fd use;
+		allow crond_t $2:key manage_key_perms;
+
+		allow $2 user_cron_spool_t:file entrypoint;
+
+		allow $2 crond_t:fifo_file rw_fifo_file_perms;
+
+		allow $2 cronjob_t:process { ptrace signal_perms };
+		ps_process_pattern($2, cronjob_t)
+	',`
+		dontaudit crond_t $2:process transition;
+		dontaudit crond_t $2:fd use;
+		dontaudit crond_t $2:key manage_key_perms;
+
+		dontaudit $2 user_cron_spool_t:file entrypoint;
+
+		dontaudit $2 crond_t:fifo_file rw_fifo_file_perms;
+
+		dontaudit $2 cronjob_t:process { ptrace signal_perms };
+	')
+
+	optional_policy(`
+		gen_require(`
+			class dbus send_msg;
+		')
+
+		dbus_stub(cronjob_t)
+
+		allow cronjob_t $2:dbus send_msg;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for unconfined cron.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_unconfined_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_unconfined_role'($*)) dnl
+	
+	gen_require(`
+		type unconfined_cronjob_t, crontab_t, crontab_exec_t;
+		type crond_t, user_cron_spool_t;
+		bool cron_userdomain_transition;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	role $1 types { unconfined_cronjob_t crontab_t };
+
+	##############################
+	#
+	# Local policy
+	#
+
+	domtrans_pattern($2, crontab_exec_t, crontab_t)
+
+	dontaudit crond_t $2:process { noatsecure siginh rlimitinh };
+	allow $2 crond_t:process sigchld;
+
+	allow $2 user_cron_spool_t:file { getattr read write ioctl };
+
+	allow $2 crontab_t:process { ptrace signal_perms };
+	ps_process_pattern($2, crontab_t)
+
+	corecmd_exec_bin(crontab_t)
+	corecmd_exec_shell(crontab_t)
+
+	tunable_policy(`cron_userdomain_transition',`
+		allow crond_t $2:process transition;
+		allow crond_t $2:fd use;
+		allow crond_t $2:key manage_key_perms;
+
+		allow $2 user_cron_spool_t:file entrypoint;
+
+		allow $2 crond_t:fifo_file rw_fifo_file_perms;
+
+		allow $2 unconfined_cronjob_t:process { ptrace signal_perms };
+		ps_process_pattern($2, unconfined_cronjob_t)
+	',`
+		dontaudit crond_t $2:process transition;
+		dontaudit crond_t $2:fd use;
+		dontaudit crond_t $2:key manage_key_perms;
+
+		dontaudit $2 user_cron_spool_t:file entrypoint;
+
+		dontaudit $2 crond_t:fifo_file rw_fifo_file_perms;
+
+		dontaudit $2 unconfined_cronjob_t:process { ptrace signal_perms };
+')
+
+	optional_policy(`
+		gen_require(`
+			class dbus send_msg;
+		')
+
+		dbus_stub(unconfined_cronjob_t)
+
+		allow unconfined_cronjob_t $2:dbus send_msg;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_unconfined_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for admin cron.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_admin_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_admin_role'($*)) dnl
+	
+	gen_require(`
+		type cronjob_t, crontab_exec_t, admin_crontab_t;
+		class passwd crontab;
+		type crond_t, crond_runtime_t, user_cron_spool_t;
+		bool cron_userdomain_transition, fcron_crond;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	role $1 types { cronjob_t admin_crontab_t };
+
+	##############################
+	#
+	# Local policy
+	#
+
+	domtrans_pattern($2, crontab_exec_t, admin_crontab_t)
+
+	dontaudit crond_t $2:process { noatsecure siginh rlimitinh };
+	allow $2 crond_t:process sigchld;
+
+	allow $2 user_cron_spool_t:file { getattr read write ioctl };
+
+	allow $2 admin_crontab_t:process { ptrace signal_perms };
+	ps_process_pattern($2, admin_crontab_t)
+
+	# Manipulate other users crontab.
+	allow $2 self:passwd crontab;
+
+	corecmd_exec_bin(admin_crontab_t)
+	corecmd_exec_shell(admin_crontab_t)
+
+	tunable_policy(`cron_userdomain_transition',`
+		allow crond_t $2:process transition;
+		allow crond_t $2:fd use;
+		allow crond_t $2:key manage_key_perms;
+
+		allow $2 user_cron_spool_t:file entrypoint;
+
+		allow $2 crond_t:fifo_file rw_fifo_file_perms;
+
+		allow $2 cronjob_t:process { ptrace signal_perms };
+		ps_process_pattern($2, cronjob_t)
+	',`
+		dontaudit crond_t $2:process transition;
+		dontaudit crond_t $2:fd use;
+		dontaudit crond_t $2:key manage_key_perms;
+
+		dontaudit $2 user_cron_spool_t:file entrypoint;
+
+		dontaudit $2 crond_t:fifo_file rw_fifo_file_perms;
+
+		dontaudit $2 cronjob_t:process { ptrace signal_perms };
+	')
+
+	tunable_policy(`fcron_crond',`
+		# Support for fcrondyn
+		stream_connect_pattern($2, crond_runtime_t, crond_runtime_t, crond_t)
+	')
+
+	optional_policy(`
+		gen_require(`
+			class dbus send_msg;
+		')
+
+		dbus_stub(admin_cronjob_t)
+
+		allow cronjob_t $2:dbus send_msg;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_admin_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified program domain
+##	accessable from the system cron jobs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process to transition to.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type of the file used as an entrypoint to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_system_entry',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_system_entry'($*)) dnl
+	
+	gen_require(`
+		type crond_t, system_cronjob_t;
+	')
+
+	domtrans_pattern(system_cronjob_t, $2, $1)
+	domtrans_pattern(crond_t, $2, $1)
+
+	role system_r types $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_system_entry'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cron in the cron system domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_domtrans'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_t, crond_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, crond_exec_t, system_cronjob_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute crond in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_exec'($*)) dnl
+	
+	gen_require(`
+		type crond_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, crond_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute crond server in the crond domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type crond_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, crond_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use crond file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_use_fds'($*)) dnl
+	
+	gen_require(`
+		type crond_t;
+	')
+
+	allow $1 crond_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send child terminated signals to crond.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_sigchld'($*)) dnl
+	
+	gen_require(`
+		type crond_t;
+	')
+
+	allow $1 crond_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of cron log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_setattr_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_setattr_log_files'($*)) dnl
+	
+	gen_require(`
+		type cron_log_t;
+	')
+
+	allow $1 cron_log_t:file setattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_setattr_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create cron log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_create_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_create_log_files'($*)) dnl
+	
+	gen_require(`
+		type cron_log_t;
+	')
+
+	create_files_pattern($1, cron_log_t, cron_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_create_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to cron log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_write_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_write_log_files'($*)) dnl
+	
+	gen_require(`
+		type cron_log_t;
+	')
+
+	allow $1 cron_log_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_write_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write and delete
+##	cron log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_manage_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_manage_log_files'($*)) dnl
+	
+	gen_require(`
+		type cron_log_t;
+	')
+
+	manage_files_pattern($1, cron_log_t, cron_log_t)
+
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_manage_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	log directories with the cron log file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_generic_log_filetrans_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_generic_log_filetrans_log'($*)) dnl
+	
+	gen_require(`
+		type cron_log_t;
+	')
+
+	logging_log_filetrans($1, cron_log_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_generic_log_filetrans_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cron daemon unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_read_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_read_pipes'($*)) dnl
+	
+	gen_require(`
+		type crond_t;
+	')
+
+	allow $1 crond_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_read_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write
+##	cron daemon unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_dontaudit_write_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_dontaudit_write_pipes'($*)) dnl
+	
+	gen_require(`
+		type crond_t;
+	')
+
+	dontaudit $1 crond_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_dontaudit_write_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write crond unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type crond_t;
+	')
+
+	allow $1 crond_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write crond TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type crond_t;
+	')
+
+	allow $1 crond_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write cron daemon TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_dontaudit_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_dontaudit_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type crond_t;
+	')
+
+	dontaudit $1 crond_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_dontaudit_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search cron spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_search_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_search_spool'($*)) dnl
+	
+	gen_require(`
+		type cron_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 cron_spool_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_search_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	crond pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type crond_runtime_t;
+	')
+
+	manage_files_pattern($1, crond_runtime_t, crond_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute anacron in the cron
+##	system domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_anacron_domtrans_system_job',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_anacron_domtrans_system_job'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_t, anacron_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, anacron_exec_t, system_cronjob_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_anacron_domtrans_system_job'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use system cron job file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_use_system_job_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_use_system_job_fds'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_t;
+	')
+
+	allow $1 system_cronjob_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_use_system_job_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Create, read, write, and delete the system spool.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`cron_manage_system_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_manage_system_spool'($*)) dnl
+	
+	gen_require(`
+		type system_cron_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_files_pattern($1, system_cron_spool_t, system_cron_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_manage_system_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Read the system spool.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`cron_read_system_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_read_system_spool'($*)) dnl
+	
+	gen_require(`
+		type system_cron_spool_t;
+	')
+
+	cron_search_spool($1)
+	list_dirs_pattern($1, system_cron_spool_t, system_cron_spool_t)
+	read_files_pattern($1, system_cron_spool_t, system_cron_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_read_system_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Read and write crond temporary files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`cron_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type crond_tmp_t;
+	')
+
+	allow $1 crond_tmp_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_rw_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read system cron job lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_read_system_job_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_read_system_job_lib_files'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_read_system_job_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	system cron job lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_manage_system_job_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_manage_system_job_lib_files'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_manage_system_job_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write system cron job unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_write_system_job_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_write_system_job_pipes'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_t;
+	')
+
+	allow $1 system_cronjob_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_write_system_job_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write system cron job
+##	unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_rw_system_job_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_rw_system_job_pipes'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_t;
+	')
+
+	allow $1 system_cronjob_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_rw_system_job_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write inherited system cron
+##	job unix domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_rw_system_job_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_rw_system_job_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_t;
+	')
+
+	allow $1 system_cronjob_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_rw_system_job_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read system cron job temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_read_system_job_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_read_system_job_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 system_cronjob_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_read_system_job_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to append temporary
+##	system cron job files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_dontaudit_append_system_job_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_dontaudit_append_system_job_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_tmp_t;
+	')
+
+	dontaudit $1 system_cronjob_tmp_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_dontaudit_append_system_job_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to inherited system cron job temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_rw_inherited_system_job_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_rw_inherited_system_job_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_tmp_t;
+	')
+
+	allow $1 system_cronjob_tmp_t:file rw_inherited_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_rw_inherited_system_job_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write temporary
+##	system cron job files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`cron_dontaudit_write_system_job_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_dontaudit_write_system_job_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type system_cronjob_tmp_t;
+	')
+
+	dontaudit $1 system_cronjob_tmp_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_dontaudit_write_system_job_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute crontab in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cron_exec_crontab',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_exec_crontab'($*)) dnl
+	
+	gen_require(`
+		type crontab_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, crontab_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_exec_crontab'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate a cron environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cron_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cron_admin'($*)) dnl
+	
+	gen_require(`
+		type crond_t, cronjob_t, crond_initrc_exec_t;
+		type cron_var_lib_t, system_cronjob_var_lib_t;
+		type crond_tmp_t, admin_crontab_tmp_t;
+		type crontab_tmp_t, system_cronjob_tmp_t;
+		type cron_runtime_t, system_cronjob_runtime_t, crond_runtime_t;
+		type cron_log_t, system_cronjob_lock_t, user_cron_spool_log_t;
+		attribute cron_spool_type;
+	')
+
+	allow $1 { crond_t cronjob_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { crond_t cronjob_t })
+
+	init_startstop_service($1, $2, crond_t, crond_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, { cron_var_lib_t system_cronjob_var_lib_t })
+
+	files_search_tmp($1)
+	admin_pattern($1, { crond_tmp_t admin_crontab_tmp_t })
+	admin_pattern($1, { crontab_tmp_t system_cronjob_tmp_t })
+
+	files_search_pids($1)
+	admin_pattern($1, { cron_runtime_t crond_runtime_t system_cronjob_runtime_t })
+
+	files_search_locks($1)
+	admin_pattern($1, system_cronjob_lock_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, { cron_log_t user_cron_spool_log_t })
+
+	files_search_spool($1)
+	admin_pattern($1, cron_spool_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cron_admin'($*)) dnl
+	')
+
+## <summary>Aisexec Cluster Engine.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run aisexec.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`aisexec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aisexec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type aisexec_t, aisexec_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, aisexec_exec_t, aisexec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aisexec_domtrans'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to aisexec over a unix
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`aisexec_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aisexec_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type aisexec_t, aisexec_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, aisexec_runtime_t, aisexec_runtime_t, aisexec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aisexec_stream_connect'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read aisexec log files content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`aisexec_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aisexec_read_log'($*)) dnl
+	
+	gen_require(`
+		type aisexec_var_log_t;
+	')
+
+	logging_search_logs($1)
+	list_dirs_pattern($1, aisexec_var_log_t, aisexec_var_log_t)
+	read_files_pattern($1, aisexec_var_log_t, aisexec_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aisexec_read_log'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	All of the rules required to
+##	administrate an aisexec environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`aisexecd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aisexecd_admin'($*)) dnl
+	
+	gen_require(`
+		type aisexec_t, aisexec_var_lib_t, aisexec_var_log_t;
+		type aisexec_runtime_t, aisexec_tmp_t, aisexec_tmpfs_t;
+		type aisexec_initrc_exec_t;
+	')
+
+	allow $1 aisexec_t:process { ptrace signal_perms };
+	ps_process_pattern($1, aisexec_t)
+
+	init_startstop_service($1, $2, aisexec_t, aisexec_initrc_exec_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, aisexec_var_lib_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, aisexec_var_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, aisexec_runtime_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, aisexec_tmp_t)
+
+	admin_pattern($1, aisexec_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aisexecd_admin'($*)) dnl
+	')
+
+## <summary>Reports on various system states.</summary>
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	sysstat log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysstat_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysstat_manage_log'($*)) dnl
+	
+	gen_require(`
+		type sysstat_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, sysstat_log_t, sysstat_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysstat_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an sysstat environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysstat_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysstat_admin'($*)) dnl
+	
+	gen_require(`
+		type sysstat_t, sysstat_initrc_exec_t, sysstat_log_t;
+	')
+
+	allow $1 sysstat_t:process { ptrace signal_perms };
+	ps_process_pattern($1, sysstat_t)
+
+	init_startstop_service($1, $2, sysstat_t, sysstat_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, sysstat_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysstat_admin'($*)) dnl
+	')
+
+## <summary>Resource management daemon.</summary>
+
+########################################
+## <summary>
+##	Connect to resmgrd over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`resmgr_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `resmgr_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type resmgrd_runtime_t, resmgrd_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, resmgrd_runtime_t, resmgrd_runtime_t, resmgrd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `resmgr_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an resmgr environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`resmgr_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `resmgr_admin'($*)) dnl
+	
+	gen_require(`
+		type resmgrd_t, resmgrd_initrc_exec_t, resmgrd_runtime_t;
+		type resmgrd_etc_t;
+	')
+
+	allow $1 resmgrd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, resmgrd_t)
+
+	init_startstop_service($1, $2, resmgrd_t, resmgrd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, resmgrd_etc_t)
+
+	files_search_pids($1)
+	admin_pattern($1, resmgrd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `resmgr_admin'($*)) dnl
+	')
+
+## <summary>Clustered Database based on Samba Trivial Database.</summary>
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	ctdbd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ctdbd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ctdbd_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type ctdbd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, ctdbd_var_lib_t, ctdbd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ctdbd_manage_lib_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Connect to ctdbd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ctdbd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ctdbd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type ctdbd_t, ctdbd_runtime_t, ctdbd_tmp_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, { ctdbd_tmp_t ctdbd_runtime_t }, { ctdbd_tmp_t ctdbd_runtime_t }, ctdbd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ctdbd_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ctdb environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ctdb_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ctdb_admin'($*)) dnl
+	
+	gen_require(`
+		type ctdbd_t, ctdbd_initrc_exec_t, ctdbd_tmp_t;
+		type ctdbd_log_t, ctdbd_var_lib_t, ctdbd_runtime_t;
+	')
+
+	allow $1 ctdbd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ctdbd_t)
+
+	init_startstop_service($1, $2, ctdbd_t, ctdbd_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, ctdbd_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, ctdbd_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, ctdbd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, ctdbd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ctdb_admin'($*)) dnl
+	')
+
+## <summary>Scalable, high-performance, open source NoSQL database.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an mongodb environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mongodb_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mongodb_admin'($*)) dnl
+	
+	gen_require(`
+		type mongod_t, mongod_initrc_exec_t, mongod_log_t;
+		type mongod_var_lib_t, mongod_runtime_t;
+	')
+
+	allow $1 mongod_t:process { ptrace signal_perms };
+	ps_process_pattern($1, mongod_t)
+
+	init_startstop_service($1, $2, mongod_t, mongod_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, mongod_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, mongod_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, mongod_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mongodb_admin'($*)) dnl
+	')
+
+## <summary>Smart disk monitoring daemon.</summary>
+
+#######################################
+## <summary>
+##	Read smartmon temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`smartmon_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smartmon_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type fsdaemon_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 fsdaemon_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smartmon_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an smartmon environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`smartmon_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smartmon_admin'($*)) dnl
+	
+	gen_require(`
+		type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_runtime_t;
+		type fsdaemon_var_lib_t, fsdaemon_initrc_exec_t;
+	')
+
+	allow $1 fsdaemon_t:process { ptrace signal_perms };
+	ps_process_pattern($1, fsdaemon_t)
+
+	init_startstop_service($1, $2, fsdaemon_t, fsdaemon_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, fsdaemon_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, fsdaemon_runtime_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, fsdaemon_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smartmon_admin'($*)) dnl
+	')
+
+## <summary>Snort network intrusion detection system.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run snort.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`snort_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snort_domtrans'($*)) dnl
+	
+	gen_require(`
+		type snort_t, snort_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, snort_exec_t, snort_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snort_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an snort environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`snort_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snort_admin'($*)) dnl
+	
+	gen_require(`
+		type snort_t, snort_runtime_t, snort_log_t;
+		type snort_etc_t, snort_initrc_exec_t;
+	')
+
+	allow $1 snort_t:process { ptrace signal_perms };
+	ps_process_pattern($1, snort_t)
+
+	init_startstop_service($1, $2, snort_t, snort_initrc_exec_t)
+
+	admin_pattern($1, snort_etc_t)
+	files_search_etc($1)
+
+	admin_pattern($1, snort_log_t)
+	logging_search_logs($1)
+
+	admin_pattern($1, snort_runtime_t)
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snort_admin'($*)) dnl
+	')
+
+## <summary>Virtual host metrics daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run vhostmd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_t, vhostmd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, vhostmd_exec_t, vhostmd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute vhostmd init scripts in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, vhostmd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read vhostmd tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_read_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_read_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	allow $1 vhostmd_tmpfs_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_read_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read
+##	vhostmd tmpfs files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_dontaudit_read_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_dontaudit_read_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_tmpfs_t;
+	')
+
+	dontaudit $1 vhostmd_tmpfs_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_dontaudit_read_tmpfs_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write vhostmd tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_rw_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_rw_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	rw_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_rw_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	vhostmd tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_manage_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_manage_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, vhostmd_tmpfs_t, vhostmd_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_manage_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read vhostmd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 vhostmd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	vhostmd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, vhostmd_runtime_t, vhostmd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to vhostmd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_t, vhostmd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, vhostmd_runtime_t, vhostmd_runtime_t, vhostmd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_stream_connect'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attempts to read and
+##	write vhostmd unix domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`vhostmd_dontaudit_rw_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_dontaudit_rw_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_t;
+	')
+
+	dontaudit $1 vhostmd_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_dontaudit_rw_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an vhostmd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`vhostmd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vhostmd_admin'($*)) dnl
+	
+	gen_require(`
+		type vhostmd_t, vhostmd_initrc_exec_t, vhostmd_runtime_t;
+		type vhostmd_tmpfs_t;
+	')
+
+	allow $1 vhostmd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, vhostmd_t)
+
+	init_startstop_service($1, $2, vhostmd_t, vhostmd_initrc_exec_t)
+
+	fs_search_tmpfs($1)
+	admin_pattern($1, vhostmd_tmpfs_t)
+
+	files_search_pids($1)
+	admin_pattern($1, vhostmd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vhostmd_admin'($*)) dnl
+	')
+
+## <summary>Finger user information service.</summary>
+
+########################################
+## <summary>
+##	Execute fingerd in the fingerd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`finger_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `finger_domtrans'($*)) dnl
+	
+	gen_require(`
+		type fingerd_t, fingerd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, fingerd_exec_t, fingerd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `finger_domtrans'($*)) dnl
+	')
+
+## <summary>Daemon used by MiniUPnPc to speed up device discoveries.</summary>
+
+########################################
+## <summary>
+##	Read minissdpd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`minissdpd_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `minissdpd_read_config'($*)) dnl
+	
+	gen_require(`
+		type minissdpd_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 minissdpd_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `minissdpd_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an minissdpd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`minissdpd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `minissdpd_admin'($*)) dnl
+	
+	gen_require(`
+		type minissdpd_t, minissdpd_initrc_exec_t, minissdpd_conf_t;
+		type minissdpd_runtime_t;
+	')
+
+	allow $1 minissdpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, minissdpd_t)
+
+	init_startstop_service($1, $2, minissdpd_t, minissdpd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, minissdpd_conf_t)
+
+	files_search_pids($1)
+	admin_pattern($1, minissdpd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `minissdpd_admin'($*)) dnl
+	')
+
+## <summary>libcg is a library that abstracts the control group file system in Linux.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run
+##	CG Clear.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`cgroup_domtrans_cgclear',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cgroup_domtrans_cgclear'($*)) dnl
+	
+	gen_require(`
+		type cgclear_t, cgclear_exec_t;
+	')
+
+	domtrans_pattern($1, cgclear_exec_t, cgclear_t)
+	corecmd_search_bin($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cgroup_domtrans_cgclear'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run
+##	CG config parser.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`cgroup_domtrans_cgconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cgroup_domtrans_cgconfig'($*)) dnl
+	
+	gen_require(`
+		type cgconfig_t, cgconfig_exec_t;
+	')
+
+	domtrans_pattern($1, cgconfig_exec_t, cgconfig_t)
+	corecmd_search_bin($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cgroup_domtrans_cgconfig'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute CG config init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cgroup_initrc_domtrans_cgconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cgroup_initrc_domtrans_cgconfig'($*)) dnl
+	
+	gen_require(`
+		type cgconfig_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, cgconfig_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cgroup_initrc_domtrans_cgconfig'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run
+##	CG rules engine daemon.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`cgroup_domtrans_cgred',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cgroup_domtrans_cgred'($*)) dnl
+	
+	gen_require(`
+		type cgred_t, cgred_exec_t;
+	')
+
+	domtrans_pattern($1, cgred_exec_t, cgred_t)
+	corecmd_search_bin($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cgroup_domtrans_cgred'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run
+## 	CG rules engine daemon.
+##	domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cgroup_initrc_domtrans_cgred',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cgroup_initrc_domtrans_cgred'($*)) dnl
+	
+	gen_require(`
+		type cgred_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, cgred_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cgroup_initrc_domtrans_cgred'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run CG Clear and allow the
+##	specified role the CG Clear
+##	domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cgroup_run_cgclear',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cgroup_run_cgclear'($*)) dnl
+	
+	gen_require(`
+		type cgclear_t;
+	')
+
+	cgroup_domtrans_cgclear($1)
+	role $2 types cgclear_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cgroup_run_cgclear'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to CG rules engine daemon
+##	over unix stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cgroup_stream_connect_cgred',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cgroup_stream_connect_cgred'($*)) dnl
+	
+	gen_require(`
+		type cgred_runtime_t, cgred_t;
+	')
+
+	stream_connect_pattern($1, cgred_runtime_t, cgred_runtime_t, cgred_t)
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cgroup_stream_connect_cgred'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an cgroup environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cgroup_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cgroup_admin'($*)) dnl
+	
+	gen_require(`
+		type cgred_t, cgconfig_t, cgred_runtime_t;
+		type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t;
+		type cgrules_etc_t, cgclear_t;
+	')
+
+	allow $1 { cgclear_t cgconfig_t cgred_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { cgclear_t cgconfig_t cgred_t })
+
+	admin_pattern($1, { cgconfig_etc_t cgrules_etc_t })
+	files_list_etc($1)
+
+	admin_pattern($1, cgred_runtime_t)
+	files_list_pids($1)
+
+	init_startstop_service($1, $2, cgred_t, cgred_initrc_exec_t)
+	init_startstop_service($1, $2, cgconfig_t, cgconfig_initrc_exec_t)
+
+	cgroup_run_cgclear($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cgroup_admin'($*)) dnl
+	')
+
+## <summary>Pingd of the Whatsup cluster node up/down detection utility.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run pingd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`pingd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pingd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type pingd_t, pingd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, pingd_exec_t, pingd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pingd_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read pingd etc configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pingd_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pingd_read_config'($*)) dnl
+	
+	gen_require(`
+		type pingd_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 pingd_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pingd_read_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	pingd etc configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pingd_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pingd_manage_config'($*)) dnl
+	
+	gen_require(`
+		type pingd_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 pingd_etc_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pingd_manage_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	All of the rules required to
+##	administrate an pingd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pingd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pingd_admin'($*)) dnl
+	
+	gen_require(`
+		type pingd_t, pingd_etc_t, pingd_modules_t;
+		type pingd_initrc_exec_t;
+	')
+
+	allow $1 pingd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, pingd_t)
+
+	init_startstop_service($1, $2, pingd_t, pingd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, pingd_etc_t)
+
+	files_list_usr($1)
+	admin_pattern($1, pingd_modules_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pingd_admin'($*)) dnl
+	')
+
+## <summary>Enables DNSSEC protection for DNS traffic.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dnssec environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dnssectrigger_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnssectrigger_admin'($*)) dnl
+	
+	gen_require(`
+		type dnssec_triggerd_t, dnssec_triggerd_initrc_exec_t, dnssec_trigger_conf_t;
+		type dnssec_trigger_log_t, dnssec_triggerd_runtime_t;
+	')
+
+	allow $1 dnssec_triggerd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dnssec_triggerd_t)
+
+	init_startstop_service($1, $2, dnssec_triggerd_t, dnssec_triggerd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, dnssec_trigger_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, dnssec_trigger_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, dnssec_triggerd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnssectrigger_admin'($*)) dnl
+	')
+
+## <summary>Music Player Daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run mpd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mpd_t, mpd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mpd_exec_t, mpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mpd server in the mpd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mpd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, mpd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_initrc_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read mpd data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_read_data_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_read_data_files'($*)) dnl
+	
+	gen_require(`
+		type mpd_data_t;
+	')
+
+	mpd_search_lib($1)
+	read_files_pattern($1, mpd_data_t, mpd_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_read_data_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Create, read, write, and delete
+##	mpd data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_manage_data_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_manage_data_files'($*)) dnl
+	
+	gen_require(`
+		type mpd_data_t;
+	')
+
+	mpd_search_lib($1)
+	manage_files_pattern($1, mpd_data_t, mpd_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_manage_data_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mpd user data content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_manage_user_data_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_manage_user_data_content'($*)) dnl
+	
+	gen_require(`
+		type mpd_user_data_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 mpd_user_data_t:dir manage_dir_perms;
+	allow $1 mpd_user_data_t:file manage_file_perms;
+	allow $1 mpd_user_data_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_manage_user_data_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel mpd user data content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_relabel_user_data_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_relabel_user_data_content'($*)) dnl
+	
+	gen_require(`
+		type mpd_user_data_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 mpd_user_data_t:dir relabel_dir_perms;
+	allow $1 mpd_user_data_t:file relabel_file_perms;
+	allow $1 mpd_user_data_t:lnk_file relabel_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_relabel_user_data_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the mpd user data type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_home_filetrans_user_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_home_filetrans_user_data'($*)) dnl
+	
+	gen_require(`
+		type mpd_user_data_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, mpd_user_data_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_home_filetrans_user_data'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read mpd tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_read_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_read_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type mpd_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_read_tmpfs_files'($*)) dnl
+	')
+
+
+###################################
+## <summary>
+##	Create, read, write, and delete
+##	mpd tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_manage_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_manage_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type mpd_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
+	manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_manage_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search mpd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_search_lib'($*)) dnl
+	
+	gen_require(`
+		type mpd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 mpd_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read mpd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type mpd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mpd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type mpd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_manage_lib_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create specified objects in mpd
+##	lib directories with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_var_lib_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_var_lib_filetrans'($*)) dnl
+	
+	gen_require(`
+		type mpd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	filetrans_pattern($1, mpd_var_lib_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_var_lib_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mpd lib dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mpd_manage_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_manage_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type mpd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_manage_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an mpd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mpd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mpd_admin'($*)) dnl
+	
+	gen_require(`
+		type mpd_t, mpd_initrc_exec_t, mpd_etc_t;
+		type mpd_data_t, mpd_log_t, mpd_var_lib_t;
+		type mpd_tmpfs_t, mpd_tmp_t, mpd_user_data_t;
+	')
+
+	allow $1 mpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, mpd_t)
+
+	init_startstop_service($1, $2, mpd_t, mpd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, mpd_etc_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, { mpd_data_t mpd_user_data_t mpd_var_lib_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, mpd_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, mpd_tmp_t)
+
+	fs_search_tmpfs($1)
+	admin_pattern($1, mpd_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mpd_admin'($*)) dnl
+	')
+
+## <summary>MiniDLNA lightweight DLNA/UPnP media server</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an minidlna environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`minidlna_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `minidlna_admin'($*)) dnl
+	
+	gen_require(`
+		type minidlna_t, minidlna_runtime_t, minidlna_initrc_exec_t;
+		type minidlna_conf_t, minidlna_log_t, minidlna_db_t;
+	')
+
+	allow $1 minidlna_t:process { ptrace signal_perms };
+	ps_process_pattern($1, minidlna_t)
+
+	init_startstop_service($1, $2, minidlna_t, minidlna_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, minidlna_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, minidlna_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, minidlna_db_t)
+
+	files_search_pids($1)
+	admin_pattern($1, minidlna_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `minidlna_admin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute minidlna init scripts in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`minidlna_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `minidlna_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type minidlna_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, minidlna_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `minidlna_initrc_domtrans'($*)) dnl
+	')
+
+## <summary>Advanced power management.</summary>
+
+########################################
+## <summary>
+##	Execute apm in the apm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`acpi_domtrans_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acpi_domtrans_client'($*)) dnl
+	
+	gen_require(`
+		type acpi_t, acpi_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, acpi_exec_t, acpi_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acpi_domtrans_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute apm in the apm domain
+##	and allow the specified role
+##	the apm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`acpi_run_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acpi_run_client'($*)) dnl
+	
+	gen_require(`
+		attribute_role acpi_roles;
+	')
+
+	acpi_domtrans_client($1)
+	roleattribute $2 acpi_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acpi_run_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use apmd file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`acpi_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acpi_use_fds'($*)) dnl
+	
+	gen_require(`
+		type acpid_t;
+	')
+
+	allow $1 acpid_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acpi_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write apmd unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`acpi_write_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acpi_write_pipes'($*)) dnl
+	
+	gen_require(`
+		type acpid_t;
+	')
+
+	allow $1 acpid_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acpi_write_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to apmd unix
+##	stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`acpi_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acpi_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type acpid_t;
+	')
+
+	allow $1 acpid_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acpi_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append apmd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`acpi_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acpi_append_log'($*)) dnl
+	
+	gen_require(`
+		type acpid_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 acpid_log_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acpi_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to apmd over an unix
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`acpi_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acpi_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type acpid_t, acpid_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, acpid_runtime_t, acpid_runtime_t, acpid_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acpi_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an apm environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`acpi_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `acpi_admin'($*)) dnl
+	
+	gen_require(`
+		type acpid_t, acpid_initrc_exec_t, acpid_log_t;
+		type acpid_lock_t, acpid_runtime_t, acpid_var_lib_t;
+		type acpid_tmp_t;
+	')
+
+	allow $1 acpid_t:process { ptrace signal_perms };
+	ps_process_pattern($1, acpid_t)
+
+	init_startstop_service($1, $2, acpid_t, acpid_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, acpid_log_t)
+
+	files_search_locks($1)
+	admin_pattern($1, acpid_lock_t)
+
+	files_search_pids($1)
+	admin_pattern($1, acpid_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, acpid_var_lib_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, acpid_tmp_t)
+
+	acpi_run_client($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `acpi_admin'($*)) dnl
+	')
+
+## <summary>Asterisk IP telephony server.</summary>
+
+######################################
+## <summary>
+##	Execute asterisk in the asterisk domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`asterisk_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `asterisk_domtrans'($*)) dnl
+	
+	gen_require(`
+		type asterisk_t, asterisk_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, asterisk_exec_t, asterisk_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `asterisk_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute asterisk in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`asterisk_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `asterisk_exec'($*)) dnl
+	
+	gen_require(`
+		type asterisk_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, asterisk_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `asterisk_exec'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to asterisk over a unix domain.
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`asterisk_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `asterisk_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type asterisk_t, asterisk_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, asterisk_runtime_t, asterisk_runtime_t, asterisk_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `asterisk_stream_connect'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Set attributes of asterisk log
+##	files and directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`asterisk_setattr_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `asterisk_setattr_logs'($*)) dnl
+	
+	gen_require(`
+		type asterisk_log_t;
+	')
+
+	setattr_files_pattern($1, asterisk_log_t, asterisk_log_t)
+	setattr_dirs_pattern($1, asterisk_log_t, asterisk_log_t)
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `asterisk_setattr_logs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Set attributes of the asterisk
+##	PID content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`asterisk_setattr_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `asterisk_setattr_pid_files'($*)) dnl
+	
+	gen_require(`
+		type asterisk_runtime_t;
+	')
+
+	setattr_files_pattern($1, asterisk_runtime_t, asterisk_runtime_t)
+	setattr_dirs_pattern($1, asterisk_runtime_t, asterisk_runtime_t)
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `asterisk_setattr_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an asterisk environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`asterisk_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `asterisk_admin'($*)) dnl
+	
+	gen_require(`
+		type asterisk_t, asterisk_runtime_t, asterisk_spool_t;
+		type asterisk_etc_t, asterisk_tmp_t, asterisk_log_t;
+		type asterisk_var_lib_t, asterisk_initrc_exec_t;
+	')
+
+	allow $1 asterisk_t:process { ptrace signal_perms };
+	ps_process_pattern($1, asterisk_t)
+
+	init_startstop_service($1, $2, asterisk_t, asterisk_initrc_exec_t)
+
+	asterisk_exec($1)
+
+	files_list_tmp($1)
+	admin_pattern($1, asterisk_tmp_t)
+
+	files_list_etc($1)
+	admin_pattern($1, asterisk_etc_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, asterisk_log_t)
+
+	files_list_spool($1)
+	admin_pattern($1, asterisk_spool_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, asterisk_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, asterisk_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `asterisk_admin'($*)) dnl
+	')
+
+## <summary>APC UPS monitoring daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run apcupsd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`apcupsd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apcupsd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_t, apcupsd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, apcupsd_exec_t, apcupsd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apcupsd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute apcupsd server in the
+##	apcupsd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`apcupsd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apcupsd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, apcupsd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apcupsd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read apcupsd PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apcupsd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apcupsd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 apcupsd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apcupsd_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read apcupsd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apcupsd_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apcupsd_read_log'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 apcupsd_log_t:dir list_dir_perms;
+	allow $1 apcupsd_log_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apcupsd_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append apcupsd log files.
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+#
+ 	 	define(`apcupsd_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apcupsd_append_log'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 apcupsd_log_t:dir list_dir_perms;
+	allow $1 apcupsd_log_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apcupsd_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run httpd_apcupsd_cgi_script.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`apcupsd_cgi_script_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apcupsd_cgi_script_domtrans'($*)) dnl
+	
+	gen_require(`
+		type httpd_apcupsd_cgi_script_t, httpd_apcupsd_cgi_script_exec_t;
+	')
+
+	files_search_var($1)
+	domtrans_pattern($1, httpd_apcupsd_cgi_script_exec_t, httpd_apcupsd_cgi_script_t)
+
+	optional_policy(`
+		apache_search_sys_content($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apcupsd_cgi_script_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an apcupsd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apcupsd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apcupsd_admin'($*)) dnl
+	
+	gen_require(`
+		type apcupsd_t, apcupsd_tmp_t, apcupsd_log_t;
+		type apcupsd_runtime_t, apcupsd_initrc_exec_t, apcupsd_lock_t;
+	')
+
+	allow $1 apcupsd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, apcupsd_t)
+
+	init_startstop_service($1, $2, apcupsd_t, apcupsd_initrc_exec_t)
+
+	files_list_var($1)
+	admin_pattern($1, apcupsd_lock_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, apcupsd_log_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, apcupsd_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, apcupsd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apcupsd_admin'($*)) dnl
+	')
+
+## <summary>Server for the svn repository access method.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an svnserve environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`svnserve_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `svnserve_admin'($*)) dnl
+	
+	gen_require(`
+		type svnserve_t, svnserve_initrc_exec_t, svnserve_runtime_t;
+	')
+
+	allow $1 svnserve_t:process { ptrace signal_perms };
+	ps_process_pattern($1, svnserve_t)
+
+	init_startstop_service($1, $2, svnserve_t, svnserve_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, svnserve_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `svnserve_admin'($*)) dnl
+	')
+
+## <summary>Check and feed random data from hardware device to kernel random device.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rng environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rngd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rngd_admin'($*)) dnl
+	
+	gen_require(`
+		type rngd_t, rngd_initrc_exec_t, rngd_runtime_t;
+	')
+
+	allow $1 rngd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, rngd_t)
+
+	init_startstop_service($1, $2, rngd_t, rngd_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, rngd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rngd_admin'($*)) dnl
+	')
+
+## <summary>Chrony NTP background daemon.</summary>
+
+#####################################
+## <summary>
+##	Execute chronyd in the chronyd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type chronyd_t, chronyd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, chronyd_exec_t, chronyd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_domtrans'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Execute chronyc in the chronyc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_domtrans_cli',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_domtrans_cli'($*)) dnl
+	
+	gen_require(`
+		type chronyc_t, chronyc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, chronyc_exec_t, chronyc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_domtrans_cli'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute chronyd server in the
+##	chronyd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type chronyd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, chronyd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_initrc_domtrans'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Execute chronyd in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_exec'($*)) dnl
+	
+	gen_require(`
+		type chronyd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, chronyd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute chronyc in the chronyc domain,
+##	and allow the specified roles the
+##	chronyc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`chronyd_run_cli',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_run_cli'($*)) dnl
+	
+	gen_require(`
+		attribute_role chronyc_roles;
+	')
+
+	chronyd_domtrans_cli($1)
+	roleattribute $2 chronyc_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_run_cli'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read chronyd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_read_log'($*)) dnl
+	
+	gen_require(`
+		type chronyd_var_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, chronyd_var_log_t, chronyd_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_read_log'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read chronyd config file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_read_config'($*)) dnl
+	
+	gen_require(`
+		type chronyd_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 chronyd_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_read_config'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read and write chronyd config file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_rw_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_rw_config'($*)) dnl
+	
+	gen_require(`
+		type chronyd_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 chronyd_conf_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_rw_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write chronyd shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type chronyd_t, chronyd_tmpfs_t;
+	')
+
+	allow $1 chronyd_t:shm rw_shm_perms;
+	allow $1 chronyd_tmpfs_t:dir list_dir_perms;
+	rw_files_pattern($1, chronyd_tmpfs_t, chronyd_tmpfs_t)
+	read_lnk_files_pattern($1, chronyd_tmpfs_t, chronyd_tmpfs_t)
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_rw_shm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to chronyd using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type chronyd_t, chronyd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, chronyd_runtime_t, chronyd_runtime_t, chronyd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send to chronyd using a unix domain
+##	datagram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_dgram_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_dgram_send'($*)) dnl
+	
+	gen_require(`
+		type chronyd_t, chronyd_runtime_t;
+	')
+
+	files_search_pids($1)
+	dgram_send_pattern($1, chronyd_runtime_t, chronyd_runtime_t, chronyd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_dgram_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read chronyd key files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_read_key_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_read_key_files'($*)) dnl
+	
+	gen_require(`
+		type chronyd_keys_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, chronyd_keys_t, chronyd_keys_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_read_key_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to enable and disable chronyd unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_enabledisable',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_enabledisable'($*)) dnl
+	
+	gen_require(`
+		type chronyd_unit_t;
+		class service { enable disable };
+	')
+
+	allow $1 chronyd_unit_t:service { enable disable };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_enabledisable'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to start and stop chronyd unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_startstop',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_startstop'($*)) dnl
+	
+	gen_require(`
+		type chronyd_unit_t;
+		class service { start stop };
+	')
+
+	allow $1 chronyd_unit_t:service { start stop };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_startstop'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to get status of chronyd unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_status'($*)) dnl
+	
+	gen_require(`
+		type chronyd_unit_t;
+		class service status;
+	')
+
+	allow $1 chronyd_unit_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_status'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send to chronyd command line interface using a unix domain
+##	datagram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`chronyd_dgram_send_cli',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_dgram_send_cli'($*)) dnl
+	
+	gen_require(`
+		type chronyc_t, chronyd_runtime_t;
+	')
+
+	files_search_pids($1)
+	dgram_send_pattern($1, chronyd_runtime_t, chronyd_runtime_t, chronyc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_dgram_send_cli'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	All of the rules required to
+##	administrate an chronyd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`chronyd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `chronyd_admin'($*)) dnl
+	
+	gen_require(`
+		type chronyd_t, chronyd_var_log_t;
+		type chronyd_runtime_t, chronyd_var_lib_t;
+		type chronyd_initrc_exec_t, chronyd_keys_t;
+	')
+
+	allow $1 chronyd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, chronyd_t)
+
+	init_startstop_service($1, $2, chronyd_t, chronyd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, chronyd_keys_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, chronyd_var_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, chronyd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, chronyd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `chronyd_admin'($*)) dnl
+	')
+
+## <summary>Storage array management library.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an lsmd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lsmd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lsmd_admin'($*)) dnl
+	
+	gen_require(`
+		type lsmd_t, lsmd_runtime_t;
+	')
+
+	allow $1 lsmd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, lsmd_t)
+
+	files_search_pids($1)
+	admin_pattern($1, lsmd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lsmd_admin'($*)) dnl
+	')
+
+## <summary>SMB and CIFS client/server programs.</summary>
+
+########################################
+## <summary>
+##	Execute nmbd in the nmbd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_domtrans_nmbd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_domtrans_nmbd'($*)) dnl
+	
+	gen_require(`
+		type nmbd_t, nmbd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, nmbd_exec_t, nmbd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_domtrans_nmbd'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send generic signals to nmbd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_signal_nmbd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_signal_nmbd'($*)) dnl
+	
+	gen_require(`
+		type nmbd_t;
+	')
+	allow $1 nmbd_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_signal_nmbd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to nmbd with a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_stream_connect_nmbd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_stream_connect_nmbd'($*)) dnl
+	
+	gen_require(`
+		type samba_var_t, nmbd_t, samba_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, { samba_runtime_t samba_var_t }, samba_runtime_t, nmbd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_stream_connect_nmbd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute samba init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type samba_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, samba_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute samba net in the samba net domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_domtrans_net',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_domtrans_net'($*)) dnl
+	
+	gen_require(`
+		type samba_net_t, samba_net_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, samba_net_exec_t, samba_net_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_domtrans_net'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute samba net in the samba net
+##	domain, and allow the specified
+##	role the samba net domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samba_run_net',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_run_net'($*)) dnl
+	
+	gen_require(`
+		attribute_role samba_net_roles;
+	')
+
+	samba_domtrans_net($1)
+	roleattribute $2 samba_net_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_run_net'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute smbmount in the smbmount domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_domtrans_smbmount',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_domtrans_smbmount'($*)) dnl
+	
+	gen_require(`
+		type smbmount_t, smbmount_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, smbmount_exec_t, smbmount_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_domtrans_smbmount'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute smbmount in the smbmount
+##	domain, and allow the specified
+##	role the smbmount domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samba_run_smbmount',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_run_smbmount'($*)) dnl
+	
+	gen_require(`
+		attribute_role smbmount_roles;
+	')
+
+	samba_domtrans_smbmount($1)
+	roleattribute $2 smbmount_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_run_smbmount'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read samba configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samba_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_read_config'($*)) dnl
+	
+	gen_require(`
+		type samba_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, samba_etc_t, samba_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write samba configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samba_rw_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_rw_config'($*)) dnl
+	
+	gen_require(`
+		type samba_etc_t;
+	')
+
+	files_search_etc($1)
+	rw_files_pattern($1, samba_etc_t, samba_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_rw_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	samba configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samba_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_manage_config'($*)) dnl
+	
+	gen_require(`
+		type samba_etc_t;
+	')
+
+	files_search_etc($1)
+	manage_dirs_pattern($1, samba_etc_t, samba_etc_t)
+	manage_files_pattern($1, samba_etc_t, samba_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read samba log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samba_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_read_log'($*)) dnl
+	
+	gen_require(`
+		type samba_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 samba_log_t:dir list_dir_perms;
+	read_files_pattern($1, samba_log_t, samba_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append to samba log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samba_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_append_log'($*)) dnl
+	
+	gen_require(`
+		type samba_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 samba_log_t:dir list_dir_perms;
+	allow $1 samba_log_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute samba log files in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_exec_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_exec_log'($*)) dnl
+	
+	gen_require(`
+		type samba_log_t;
+	')
+
+	logging_search_logs($1)
+	can_exec($1, samba_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_exec_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read samba secret files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_read_secrets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_read_secrets'($*)) dnl
+	
+	gen_require(`
+		type samba_secrets_t;
+	')
+
+	files_search_etc($1)
+	allow $1 samba_secrets_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_read_secrets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read samba share files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_read_share_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_read_share_files'($*)) dnl
+	
+	gen_require(`
+		type samba_share_t;
+	')
+
+	allow $1 samba_share_t:filesystem getattr;
+	read_files_pattern($1, samba_share_t, samba_share_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_read_share_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search samba var directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_search_var',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_search_var'($*)) dnl
+	
+	gen_require(`
+		type samba_var_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 samba_var_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_search_var'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read samba var files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_read_var_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_read_var_files'($*)) dnl
+	
+	gen_require(`
+		type samba_var_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, samba_var_t, samba_var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_read_var_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write
+##	samba var files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_dontaudit_write_var_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_dontaudit_write_var_files'($*)) dnl
+	
+	gen_require(`
+		type samba_var_t;
+	')
+
+	dontaudit $1 samba_var_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_dontaudit_write_var_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write samba var files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_rw_var_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_rw_var_files'($*)) dnl
+	
+	gen_require(`
+		type samba_var_t;
+	')
+
+	files_search_var_lib($1)
+	rw_files_pattern($1, samba_var_t, samba_var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_rw_var_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	samba var files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_manage_var_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_manage_var_files'($*)) dnl
+	
+	gen_require(`
+		type samba_var_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, samba_var_t, samba_var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_manage_var_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute smbcontrol in the smbcontrol domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_domtrans_smbcontrol',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_domtrans_smbcontrol'($*)) dnl
+	
+	gen_require(`
+		type smbcontrol_t, smbcontrol_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, smbcontrol_exec_t, smbcontrol_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_domtrans_smbcontrol'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute smbcontrol in the smbcontrol
+##	domain, and allow the specified
+##	role the smbcontrol domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_run_smbcontrol',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_run_smbcontrol'($*)) dnl
+	
+	gen_require(`
+		attribute_role smbcontrol_roles;
+	')
+
+	samba_domtrans_smbcontrol($1)
+	roleattribute $2 smbcontrol_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_run_smbcontrol'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute smbd in the smbd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_domtrans_smbd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_domtrans_smbd'($*)) dnl
+	
+	gen_require(`
+		type smbd_t, smbd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, smbd_exec_t, smbd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_domtrans_smbd'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Send generic signals to smbd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_signal_smbd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_signal_smbd'($*)) dnl
+	
+	gen_require(`
+		type smbd_t;
+	')
+	allow $1 smbd_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_signal_smbd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit
+##	and use smbd file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type smbd_t;
+	')
+
+	dontaudit $1 smbd_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write smbmount tcp sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_write_smbmount_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_write_smbmount_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type smbmount_t;
+	')
+
+	allow $1 smbmount_t:tcp_socket write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_write_smbmount_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write smbmount tcp sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_rw_smbmount_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_rw_smbmount_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type smbmount_t;
+	')
+
+	allow $1 smbmount_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_rw_smbmount_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute winbind helper in the
+##	winbind helper domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_domtrans_winbind_helper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_domtrans_winbind_helper'($*)) dnl
+	
+	gen_require(`
+		type winbind_helper_t, winbind_helper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, winbind_helper_exec_t, winbind_helper_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_domtrans_winbind_helper'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Get attributes of winbind executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_getattr_winbind_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_getattr_winbind_exec'($*)) dnl
+	
+	gen_require(`
+		type winbind_exec_t;
+	')
+
+	allow $1 winbind_exec_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_getattr_winbind_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute winbind helper in the winbind
+##	helper domain, and allow the specified
+##	role the winbind helper domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samba_run_winbind_helper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_run_winbind_helper'($*)) dnl
+	
+	gen_require(`
+		attribute_role winbind_helper_roles;
+	')
+
+	samba_domtrans_winbind_helper($1)
+	roleattribute $2 winbind_helper_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_run_winbind_helper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read winbind pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_read_winbind_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_read_winbind_pid'($*)) dnl
+	
+	gen_require(`
+		type winbind_runtime_t, samba_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, { samba_runtime_t winbind_runtime_t }, winbind_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_read_winbind_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to winbind with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`samba_stream_connect_winbind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_stream_connect_winbind'($*)) dnl
+	
+	gen_require(`
+		type samba_var_t, winbind_t, winbind_runtime_t, smbd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, { smbd_runtime_t samba_var_t winbind_runtime_t }, winbind_runtime_t, winbind_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_stream_connect_winbind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an samba environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`samba_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `samba_admin'($*)) dnl
+	
+	gen_require(`
+		type nmbd_t, samba_runtime_t;
+		type smbd_t, smbd_tmp_t;
+		type samba_log_t, samba_var_t, samba_secrets_t;
+		type samba_etc_t, samba_share_t, samba_initrc_exec_t;
+		type swat_runtime_t, swat_tmp_t, winbind_log_t;
+		type winbind_runtime_t, winbind_tmp_t;
+		type smbd_keytab_t;
+	')
+
+	allow $1 { nmbd_t smbd_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { nmbd_t smbd_t })
+
+	init_startstop_service($1, $2, samba_t, samba_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { samba_etc_t smbd_keytab_t })
+
+	logging_list_logs($1)
+	admin_pattern($1, { samba_log_t winbind_log_t })
+
+	files_list_var($1)
+	admin_pattern($1, { samba_share_t samba_var_t samba_secrets_t })
+
+	files_list_spool($1)
+
+	files_list_pids($1)
+	admin_pattern($1, { winbind_runtime_t samba_runtime_t swat_runtime_t })
+
+	files_list_tmp($1)
+	admin_pattern($1, { swat_tmp_t smbd_tmp_t winbind_tmp_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `samba_admin'($*)) dnl
+	')
+
+## <summary>publicfile supplies files to the public through HTTP and FTP.</summary>
+## <summary>AMQP server written in Erlang.</summary>
+
+########################################
+## <summary>
+##	Execute rabbitmq in the rabbitmq domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`rabbitmq_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rabbitmq_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rabbitmq_epmd_t, rabbitmq_epmd_exec_t;
+		type rabbitmq_beam_t, rabbitmq_beam_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rabbitmq_epmd_exec_t, rabbitmq_epmd_t)
+	domtrans_pattern($1, rabbitmq_beam_exec_t, rabbitmq_beam_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rabbitmq_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rabbitmq environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rabbitmq_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rabbitmq_admin'($*)) dnl
+	
+	gen_require(`
+		type rabbitmq_epmd_t, rabbitmq_beam_t, rabbitmq_initrc_exec_t;
+		type rabbitmq_var_lib_t, rabbitmq_var_log_t, rabbitmq_runtime_t;
+	')
+
+	allow $1 { rabbitmq_epmd_t rabbitmq_beam_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { rabbitmq_epmd_t rabbitmq_beam_t })
+
+	init_startstop_service($1, $2, { rabbitmq_epmd_t rabbitmq_beam_t }, rabbitmq_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, rabbitmq_var_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, rabbitmq_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, rabbitmq_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rabbitmq_admin'($*)) dnl
+	')
+
+## <summary>Smokeping network latency measurement.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run smokeping.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`smokeping_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smokeping_domtrans'($*)) dnl
+	
+	gen_require(`
+		type smokeping_t, smokeping_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, smokeping_exec_t, smokeping_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smokeping_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute smokeping init scripts in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`smokeping_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smokeping_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type smokeping_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, smokeping_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smokeping_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read smokeping pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`smokeping_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smokeping_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type smokeping_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 smokeping_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smokeping_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	smokeping pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`smokeping_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smokeping_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type smokeping_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, smokeping_runtime_t, smokeping_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smokeping_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of smokeping lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`smokeping_getattr_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smokeping_getattr_lib_files'($*)) dnl
+	
+	gen_require(`
+		type smokeping_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smokeping_getattr_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read smokeping lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`smokeping_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smokeping_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type smokeping_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smokeping_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	smokeping lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`smokeping_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smokeping_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type smokeping_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smokeping_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate a smokeping environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`smokeping_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smokeping_admin'($*)) dnl
+	
+	gen_require(`
+		type smokeping_t, smokeping_initrc_exec_t, smokeping_var_lib_t;
+		type smokeping_runtime_t;
+	')
+
+	allow $1 smokeping_t:process { ptrace signal_perms };
+	ps_process_pattern($1, smokeping_t)
+
+	init_startstop_service($1, $2, smokeping_t, smokeping_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, smokeping_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, smokeping_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smokeping_admin'($*)) dnl
+	')
+
+## <summary>BIRD Internet Routing Daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an bird environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bird_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bird_admin'($*)) dnl
+	
+	gen_require(`
+		type bird_t, bird_etc_t, bird_log_t;
+		type bird_runtime_t, bird_initrc_exec_t;
+	')
+
+	allow $1 bird_t:process { ptrace signal_perms };
+	ps_process_pattern($1, bird_t)
+
+	init_startstop_service($1, $2, bird_t, bird_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, bird_etc_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, bird_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, bird_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bird_admin'($*)) dnl
+	')
+
+## <summary>mon network monitoring daemon.</summary>
+
+######################################
+## <summary>
+##      dontaudit using an inherited fd from mon_t
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to not audit
+##      </summary>
+## </param>
+#
+ 	 	define(`mon_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mon_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type mon_t;
+	')
+
+	dontaudit $1 mon_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mon_dontaudit_use_fds'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##      dontaudit searching /var/lib/mon
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to not audit
+##      </summary>
+## </param>
+#
+ 	 	define(`mon_dontaudit_search_var_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mon_dontaudit_search_var_lib'($*)) dnl
+	
+	gen_require(`
+		type mon_var_lib_t;
+	')
+
+	dontaudit $1 mon_var_lib_t:dir search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mon_dontaudit_search_var_lib'($*)) dnl
+	')
+
+
+## <summary>Platform for computing using volunteered resources.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an boinc environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`boinc_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `boinc_admin'($*)) dnl
+	
+	gen_require(`
+
+		type boinc_t, boinc_project_t, boinc_log_t;
+		type boinc_var_lib_t, boinc_tmp_t, boinc_initrc_exec_t;
+		type boinc_project_var_lib_t, boinc_project_tmp_t;
+	')
+
+	allow $1 { boinc_t boinc_project_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { boinc_t boinc_project_t })
+
+	init_startstop_service($1, $2, boinc_t, boinc_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, boinc_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, { boinc_project_tmp_t boinc_tmp_t })
+
+	files_search_var_lib($1)
+	admin_pattern($1, { boinc_project_var_lib_t boinc_var_lib_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `boinc_admin'($*)) dnl
+	')
+
+## <summary>Automatic IPv6 Connectivity Client Utility.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run aiccu.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`aiccu_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aiccu_domtrans'($*)) dnl
+	
+	gen_require(`
+		type aiccu_t, aiccu_exec_t;
+	')
+
+	domtrans_pattern($1, aiccu_exec_t, aiccu_t)
+	corecmd_search_bin($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aiccu_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute aiccu server in the aiccu domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`aiccu_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aiccu_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type aiccu_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, aiccu_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aiccu_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read aiccu PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`aiccu_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aiccu_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type aiccu_runtime_t;
+	')
+
+	allow $1 aiccu_runtime_t:file read_file_perms;
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aiccu_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an aiccu environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`aiccu_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `aiccu_admin'($*)) dnl
+	
+	gen_require(`
+		type aiccu_t, aiccu_initrc_exec_t, aiccu_etc_t;
+		type aiccu_runtime_t;
+	')
+
+	allow $1 aiccu_t:process { ptrace signal_perms };
+	ps_process_pattern($1, aiccu_t)
+
+	init_startstop_service($1, $2, aiccu_t, aiccu_initrc_exec_t)
+
+	admin_pattern($1, aiccu_etc_t)
+	files_list_etc($1)
+
+	admin_pattern($1, aiccu_runtime_t)
+	files_list_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `aiccu_admin'($*)) dnl
+	')
+
+## <summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>
+
+########################################
+## <summary>
+##	Role access for pyzor.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`pyzor_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pyzor_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role pyzor_roles;
+		type pyzor_t, pyzor_exec_t, pyzor_home_t;
+		type pyzor_tmp_t;
+	')
+
+	roleattribute $1 pyzor_roles;
+
+	domtrans_pattern($2, pyzor_exec_t, pyzor_t)
+
+	allow $2 pyzor_t:process { ptrace signal_perms };
+	ps_process_pattern($2, pyzor_t)
+
+	allow $2 { pyzor_home_t pyzor_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2  { pyzor_home_t pyzor_tmp_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 pyzor_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	userdom_user_home_dir_filetrans($2, pyzor_home_t, dir, ".pyzor")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pyzor_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to pyzor.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pyzor_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pyzor_signal'($*)) dnl
+	
+	gen_require(`
+		type pyzor_t;
+	')
+
+	allow $1 pyzor_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pyzor_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pyzor with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`pyzor_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pyzor_domtrans'($*)) dnl
+	
+	gen_require(`
+		type pyzor_exec_t, pyzor_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, pyzor_exec_t, pyzor_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pyzor_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pyzor in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pyzor_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pyzor_exec'($*)) dnl
+	
+	gen_require(`
+		type pyzor_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, pyzor_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pyzor_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an pyzor environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pyzor_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pyzor_admin'($*)) dnl
+	
+	gen_require(`
+		type pyzord_t, pyzord_initrc_exec_t, pyzord_log_t;
+		type pyzor_var_lib_t, pyzor_etc_t;
+	')
+
+	allow $1 pyzord_t:process { ptrace signal_perms };
+	ps_process_pattern($1, pyzord_t)
+
+	init_startstop_service($1, $2, pyzord_t, pyzord_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, pyzor_etc_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, pyzord_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, pyzor_var_lib_t)
+
+	# This makes it impossible to apply _admin if _role has already been applied
+	#pyzor_role($2, $1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pyzor_admin'($*)) dnl
+	')
+
+## <summary>Dynamic host configuration protocol server.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run dhcpd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dhcpd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dhcpd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_t, dhcpd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dhcpd_exec_t, dhcpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dhcpd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of dhcpd server
+##	state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dhcpd_setattr_state_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dhcpd_setattr_state_files'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_state_t;
+	')
+
+	sysnet_search_dhcp_state($1)
+	allow $1 dhcpd_state_t:file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dhcpd_setattr_state_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dhcp server in the dhcp domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`dhcpd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dhcpd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, dhcpd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dhcpd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dhcpd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dhcpd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dhcpd_admin'($*)) dnl
+	
+	gen_require(`
+		type dhcpd_t, dhcpd_tmp_t, dhcpd_state_t;
+		type dhcpd_runtime_t, dhcpd_initrc_exec_t;
+	')
+
+	allow $1 dhcpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dhcpd_t)
+
+	init_startstop_service($1, $2, dhcpd_t, dhcpd_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, dhcpd_tmp_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, dhcpd_state_t)
+
+	files_list_pids($1)
+	admin_pattern($1, dhcpd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dhcpd_admin'($*)) dnl
+	')
+
+## <summary>Services for loading CPU microcode and CPU frequency scaling.</summary>
+
+########################################
+## <summary>
+##	CPUcontrol stub interface.  No access allowed.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cpucontrol_stub',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cpucontrol_stub'($*)) dnl
+	
+	gen_require(`
+		type cpucontrol_t;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cpucontrol_stub'($*)) dnl
+	')
+
+## <summary>Network monitoring server.</summary>
+
+#######################################
+## <summary>
+##	The template to define a nagios plugin domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`nagios_plugin_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nagios_plugin_template'($*)) dnl
+	
+	gen_require(`
+		attribute nagios_plugin_domain;
+		type nagios_t, nrpe_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type nagios_$1_plugin_t, nagios_plugin_domain;
+	type nagios_$1_plugin_exec_t;
+	application_domain(nagios_$1_plugin_t, nagios_$1_plugin_exec_t)
+	role system_r types nagios_$1_plugin_t;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern(nrpe_t, nagios_$1_plugin_exec_t, nagios_$1_plugin_t)
+	allow nagios_t nagios_$1_plugin_exec_t:file ioctl;
+
+	domtrans_pattern(nagios_t, nagios_$1_plugin_exec_t, nagios_$1_plugin_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nagios_plugin_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or
+##	write nagios unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nagios_dontaudit_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nagios_dontaudit_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type nagios_t;
+	')
+
+	dontaudit $1 nagios_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nagios_dontaudit_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read nagios configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nagios_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nagios_read_config'($*)) dnl
+	
+	gen_require(`
+		type nagios_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 nagios_etc_t:dir list_dir_perms;
+	allow $1 nagios_etc_t:file read_file_perms;
+	allow $1 nagios_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nagios_read_config'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read nagios log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nagios_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nagios_read_log'($*)) dnl
+	
+	gen_require(`
+		type nagios_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, nagios_log_t, nagios_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nagios_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or
+##	write nagios log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`nagios_dontaudit_rw_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nagios_dontaudit_rw_log'($*)) dnl
+	
+	gen_require(`
+		type nagios_log_t;
+	')
+
+	dontaudit $1 nagios_log_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nagios_dontaudit_rw_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search nagios spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nagios_search_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nagios_search_spool'($*)) dnl
+	
+	gen_require(`
+		type nagios_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 nagios_spool_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nagios_search_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read nagios temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nagios_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nagios_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type nagios_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 nagios_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nagios_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute nrpe with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`nagios_domtrans_nrpe',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nagios_domtrans_nrpe'($*)) dnl
+	
+	gen_require(`
+		type nrpe_t, nrpe_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, nrpe_exec_t, nrpe_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nagios_domtrans_nrpe'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an nagios environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nagios_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nagios_admin'($*)) dnl
+	
+	gen_require(`
+		attribute nagios_plugin_domain;
+		type nagios_t, nrpe_t, nagios_initrc_exec_t;
+		type nagios_tmp_t, nagios_log_t, nagios_var_lib_t;
+		type nagios_etc_t, nrpe_etc_t, nrpe_runtime_t;
+		type nagios_spool_t, nagios_runtime_t, nagios_system_plugin_tmp_t;
+		type nagios_eventhandler_plugin_tmp_t;
+	')
+
+	allow $1 { nagios_t nrpe_t nagios_plugin_domain }:process { ptrace signal_perms };
+	ps_process_pattern($1, { nagios_t nrpe_t nagios_plugin_domain })
+
+	init_startstop_service($1, $2, nagios_t, nagios_initrc_exec_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, { nagios_eventhandler_plugin_tmp_t nagios_tmp_t nagios_system_plugin_tmp_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, nagios_log_t)
+
+	files_search_etc($1)
+	admin_pattern($1, { nrpe_etc_t nagios_etc_t })
+
+	files_search_spool($1)
+	admin_pattern($1, nagios_spool_t)
+
+	files_search_pids($1)
+	admin_pattern($1, { nrpe_runtime_t nagios_runtime_t })
+
+	files_search_var_lib($1)
+	admin_pattern($1, nagios_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nagios_admin'($*)) dnl
+	')
+
+## <summary>Kernel Samepage Merging Tuning Daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run ksmtuned.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`ksmtuned_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ksmtuned_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ksmtuned_t, ksmtuned_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ksmtuned_exec_t, ksmtuned_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ksmtuned_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ksmtuned server in
+##	the ksmtuned domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ksmtuned_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ksmtuned_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ksmtuned_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, ksmtuned_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ksmtuned_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ksmtuned environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ksmtuned_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ksmtuned_admin'($*)) dnl
+	
+	gen_require(`
+		type ksmtuned_t, ksmtuned_runtime_t;
+		type ksmtuned_initrc_exec_t, ksmtuned_log_t;
+	')
+
+	init_startstop_service($1, $2, ksmtuned_t, ksmtuned_initrc_exec_t)
+
+	allow $1 ksmtuned_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ksmtuned_t)
+
+	files_list_pids($1)
+	admin_pattern($1, ksmtuned_runtime_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, ksmtuned_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ksmtuned_admin'($*)) dnl
+	')
+
+## <summary>shared storage lock manager.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run sanlock.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`sanlock_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sanlock_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sanlock_t, sanlock_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, sanlock_exec_t, sanlock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sanlock_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute sanlock init scripts in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`sanlock_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sanlock_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sanlock_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, sanlock_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sanlock_initrc_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Create, read, write, and delete
+##	sanlock pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sanlock_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sanlock_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type sanlock_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, sanlock_runtime_t, sanlock_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sanlock_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to sanlock with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sanlock_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sanlock_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type sanlock_t, sanlock_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, sanlock_runtime_t, sanlock_runtime_t, sanlock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sanlock_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an sanlock environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sanlock_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sanlock_admin'($*)) dnl
+	
+	gen_require(`
+		type sanlock_t, sanlock_initrc_exec_t, sanlock_runtime_t;
+		type sanlock_log_t;
+	')
+
+	allow $1 sanlock_t:process { ptrace signal_perms };
+	ps_process_pattern($1, sanlock_t)
+
+	init_startstop_service($1, $2, sanlock_t, sanlock_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, sanlock_runtime_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, sanlock_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sanlock_admin'($*)) dnl
+	')
+
+## <summary>Server for the PXE network boot protocol.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an pxe environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pxe_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pxe_admin'($*)) dnl
+	
+	gen_require(`
+		type pxe_t, pxe_initrc_exec_t, pxe_log_t;
+		type pxe_runtime_t;
+	')
+
+	allow $1 pxe_t:process { ptrace signal_perms };
+	ps_process_pattern($1, pxe_t)
+
+	init_startstop_service($1, $2, pxe_t, pxe_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, pxe_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, pxe_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pxe_admin'($*)) dnl
+	')
+
+## <summary>Framework for facilitating multiple user sessions on desktops.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run consolekit.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`consolekit_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolekit_domtrans'($*)) dnl
+	
+	gen_require(`
+		type consolekit_t, consolekit_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, consolekit_exec_t, consolekit_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolekit_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	consolekit over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`consolekit_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolekit_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type consolekit_t;
+		class dbus send_msg;
+	')
+
+	allow $1 consolekit_t:dbus send_msg;
+	allow consolekit_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolekit_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use consolekit inhibit locks.
+##
+##	The program gets passed an FD to a fifo_file to hold.
+##	When the application is done with the lock, it closes the FD.
+##	Implements this API: https://www.freedesktop.org/wiki/Software/systemd/inhibit/
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`consolekit_use_inhibit_lock',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolekit_use_inhibit_lock'($*)) dnl
+	
+	gen_require(`
+		type consolekit_t, consolekit_runtime_t;
+	')
+
+	allow $1 consolekit_t:fd use;
+	allow $1 consolekit_runtime_t:fifo_file rw_inherited_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolekit_use_inhibit_lock'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read consolekit log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`consolekit_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolekit_read_log'($*)) dnl
+	
+	gen_require(`
+		type consolekit_log_t;
+	')
+
+	read_files_pattern($1, consolekit_log_t, consolekit_log_t)
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolekit_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	consolekit log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`consolekit_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolekit_manage_log'($*)) dnl
+	
+	gen_require(`
+		type consolekit_log_t;
+	')
+
+	manage_files_pattern($1, consolekit_log_t, consolekit_log_t)
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolekit_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read consolekit PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`consolekit_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `consolekit_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type consolekit_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 consolekit_runtime_t:dir list_dir_perms;
+	read_files_pattern($1, consolekit_runtime_t, consolekit_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `consolekit_read_pid_files'($*)) dnl
+	')
+
+## <summary>IP over DNS tunneling daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an iodined environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`iodine_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iodine_admin'($*)) dnl
+	
+	gen_require(`
+		type iodined_t, iodined_initrc_exec_t;
+	')
+
+	allow $1 iodined_t:process { ptrace signal_perms };
+	ps_process_pattern($1, iodined_t)
+
+	init_startstop_service($1, $2, iodined_t, iodined_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iodine_admin'($*)) dnl
+	')
+
+## <summary>Generate entropy from audio input.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an entropyd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`entropyd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `entropyd_admin'($*)) dnl
+	
+	gen_require(`
+		type entropyd_t, entropyd_initrc_exec_t, entropyd_runtime_t;
+	')
+
+	allow $1 entropyd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, entropyd_t)
+
+	init_startstop_service($1, $2, entropyd_t, entropyd_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, entropyd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `entropyd_admin'($*)) dnl
+	')
+
+## <summary>Open source database.</summary>
+
+######################################
+## <summary>
+##	Execute MySQL in the mysql domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mysqld_t, mysqld_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mysqld_exec_t, mysqld_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mysqld in the mysqld domain, and
+##	allow the specified role the mysqld domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_run_mysqld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_run_mysqld'($*)) dnl
+	
+	gen_require(`
+		attribute_role mysqld_roles;
+	')
+
+	mysql_domtrans($1)
+	roleattribute $2 mysqld_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_run_mysqld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to mysqld.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_signal'($*)) dnl
+	
+	gen_require(`
+		type mysqld_t;
+	')
+
+	allow $1 mysqld_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to mysqld with a tcp socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_tcp_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_tcp_connect'($*)) dnl
+	
+	gen_require(`
+		type mysqld_t;
+	')
+
+	corenet_tcp_recvfrom_labeled($1, mysqld_t)
+	corenet_tcp_connect_mysqld_port($1)
+	corenet_sendrecv_mysqld_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_tcp_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to mysqld with a unix
+#	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mysql_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type mysqld_t, mysqld_runtime_t, mysqld_db_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, { mysqld_db_t mysqld_runtime_t }, mysqld_runtime_t, mysqld_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read mysqld configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mysql_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_read_config'($*)) dnl
+	
+	gen_require(`
+		type mysqld_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 mysqld_etc_t:dir list_dir_perms;
+	allow $1 mysqld_etc_t:file read_file_perms;
+	allow $1 mysqld_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search mysqld db directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_search_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_search_db'($*)) dnl
+	
+	gen_require(`
+		type mysqld_db_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 mysqld_db_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_search_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write mysqld database directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_rw_db_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_rw_db_dirs'($*)) dnl
+	
+	gen_require(`
+		type mysqld_db_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 mysqld_db_t:dir rw_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_rw_db_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mysqld database directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_manage_db_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_manage_db_dirs'($*)) dnl
+	
+	gen_require(`
+		type mysqld_db_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 mysqld_db_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_manage_db_dirs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Append mysqld database files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_append_db_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_append_db_files'($*)) dnl
+	
+	gen_require(`
+		type mysqld_db_t;
+	')
+
+	files_search_var_lib($1)
+	append_files_pattern($1, mysqld_db_t, mysqld_db_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_append_db_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write mysqld database files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_rw_db_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_rw_db_files'($*)) dnl
+	
+	gen_require(`
+		type mysqld_db_t;
+	')
+
+	files_search_var_lib($1)
+	rw_files_pattern($1, mysqld_db_t, mysqld_db_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_rw_db_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	mysqld database files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_manage_db_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_manage_db_files'($*)) dnl
+	
+	gen_require(`
+		type mysqld_db_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, mysqld_db_t, mysqld_db_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_manage_db_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mysqld home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_manage_mysqld_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_manage_mysqld_home_files'($*)) dnl
+	
+	gen_require(`
+		type mysqld_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 mysqld_home_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_manage_mysqld_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel mysqld home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_relabel_mysqld_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_relabel_mysqld_home_files'($*)) dnl
+	
+	gen_require(`
+		type mysqld_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 mysqld_home_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_relabel_mysqld_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the mysqld home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_home_filetrans_mysqld_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_home_filetrans_mysqld_home'($*)) dnl
+	
+	gen_require(`
+		type mysqld_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, mysqld_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_home_filetrans_mysqld_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write mysqld log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_write_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_write_log'($*)) dnl
+	
+	gen_require(`
+		type mysqld_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 mysqld_log_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_write_log'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute mysqld safe in the
+##	mysqld safe domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_domtrans_mysql_safe',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_domtrans_mysql_safe'($*)) dnl
+	
+	gen_require(`
+		type mysqld_safe_t, mysqld_safe_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mysqld_safe_exec_t, mysqld_safe_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_domtrans_mysql_safe'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read mysqld pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type mysqld_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, mysqld_runtime_t, mysqld_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_read_pid_files'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Search mysqld pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+ 	 	define(`mysql_search_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_search_pid_files'($*)) dnl
+	
+	gen_require(`
+		type mysqld_runtime_t;
+	')
+
+	files_search_pids($1)
+	search_dirs_pattern($1, mysqld_runtime_t, mysqld_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_search_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an mysqld environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mysql_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_admin'($*)) dnl
+	
+	gen_require(`
+		type mysqld_t, mysqld_runtime_t, mysqld_etc_t;
+		type mysqld_tmp_t, mysqld_db_t, mysqld_log_t;
+		type mysqld_safe_t, mysqlmanagerd_t, mysqlmanagerd_runtime_t;
+		type mysqld_initrc_exec_t, mysqlmanagerd_initrc_exec_t, mysqld_home_t;
+	')
+
+	allow $1 { mysqld_safe_t mysqld_t mysqlmanagerd_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { mysqld_safe_t mysqld_t mysqlmanagerd_t })
+
+	init_startstop_service($1, $2, mysqld_t, mysqld_initrc_exec_t)
+	init_startstop_service($1, $2, mysqlmanagerd_t, mysqlmanagerd_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, { mysqlmanagerd_runtime_t mysqld_runtime_t })
+
+	files_search_var_lib($1)
+	admin_pattern($1, mysqld_db_t)
+
+	files_search_etc($1)
+	admin_pattern($1, { mysqld_etc_t mysqld_home_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, mysqld_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, mysqld_tmp_t)
+
+	mysql_run_mysqld($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_admin'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Set the attributes of the MySQL run directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_setattr_run_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_setattr_run_dirs'($*)) dnl
+	
+	gen_require(`
+		type mysqld_runtime_t;
+	')
+
+	setattr_dirs_pattern($1, mysqld_runtime_t, mysqld_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_setattr_run_dirs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create MySQL run directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_create_run_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_create_run_dirs'($*)) dnl
+	
+	gen_require(`
+		type mysqld_runtime_t;
+	')
+
+	create_dirs_pattern($1, mysqld_runtime_t, mysqld_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_create_run_dirs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Automatically use the MySQL run label for created resources in generic
+##	run locations. This method is deprecated in favor of the
+##	init_daemon_run_dir call.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="class">
+## 	<summary>
+##	Type of the resource created for which the automatic file transition
+##	should occur
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+## 	<summary>
+##	The name of the resource being created
+##	</summary>
+## </param>
+#
+ 	 	define(`mysql_generic_run_filetrans_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mysql_generic_run_filetrans_run'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mysql_generic_run_filetrans_run'($*)) dnl
+	')
+
+## <summary>Sensor information logging daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an sensord environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sensord_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sensord_admin'($*)) dnl
+	
+	gen_require(`
+		type sensord_t, sensord_initrc_exec_t, sensord_runtime_t;
+	')
+
+	allow $1 sensord_t:process { ptrace signal_perms };
+	ps_process_pattern($1, sensord_t)
+
+	init_startstop_service($1, $2, sensord_t, sensord_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, sensord_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sensord_admin'($*)) dnl
+	')
+
+## <summary>Unix to Unix Copy.</summary>
+
+########################################
+## <summary>
+##	Execute uucico in the uucpd_t domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`uucp_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uucp_domtrans'($*)) dnl
+	
+	gen_require(`
+		type uucpd_t, uucpd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, uucpd_exec_t, uucpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uucp_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append uucp log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uucp_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uucp_append_log'($*)) dnl
+	
+	gen_require(`
+		type uucpd_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 uucpd_log_t:dir list_dir_perms;
+	append_files_pattern($1, uucpd_log_t, uucpd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uucp_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	uucp spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`uucp_manage_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uucp_manage_spool'($*)) dnl
+	
+	gen_require(`
+		type uucpd_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_dirs_pattern($1, uucpd_spool_t, uucpd_spool_t)
+	manage_files_pattern($1, uucpd_spool_t, uucpd_spool_t)
+	manage_lnk_files_pattern($1, uucpd_spool_t, uucpd_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uucp_manage_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute uux in the uux_t domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`uucp_domtrans_uux',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uucp_domtrans_uux'($*)) dnl
+	
+	gen_require(`
+		type uux_t, uux_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, uux_exec_t, uux_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uucp_domtrans_uux'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an uucp environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`uucp_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uucp_admin'($*)) dnl
+	
+	gen_require(`
+		type uucpd_t, uucpd_tmp_t, uucpd_log_t;
+		type uucpd_spool_t, uucpd_ro_t, uucpd_rw_t;
+		type uucpd_runtime_t, uucpd_initrc_exec_t;
+	')
+
+	init_startstop_service($1, $2, uucpd_t, uucpd_initrc_exec_t)
+
+	allow $1 uucpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, uucpd_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, uucpd_log_t)
+
+	files_list_spool($1)
+	admin_pattern($1, uucpd_spool_t)
+
+	admin_pattern($1, { uucpd_rw_t uucpd_ro_t })
+
+	files_list_tmp($1)
+	admin_pattern($1, uucpd_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, uucpd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uucp_admin'($*)) dnl
+	')
+
+## <summary>Non-Uniform Memory Alignment Daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an numad environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`numad_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `numad_admin'($*)) dnl
+	
+	gen_require(`
+		type numad_t, numad_initrc_exec_t, numad_log_t;
+		type numad_runtime_t;
+	')
+
+	allow $1 numad_t:process { ptrace signal_perms };
+	ps_process_pattern($1, numad_t)
+
+	init_startstop_service($1, $2, numad_t, numad_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, numad_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, numad_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `numad_admin'($*)) dnl
+	')
+
+## <summary>OpenStack image registry and delivery service.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run glance registry.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_domtrans_registry',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_domtrans_registry'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_t, glance_registry_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, glance_registry_exec_t, glance_registry_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_domtrans_registry'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run glance api.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_domtrans_api',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_domtrans_api'($*)) dnl
+	
+	gen_require(`
+		type glance_api_t, glance_api_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, glance_api_exec_t, glance_api_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_domtrans_api'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read glance log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`glance_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_read_log'($*)) dnl
+	
+	gen_require(`
+		type glance_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, glance_log_t, glance_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append glance log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_append_log'($*)) dnl
+	
+	gen_require(`
+		type glance_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, glance_log_t, glance_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	glance log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_manage_log'($*)) dnl
+	
+	gen_require(`
+		type glance_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_dirs_pattern($1, glance_log_t, glance_log_t)
+	manage_files_pattern($1, glance_log_t, glance_log_t)
+	manage_lnk_files_pattern($1, glance_log_t, glance_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search glance lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_search_lib'($*)) dnl
+	
+	gen_require(`
+		type glance_var_lib_t;
+	')
+
+	allow $1 glance_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read glance lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type glance_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, glance_var_lib_t, glance_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	glance lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type glance_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, glance_var_lib_t, glance_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	glance lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_manage_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_manage_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type glance_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, glance_var_lib_t, glance_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_manage_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read glance pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type glance_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, glance_runtime_t, glance_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	glance pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`glance_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type glance_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, glance_runtime_t, glance_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an glance environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`glance_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glance_admin'($*)) dnl
+	
+	gen_require(`
+		type glance_registry_t, glance_api_t, glance_log_t;
+		type glance_var_lib_t, glance_runtime_t;
+		type glance_registry_initrc_exec_t, glance_api_initrc_exec_t;
+	')
+
+	allow $1 { glance_api_t glance_registry_t }:process signal_perms;
+	ps_process_pattern($1, { glance_api_t glance_registry_t })
+
+	init_startstop_service($1, $2, glance_api_t, glance_api_initrc_exec_t)
+	init_startstop_service($1, $2, glance_registry_t, glance_registry_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, glance_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, glance_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, glance_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glance_admin'($*)) dnl
+	')
+
+## <summary>Point to Point Protocol daemon creates links in ppp networks.</summary>
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	ppp home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_manage_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_manage_home_files'($*)) dnl
+	
+	gen_require(`
+		type ppp_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 ppp_home_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_manage_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ppp user home content files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_read_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_read_home_files'($*)) dnl
+	
+	gen_require(`
+		type ppp_home_t;
+
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 ppp_home_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_read_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel ppp home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_relabel_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_relabel_home_files'($*)) dnl
+	
+	gen_require(`
+		type ppp_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 ppp_home_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_relabel_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the ppp home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_home_filetrans_ppp_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_home_filetrans_ppp_home'($*)) dnl
+	
+	gen_require(`
+		type ppp_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, ppp_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_home_filetrans_ppp_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use ppp file discriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_use_fds'($*)) dnl
+	
+	gen_require(`
+		type pppd_t;
+	')
+
+	allow $1 pppd_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit
+##	and use ppp file discriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type pppd_t;
+	')
+
+	dontaudit $1 pppd_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send child terminated signals to ppp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_sigchld'($*)) dnl
+	
+	gen_require(`
+		type pppd_t;
+
+	')
+
+	allow $1 pppd_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to ppp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`ppp_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_kill'($*)) dnl
+	
+	gen_require(`
+		type pppd_t;
+	')
+
+	allow $1 pppd_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to ppp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_signal'($*)) dnl
+	
+	gen_require(`
+		type pppd_t;
+	')
+
+	allow $1 pppd_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to ppp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_signull'($*)) dnl
+	
+	gen_require(`
+		type pppd_t;
+	')
+
+	allow $1 pppd_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	 Execute pppd in the pppd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	 Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_domtrans'($*)) dnl
+	
+	gen_require(`
+		type pppd_t, pppd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, pppd_exec_t, pppd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Conditionally execute pppd on
+##	behalf of a user or staff type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	 Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ppp_run_cond',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_run_cond'($*)) dnl
+	
+	gen_require(`
+		attribute_role pppd_roles;
+	')
+
+	roleattribute $2 pppd_roles;
+
+	tunable_policy(`pppd_for_user',`
+		ppp_domtrans($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_run_cond'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconditionally execute ppp daemon
+##	on behalf of a user or staff type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	 Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ppp_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role pppd_roles;
+	')
+
+	ppp_domtrans($1)
+	roleattribute $2 pppd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	 Execute domain in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	 Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_exec'($*)) dnl
+	
+	gen_require(`
+		type pppd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, pppd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ppp configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_read_config'($*)) dnl
+	
+	gen_require(`
+		type pppd_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, pppd_etc_t, pppd_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ppp writable configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_read_rw_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_read_rw_config'($*)) dnl
+	
+	gen_require(`
+		type pppd_etc_t, pppd_etc_rw_t;
+	')
+
+	files_search_etc($1)
+	allow $1 { pppd_etc_t pppd_etc_rw_t }:dir list_dir_perms;
+	allow $1 pppd_etc_rw_t:file read_file_perms;
+	allow $1 { pppd_etc_t pppd_etc_rw_t }:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_read_rw_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ppp secret files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_read_secrets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_read_secrets'($*)) dnl
+	
+	gen_require(`
+		type pppd_etc_t, pppd_secret_t;
+	')
+
+	files_search_etc($1)
+	allow $1 pppd_etc_t:dir list_dir_perms;
+	allow $1 pppd_secret_t:file read_file_perms;
+	allow $1 pppd_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_read_secrets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ppp pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type pppd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 pppd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	ppp pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type pppd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 pppd_runtime_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified pppd pid objects
+##	with a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_pid_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_pid_filetrans'($*)) dnl
+	
+	gen_require(`
+		type pppd_runtime_t;
+	')
+
+	files_pid_filetrans($1, pppd_runtime_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_pid_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pppd init script in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ppp_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type pppd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, pppd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ppp environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ppp_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ppp_admin'($*)) dnl
+	
+	gen_require(`
+		type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
+		type pppd_etc_t, pppd_secret_t, pppd_etc_rw_t;
+		type pppd_runtime_t, pppd_initrc_exec_t;
+		type pptp_t, pptp_log_t, pptp_runtime_t;
+	')
+
+	allow $1 { pptp_t pppd_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { pptp_t pppd_t })
+
+	init_startstop_service($1, $2, pppd_t, pppd_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, pppd_tmp_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, { pptp_log_t pppd_log_t })
+
+	files_list_locks($1)
+	admin_pattern($1, pppd_lock_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { pppd_etc_rw_t pppd_secret_t pppd_etc_t })
+
+	files_list_pids($1)
+	admin_pattern($1, { pptp_runtime_t pppd_runtime_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ppp_admin'($*)) dnl
+	')
+
+## <summary>Open Certificate Authority.</summary>
+
+########################################
+## <summary>
+##	Execute the openca with
+##	a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`openca_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openca_domtrans'($*)) dnl
+	
+	gen_require(`
+		type openca_ca_t, openca_ca_exec_t, openca_usr_share_t;
+	')
+
+	files_search_usr($1)
+	allow $1 openca_usr_share_t:dir search_dir_perms;
+	domtrans_pattern($1, openca_ca_exec_t, openca_ca_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openca_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to openca.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openca_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openca_signal'($*)) dnl
+	
+	gen_require(`
+		type openca_ca_t;
+	')
+
+	allow $1 openca_ca_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openca_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send stop signals to openca.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openca_sigstop',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openca_sigstop'($*)) dnl
+	
+	gen_require(`
+		type openca_ca_t;
+	')
+
+	allow $1 openca_ca_t:process sigstop;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openca_sigstop'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to openca.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openca_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openca_kill'($*)) dnl
+	
+	gen_require(`
+		type openca_ca_t;
+	')
+
+	allow $1 openca_ca_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openca_kill'($*)) dnl
+	')
+
+## <summary>Corosync Cluster Engine.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run corosync.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`corosync_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corosync_domtrans'($*)) dnl
+	
+	gen_require(`
+		type corosync_t, corosync_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, corosync_exec_t, corosync_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corosync_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute corosync init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`corosync_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corosync_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type corosync_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, corosync_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corosync_initrc_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute corosync in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corosync_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corosync_exec'($*)) dnl
+	
+	gen_require(`
+		type corosync_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, corosync_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corosync_exec'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read corosync log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corosync_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corosync_read_log'($*)) dnl
+	
+	gen_require(`
+		type corosync_var_log_t;
+	')
+
+	logging_search_logs($1)
+	list_dirs_pattern($1, corosync_var_log_t, corosync_var_log_t)
+	read_files_pattern($1, corosync_var_log_t, corosync_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corosync_read_log'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to corosync over a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corosync_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corosync_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type corosync_t, corosync_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, corosync_runtime_t, corosync_runtime_t, corosync_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corosync_stream_connect'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read and write corosync tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`corosync_rw_tmpfs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corosync_rw_tmpfs'($*)) dnl
+	
+	gen_require(`
+		type corosync_tmpfs_t;
+	')
+
+	fs_search_tmpfs($1)
+	rw_files_pattern($1, corosync_tmpfs_t, corosync_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corosync_rw_tmpfs'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	All of the rules required to
+##	administrate an corosync environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`corosync_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `corosync_admin'($*)) dnl
+	
+	gen_require(`
+		type corosync_t, corosync_var_lib_t, corosync_var_log_t;
+		type corosync_runtime_t, corosync_tmp_t, corosync_tmpfs_t;
+		type corosync_initrc_exec_t;
+	')
+
+	allow $1 corosync_t:process { ptrace signal_perms };
+	ps_process_pattern($1, corosync_t)
+
+	init_startstop_service($1, $2, corosync_t, corosync_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, corosync_tmp_t)
+
+	admin_pattern($1, corosync_tmpfs_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, corosync_var_lib_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, corosync_var_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, corosync_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `corosync_admin'($*)) dnl
+	')
+
+## <summary>Andrew Filesystem server.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run the
+##	afs client.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`afs_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `afs_domtrans'($*)) dnl
+	
+	gen_require(`
+		type afs_t, afs_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, afs_exec_t, afs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `afs_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write afs client UDP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`afs_rw_udp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `afs_rw_udp_sockets'($*)) dnl
+	
+	gen_require(`
+		type afs_t;
+	')
+
+	allow $1 afs_t:udp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `afs_rw_udp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write afs cache files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`afs_rw_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `afs_rw_cache'($*)) dnl
+	
+	gen_require(`
+		type afs_cache_t;
+	')
+
+	files_search_var($1)
+	allow $1 afs_cache_t:file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `afs_rw_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute afs server in the afs domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`afs_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `afs_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type afs_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, afs_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `afs_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an afs environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`afs_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `afs_admin'($*)) dnl
+	
+	gen_require(`
+		attribute afs_domain;
+		type afs_initrc_exec_t, afs_dbdir_t, afs_pt_db_t;
+		type afs_ka_db_t, afs_vl_db_t, afs_config_t;
+		type afs_logfile_t, afs_cache_t, afs_files_t;
+	')
+
+	allow $1 afs_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, afs_domain)
+
+	init_startstop_service($1, $2, afs_domain, afs_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, afs_config_t)
+
+	files_search_var($1)
+	admin_pattern($1, afs_cache_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, { afs_dbdir_t afs_pt_db_t afs_ka_db_t })
+	admin_pattern($1, afs_vl_db_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, afs_logfile_t)
+
+	admin_pattern($1, afs_files_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `afs_admin'($*)) dnl
+	')
+
+## <summary>Prelude hybrid intrusion detection system.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run prelude.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelude_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelude_domtrans'($*)) dnl
+	
+	gen_require(`
+		type prelude_t, prelude_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, prelude_exec_t, prelude_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelude_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run prelude audisp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelude_domtrans_audisp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelude_domtrans_audisp'($*)) dnl
+	
+	gen_require(`
+		type prelude_audisp_t, prelude_audisp_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, prelude_audisp_exec_t, prelude_audisp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelude_domtrans_audisp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to prelude audisp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelude_signal_audisp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelude_signal_audisp'($*)) dnl
+	
+	gen_require(`
+		type prelude_audisp_t;
+	')
+
+	allow $1 prelude_audisp_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelude_signal_audisp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read prelude spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelude_read_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelude_read_spool'($*)) dnl
+	
+	gen_require(`
+		type prelude_spool_t;
+	')
+
+	files_search_spool($1)
+	read_files_pattern($1, prelude_spool_t, prelude_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelude_read_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	prelude manager spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`prelude_manage_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelude_manage_spool'($*)) dnl
+	
+	gen_require(`
+		type prelude_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_dirs_pattern($1, prelude_spool_t, prelude_spool_t)
+	manage_files_pattern($1, prelude_spool_t, prelude_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelude_manage_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an prelude environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`prelude_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `prelude_admin'($*)) dnl
+	
+	gen_require(`
+		type prelude_t, prelude_spool_t, prelude_lml_runtime_t;
+		type prelude_runtime_t, prelude_var_lib_t, prelude_log_t;
+		type prelude_audisp_t, prelude_audisp_runtime_t;
+		type prelude_initrc_exec_t, prelude_lml_t, prelude_lml_tmp_t;
+		type prelude_correlator_t;
+	')
+
+	allow $1 { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t })
+
+	init_startstop_service($1, $2, prelude_t, prelude_initrc_exec_t)
+
+	files_search_spool($1)
+	admin_pattern($1, prelude_spool_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, prelude_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, prelude_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, { prelude_audisp_runtime_t prelude_runtime_t prelude_lml_runtime_t })
+
+	files_search_tmp($1)
+	admin_pattern($1, prelude_lml_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `prelude_admin'($*)) dnl
+	')
+
+## <summary>A distributed, collaborative, spam detection and filtering network.</summary>
+
+#######################################
+## <summary>
+##	The template to define a razor domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`razor_common_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `razor_common_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute razor_domain;
+		type razor_exec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_t, razor_domain;
+	domain_type($1_t)
+	domain_entry_file($1_t, razor_exec_t)
+
+	########################################
+	#
+	# Declarations
+	#
+
+	auth_use_nsswitch($1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `razor_common_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for razor.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`razor_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `razor_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role razor_roles;
+		type razor_t, razor_exec_t, razor_home_t;
+		type razor_tmp_t;
+	')
+
+	roleattribute $1 razor_roles;
+
+	domtrans_pattern($2, razor_exec_t, razor_t)
+
+	ps_process_pattern($2, razor_t)
+	allow $2 razor_t:process signal;
+
+	allow $2 { razor_home_t razor_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { razor_home_t razor_tmp_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 razor_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	userdom_user_home_dir_filetrans($2, razor_home_t, dir, ".razor")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `razor_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute razor in the system razor domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`razor_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `razor_domtrans'($*)) dnl
+	
+	gen_require(`
+		type system_razor_t, razor_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, razor_exec_t, system_razor_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `razor_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	razor home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`razor_manage_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `razor_manage_home_content'($*)) dnl
+	
+	gen_require(`
+		type razor_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 razor_home_t:dir manage_dir_perms;
+	allow $1 razor_home_t:file manage_file_perms;
+	allow $1 razor_home_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `razor_manage_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read razor lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`razor_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `razor_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type razor_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `razor_read_lib_files'($*)) dnl
+	')
+
+## <summary>High-Throughput Computing System.</summary>
+
+#######################################
+## <summary>
+##	The template to define a condor domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`condor_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `condor_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute condor_domain;
+		type condor_master_t;
+	')
+
+	#############################
+	#
+	# Declarations
+	#
+
+	type condor_$1_t, condor_domain;
+	type condor_$1_exec_t;
+	domain_type(condor_$1_t)
+	domain_entry_file(condor_$1_t, condor_$1_exec_t)
+	role system_r types condor_$1_t;
+
+	#############################
+	#
+	# Policy
+	#
+
+	domtrans_pattern(condor_master_t, condor_$1_exec_t, condor_$1_t)
+	allow condor_master_t condor_$1_exec_t:file ioctl;
+
+	auth_use_nsswitch(condor_$1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `condor_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an condor environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`condor_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `condor_admin'($*)) dnl
+	
+	gen_require(`
+		attribute condor_domain;
+		type condor_initrc_exec_t, condor_log_t;
+		type condor_var_lib_t, condor_var_lock_t, condor_schedd_tmp_t;
+		type condor_runtime_t, condor_startd_tmp_t, condor_conf_t;
+	')
+
+	allow $1 condor_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, condor_domain)
+
+	init_startstop_service($1, $2, condor_domain, condor_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, condor_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, condor_log_t)
+
+	files_search_locks($1)
+	admin_pattern($1, condor_var_lock_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, condor_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, condor_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, { condor_schedd_tmp_t condor_startd_tmp_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `condor_admin'($*)) dnl
+	')
+
+## <summary>Secure shell client and server policy.</summary>
+
+#######################################
+## <summary>
+##	Basic SSH client template.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domains which are used
+##	for ssh client sessions.  A derived
+##	type is also created to protect the user ssh keys.
+##	</p>
+##	<p>
+##	This template was added for NX.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the domain.
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_basic_client_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_basic_client_template'($*)) dnl
+	
+
+	gen_require(`
+		attribute ssh_server;
+		type ssh_exec_t, sshd_key_t, sshd_tmp_t;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	type $1_ssh_t;
+	application_domain($1_ssh_t, ssh_exec_t)
+	role $3 types $1_ssh_t;
+
+	type $1_ssh_home_t;
+	files_type($1_ssh_home_t)
+
+	##############################
+	#
+	# Client local policy
+	#
+
+	allow $1_ssh_t self:capability { dac_override dac_read_search setgid setuid };
+	allow $1_ssh_t self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit };
+	allow $1_ssh_t self:fd use;
+	allow $1_ssh_t self:fifo_file rw_fifo_file_perms;
+	allow $1_ssh_t self:unix_dgram_socket { create_socket_perms sendto };
+	allow $1_ssh_t self:unix_stream_socket { create_stream_socket_perms connectto };
+	allow $1_ssh_t self:shm create_shm_perms;
+	allow $1_ssh_t self:sem create_sem_perms;
+	allow $1_ssh_t self:msgq create_msgq_perms;
+	allow $1_ssh_t self:msg { send receive };
+	allow $1_ssh_t self:tcp_socket create_stream_socket_perms;
+
+	# for rsync
+	allow $1_ssh_t $2:unix_stream_socket rw_socket_perms;
+	allow $1_ssh_t $2:unix_stream_socket connectto;
+
+	# Read the ssh key file.
+	allow $1_ssh_t sshd_key_t:file read_file_perms;
+
+	# Access the ssh temporary files.
+	allow $1_ssh_t sshd_tmp_t:dir manage_dir_perms;
+	allow $1_ssh_t sshd_tmp_t:file manage_file_perms;
+	files_tmp_filetrans($1_ssh_t, sshd_tmp_t, { file dir })
+
+	# Transition from the domain to the derived domain.
+	domtrans_pattern($2, ssh_exec_t, $1_ssh_t)
+
+	# inheriting stream sockets is needed for "ssh host command" as no pty
+	# is allocated
+	# cjp: should probably fix target to be an attribute for ssh servers
+	# or "regular" (not special like sshd_extern_t) servers
+	allow $2 ssh_server:unix_stream_socket rw_stream_socket_perms;
+
+	# allow ps to show ssh
+	ps_process_pattern($2, $1_ssh_t)
+
+	# user can manage the keys and config
+	manage_files_pattern($2, $1_ssh_home_t, $1_ssh_home_t)
+	manage_lnk_files_pattern($2, $1_ssh_home_t, $1_ssh_home_t)
+	manage_sock_files_pattern($2, $1_ssh_home_t, $1_ssh_home_t)
+
+	# ssh client can manage the keys and config
+	manage_files_pattern($1_ssh_t, $1_ssh_home_t, $1_ssh_home_t)
+	read_lnk_files_pattern($1_ssh_t, $1_ssh_home_t, $1_ssh_home_t)
+
+	# ssh servers can read the user keys and config
+	allow ssh_server $1_ssh_home_t:dir list_dir_perms;
+	read_files_pattern(ssh_server, $1_ssh_home_t, $1_ssh_home_t)
+	read_lnk_files_pattern(ssh_server, $1_ssh_home_t, $1_ssh_home_t)
+
+	kernel_read_kernel_sysctls($1_ssh_t)
+	kernel_read_system_state($1_ssh_t)
+
+	corenet_all_recvfrom_unlabeled($1_ssh_t)
+	corenet_all_recvfrom_netlabel($1_ssh_t)
+	corenet_tcp_sendrecv_generic_if($1_ssh_t)
+	corenet_tcp_sendrecv_generic_node($1_ssh_t)
+	corenet_tcp_connect_ssh_port($1_ssh_t)
+	corenet_sendrecv_ssh_client_packets($1_ssh_t)
+
+	dev_read_urand($1_ssh_t)
+
+	fs_getattr_all_fs($1_ssh_t)
+	fs_search_auto_mountpoints($1_ssh_t)
+
+	# run helper programs - needed eg for x11-ssh-askpass
+	corecmd_exec_shell($1_ssh_t)
+	corecmd_exec_bin($1_ssh_t)
+
+	domain_use_interactive_fds($1_ssh_t)
+
+	files_list_home($1_ssh_t)
+	files_read_usr_files($1_ssh_t)
+	files_read_etc_runtime_files($1_ssh_t)
+	files_read_etc_files($1_ssh_t)
+	files_read_var_files($1_ssh_t)
+
+	auth_use_nsswitch($1_ssh_t)
+
+	logging_send_syslog_msg($1_ssh_t)
+	logging_read_generic_logs($1_ssh_t)
+
+	miscfiles_read_localization($1_ssh_t)
+
+	seutil_read_config($1_ssh_t)
+
+	optional_policy(`
+		kerberos_use($1_ssh_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_basic_client_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template to define a ssh server.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a domains to be used for
+##	creating a ssh server.  This is typically done
+##	to have multiple ssh servers of different sensitivities,
+##	such as for an internal network-facing ssh server, and
+##	a external network-facing ssh server.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the server domain (e.g., sshd
+##	is the prefix for sshd_t).
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_server_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_server_template'($*)) dnl
+	
+	gen_require(`
+		type sshd_exec_t, sshd_key_t;
+	')
+	type $1_t, ssh_server;
+	auth_login_pgm_domain($1_t)
+
+	type $1_devpts_t;
+	term_login_pty($1_devpts_t)
+
+	type $1_runtime_t alias $1_var_run_t;
+	files_pid_file($1_runtime_t)
+
+	type $1_tmpfs_t;
+	files_tmpfs_file($1_tmpfs_t)
+
+	allow $1_t self:capability { chown dac_read_search fowner fsetid kill setgid setuid sys_chroot sys_nice sys_resource sys_tty_config };
+	# net_admin is for SO_SNDBUFFORCE
+	dontaudit $1_t self:capability net_admin;
+	allow $1_t self:fifo_file rw_fifo_file_perms;
+	allow $1_t self:process { signal getsched setsched setrlimit setexec setkeycreate };
+	allow $1_t self:tcp_socket create_stream_socket_perms;
+	allow $1_t self:udp_socket create_socket_perms;
+	# ssh agent connections:
+	allow $1_t self:unix_stream_socket create_stream_socket_perms;
+	allow $1_t self:shm create_shm_perms;
+
+	allow $1_t $1_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
+	term_create_pty($1_t, $1_devpts_t)
+
+	manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
+	fs_tmpfs_filetrans($1_t, $1_tmpfs_t, file)
+
+	allow $1_t $1_runtime_t:dir search_dir_perms;
+	allow $1_t $1_runtime_t:file manage_file_perms;
+	files_pid_filetrans($1_t, $1_runtime_t, file)
+
+	can_exec($1_t, sshd_exec_t)
+
+	# Access key files
+	allow $1_t sshd_key_t:file read_file_perms;
+
+	kernel_read_kernel_sysctls($1_t)
+	kernel_read_network_state($1_t)
+
+	corenet_all_recvfrom_unlabeled($1_t)
+	corenet_all_recvfrom_netlabel($1_t)
+	corenet_tcp_sendrecv_generic_if($1_t)
+	corenet_udp_sendrecv_generic_if($1_t)
+	corenet_raw_sendrecv_generic_if($1_t)
+	corenet_tcp_sendrecv_generic_node($1_t)
+	corenet_udp_sendrecv_generic_node($1_t)
+	corenet_raw_sendrecv_generic_node($1_t)
+	corenet_tcp_bind_generic_node($1_t)
+	corenet_udp_bind_generic_node($1_t)
+	corenet_tcp_bind_ssh_port($1_t)
+	corenet_tcp_connect_all_ports($1_t)
+	corenet_sendrecv_ssh_server_packets($1_t)
+
+	fs_dontaudit_getattr_all_fs($1_t)
+
+	auth_rw_login_records($1_t)
+	auth_rw_faillog($1_t)
+
+	# for sshd subsystems, such as sftp-server.
+	corecmd_getattr_bin_files($1_t)
+
+	domain_interactive_fd($1_t)
+
+	files_read_etc_files($1_t)
+	files_read_etc_runtime_files($1_t)
+	files_read_usr_files($1_t)
+
+	logging_search_logs($1_t)
+
+	miscfiles_read_localization($1_t)
+
+	userdom_create_all_users_keys($1_t)
+	userdom_dontaudit_relabelfrom_user_ptys($1_t)
+	userdom_search_user_home_dirs($1_t)
+
+	# Allow checking users mail at login
+	optional_policy(`
+		mta_getattr_spool($1_t)
+	')
+
+	tunable_policy(`use_nfs_home_dirs',`
+		fs_read_nfs_files($1_t)
+		fs_read_nfs_symlinks($1_t)
+	')
+
+	tunable_policy(`use_samba_home_dirs',`
+		fs_read_cifs_files($1_t)
+	')
+
+	optional_policy(`
+		kerberos_use($1_t)
+		kerberos_manage_host_rcache($1_t)
+	')
+
+	optional_policy(`
+		files_read_var_lib_symlinks($1_t)
+		nx_spec_domtrans_server($1_t)
+	')
+
+	optional_policy(`
+		systemd_read_logind_sessions_files($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_server_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for ssh
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute ssh_server, ssh_agent_type;
+
+		type ssh_t, ssh_exec_t, ssh_home_t, ssh_agent_exec_t;
+		type ssh_agent_tmp_t;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	role $2 types ssh_t;
+
+	type $1_ssh_agent_t, ssh_agent_type;
+	userdom_user_application_domain($1_ssh_agent_t, ssh_agent_exec_t)
+	domain_interactive_fd($1_ssh_agent_t)
+	role $2 types $1_ssh_agent_t;
+
+	##############################
+	#
+	# Local policy
+	#
+
+	# Transition from the domain to the derived domain.
+	domtrans_pattern($3, ssh_exec_t, ssh_t)
+
+	# inheriting stream sockets is needed for "ssh host command" as no pty
+	# is allocated
+	allow $3 ssh_server:unix_stream_socket rw_stream_socket_perms;
+
+	# allow ps to show ssh
+	ps_process_pattern($3, ssh_t)
+	allow $3 ssh_t:process signal;
+
+	# for rsync
+	allow ssh_t $3:unix_stream_socket rw_socket_perms;
+	allow ssh_t $3:unix_stream_socket connectto;
+	allow ssh_t $3:key manage_key_perms;
+
+	# user can manage the keys and config
+	manage_files_pattern($3, ssh_home_t, ssh_home_t)
+	manage_lnk_files_pattern($3, ssh_home_t, ssh_home_t)
+	manage_sock_files_pattern($3, ssh_home_t, ssh_home_t)
+	userdom_search_user_home_dirs($1_t)
+
+	##############################
+	#
+	# SSH agent local policy
+	#
+
+	allow $1_ssh_agent_t self:process { setrlimit signal };
+	allow $1_ssh_agent_t self:capability setgid;
+	allow $1_ssh_agent_t self:fifo_file rw_file_perms;
+
+	allow $1_ssh_agent_t { $1_ssh_agent_t $3 }:process signull;
+
+	allow $1_ssh_agent_t self:unix_stream_socket { create_stream_socket_perms connectto };
+
+	manage_dirs_pattern($1_ssh_agent_t, ssh_agent_tmp_t, ssh_agent_tmp_t)
+	manage_sock_files_pattern($1_ssh_agent_t, ssh_agent_tmp_t, ssh_agent_tmp_t)
+	files_tmp_filetrans($1_ssh_agent_t, ssh_agent_tmp_t, { dir sock_file })
+
+	# for ssh-add
+	stream_connect_pattern($3, ssh_agent_tmp_t, ssh_agent_tmp_t, $1_ssh_agent_t)
+
+	# Allow the user shell to signal the ssh program.
+	allow $3 $1_ssh_agent_t:process signal;
+
+	# allow ps to show ssh
+	ps_process_pattern($3, $1_ssh_agent_t)
+
+	domtrans_pattern($3, ssh_agent_exec_t, $1_ssh_agent_t)
+
+	kernel_read_kernel_sysctls($1_ssh_agent_t)
+
+	dev_read_urand($1_ssh_agent_t)
+	dev_read_rand($1_ssh_agent_t)
+
+	fs_search_auto_mountpoints($1_ssh_agent_t)
+
+	# transition back to normal privs upon exec
+	corecmd_shell_domtrans($1_ssh_agent_t, $3)
+	corecmd_bin_domtrans($1_ssh_agent_t, $3)
+
+	domain_use_interactive_fds($1_ssh_agent_t)
+
+	files_read_etc_files($1_ssh_agent_t)
+	files_read_etc_runtime_files($1_ssh_agent_t)
+	files_search_home($1_ssh_agent_t)
+
+	libs_read_lib_files($1_ssh_agent_t)
+
+	logging_send_syslog_msg($1_ssh_agent_t)
+
+	miscfiles_read_localization($1_ssh_agent_t)
+	miscfiles_read_generic_certs($1_ssh_agent_t)
+
+	seutil_dontaudit_read_config($1_ssh_agent_t)
+
+	# Write to the user domain tty.
+	userdom_use_user_terminals($1_ssh_agent_t)
+
+	# for the transition back to normal privs upon exec
+	userdom_search_user_home_content($1_ssh_agent_t)
+	userdom_user_home_domtrans($1_ssh_agent_t, $3)
+	allow $3 $1_ssh_agent_t:fd use;
+	allow $3 $1_ssh_agent_t:fifo_file rw_file_perms;
+	allow $3 $1_ssh_agent_t:process sigchld;
+
+	tunable_policy(`use_nfs_home_dirs',`
+		fs_manage_nfs_files($1_ssh_agent_t)
+
+		# transition back to normal privs upon exec
+		fs_nfs_domtrans($1_ssh_agent_t, $3)
+	')
+
+	tunable_policy(`use_samba_home_dirs',`
+		fs_manage_cifs_files($1_ssh_agent_t)
+
+		# transition back to normal privs upon exec
+		fs_cifs_domtrans($1_ssh_agent_t, $3)
+	')
+
+	optional_policy(`
+		nis_use_ypbind($1_ssh_agent_t)
+	')
+
+	optional_policy(`
+		tunable_policy(`ssh_use_gpg_agent',`
+			# for ssh-add
+			gpg_stream_connect_agent($3)
+		')
+	')
+
+	optional_policy(`
+		xserver_use_xdm_fds($1_ssh_agent_t)
+		xserver_rw_xdm_pipes($1_ssh_agent_t)
+		xserver_sigchld_xdm($1_ssh_agent_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGCHLD signal to the ssh server.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_sigchld'($*)) dnl
+	
+	gen_require(`
+		type sshd_t;
+	')
+
+	allow $1 sshd_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a generic signal to the ssh server.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_signal'($*)) dnl
+	
+	gen_require(`
+		type sshd_t;
+	')
+
+	allow $1 sshd_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a null signal to sshd processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_signull'($*)) dnl
+	
+	gen_require(`
+		type sshd_t;
+	')
+
+	allow $1 sshd_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read a ssh server unnamed pipe.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_read_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_read_pipes'($*)) dnl
+	
+	gen_require(`
+		type sshd_t;
+	')
+
+	allow $1 sshd_t:fifo_file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_read_pipes'($*)) dnl
+	')
+
+########################################
+## <summary>
+##	Read and write a ssh server unnamed pipe.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type sshd_t;
+	')
+
+	allow $1 sshd_t:fifo_file { write read getattr ioctl };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write ssh server unix domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type sshd_t;
+	')
+
+	allow $1 sshd_t:unix_stream_socket rw_stream_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write ssh server TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type sshd_t;
+	')
+
+	allow $1 sshd_t:tcp_socket rw_stream_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	ssh server TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_dontaudit_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_dontaudit_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type sshd_t;
+	')
+
+	dontaudit $1 sshd_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_dontaudit_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the ssh daemon in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_exec_sshd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_exec_sshd'($*)) dnl
+	
+	gen_require(`
+		type sshd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, sshd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_exec_sshd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the ssh daemon sshd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sshd_t, sshd_exec_t;
+	')
+
+	domtrans_pattern($1, sshd_exec_t, sshd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the ssh client in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_exec'($*)) dnl
+	
+	gen_require(`
+		type ssh_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, ssh_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of sshd key files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_setattr_key_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_setattr_key_files'($*)) dnl
+	
+	gen_require(`
+		type sshd_key_t;
+	')
+
+	allow $1 sshd_key_t:file setattr;
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_setattr_key_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the ssh agent client in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_agent_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_agent_exec'($*)) dnl
+	
+	gen_require(`
+		type ssh_agent_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, ssh_agent_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_agent_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ssh home directory content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_read_user_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_read_user_home_files'($*)) dnl
+	
+	gen_require(`
+		type ssh_home_t;
+	')
+
+	allow $1 ssh_home_t:dir list_dir_perms;
+	read_files_pattern($1, ssh_home_t, ssh_home_t)
+	read_lnk_files_pattern($1, ssh_home_t, ssh_home_t)
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_read_user_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the ssh key generator in the ssh keygen domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_domtrans_keygen',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_domtrans_keygen'($*)) dnl
+	
+	gen_require(`
+		type ssh_keygen_t, ssh_keygen_exec_t;
+	')
+
+	domtrans_pattern($1, ssh_keygen_exec_t, ssh_keygen_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_domtrans_keygen'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ssh server keys
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_dontaudit_read_server_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_dontaudit_read_server_keys'($*)) dnl
+	
+	gen_require(`
+		type sshd_key_t;
+	')
+
+	dontaudit $1 sshd_key_t:file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_dontaudit_read_server_keys'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Manage ssh home directory content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_manage_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_manage_home_files'($*)) dnl
+	
+	gen_require(`
+		type ssh_home_t;
+	')
+
+	manage_files_pattern($1, ssh_home_t, ssh_home_t)
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_manage_home_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Delete from the ssh temp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ssh_delete_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ssh_delete_tmp'($*)) dnl
+	
+	gen_require(`
+		type sshd_tmp_t;
+	')
+
+	files_search_tmp($1)
+	delete_files_pattern($1, sshd_tmp_t, sshd_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ssh_delete_tmp'($*)) dnl
+	')
+
+## <summary>Milter mail filters.</summary>
+
+#######################################
+## <summary>
+##	The template to define a milter domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`milter_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `milter_template'($*)) dnl
+	
+	gen_require(`
+		attribute milter_data_type, milter_domains;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_milter_t, milter_domains;
+	type $1_milter_exec_t;
+	init_daemon_domain($1_milter_t, $1_milter_exec_t)
+
+	type $1_milter_data_t, milter_data_type;
+	files_pid_file($1_milter_data_t)
+
+	########################################
+	#
+	# Policy
+	#
+
+	manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
+	manage_sock_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
+
+	auth_use_nsswitch($1_milter_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `milter_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	connect to all milter domains using
+##	a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`milter_stream_connect_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `milter_stream_connect_all'($*)) dnl
+	
+	gen_require(`
+		attribute milter_data_type, milter_domains;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, milter_data_type, milter_data_type, milter_domains)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `milter_stream_connect_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of all  milter sock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`milter_getattr_all_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `milter_getattr_all_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute milter_data_type;
+	')
+
+	getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `milter_getattr_all_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	spamassissin milter data content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`milter_manage_spamass_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `milter_manage_spamass_state'($*)) dnl
+	
+	gen_require(`
+		type spamass_milter_state_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
+	manage_dirs_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
+	manage_lnk_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `milter_manage_spamass_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the spamassissin milter data dir.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`milter_getattr_data_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `milter_getattr_data_dir'($*)) dnl
+	
+	gen_require(`
+		type spamass_milter_data_t;
+	')
+
+	allow $1 spamass_milter_data_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `milter_getattr_data_dir'($*)) dnl
+	')
+
+## <summary>PostgreSQL relational database</summary>
+
+#######################################
+## <summary>
+##	Role access for SE-PostgreSQL.
+## </summary>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+## 	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_role'($*)) dnl
+	
+	gen_require(`
+		class db_database all_db_database_perms;
+		class db_schema all_db_schema_perms;
+		class db_table all_db_table_perms;
+		class db_sequence all_db_sequence_perms;
+		class db_view all_db_view_perms;
+		class db_procedure all_db_procedure_perms;
+		class db_language all_db_language_perms;
+		class db_column all_db_column_perms;
+		class db_tuple all_db_tuple_perms;
+		class db_blob all_db_blob_perms;
+
+		attribute sepgsql_client_type, sepgsql_database_type;
+		attribute sepgsql_schema_type, sepgsql_sysobj_table_type;
+
+		type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;
+		type sepgsql_ranged_proc_exec_t, sepgsql_ranged_proc_t;
+		type user_sepgsql_blob_t, user_sepgsql_proc_exec_t;
+		type user_sepgsql_schema_t, user_sepgsql_seq_t;
+		type user_sepgsql_sysobj_t, user_sepgsql_table_t;
+		type user_sepgsql_view_t;
+		type sepgsql_temp_object_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	typeattribute $2 sepgsql_client_type;
+	role $1 types sepgsql_trusted_proc_t;
+	role $1 types sepgsql_ranged_proc_t;
+
+	##############################
+	#
+	# Client local policy
+	#
+
+	tunable_policy(`sepgsql_enable_users_ddl',`
+		allow $2 user_sepgsql_schema_t:db_schema { create drop setattr };
+		allow $2 user_sepgsql_table_t:db_table { create drop setattr };
+		allow $2 user_sepgsql_table_t:db_column { create drop setattr };
+		allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
+		allow $2 user_sepgsql_seq_t:db_sequence { create drop setattr set_value };
+		allow $2 user_sepgsql_view_t:db_view { create drop setattr };
+		allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
+	')
+
+	allow $2 user_sepgsql_schema_t:db_schema { getattr search add_name remove_name };
+	type_transition $2 sepgsql_database_type:db_schema user_sepgsql_schema_t;
+	type_transition $2 sepgsql_database_type:db_schema sepgsql_temp_object_t "pg_temp";
+
+	allow $2 user_sepgsql_table_t:db_table	{ getattr select update insert delete lock };
+	allow $2 user_sepgsql_table_t:db_column { getattr select update insert };
+	allow $2 user_sepgsql_table_t:db_tuple	{ select update insert delete };
+	type_transition $2 sepgsql_schema_type:db_table user_sepgsql_table_t;
+
+	allow $2 user_sepgsql_sysobj_t:db_tuple	{ use select };
+	type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;
+
+	allow $2 user_sepgsql_seq_t:db_sequence { getattr get_value next_value };
+	type_transition $2 sepgsql_schema_type:db_sequence user_sepgsql_seq_t;
+
+	allow $2 user_sepgsql_view_t:db_view { getattr expand };
+	type_transition $2 sepgsql_schema_type:db_view user_sepgsql_view_t;
+
+	allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };
+	type_transition $2 sepgsql_schema_type:db_procedure user_sepgsql_proc_exec_t;
+
+	allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
+	type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;
+
+	allow $2 sepgsql_ranged_proc_t:process transition;
+	type_transition $2 sepgsql_ranged_proc_exec_t:process sepgsql_ranged_proc_t;
+	allow sepgsql_ranged_proc_t $2:process dyntransition;
+
+	allow $2 sepgsql_trusted_proc_t:process transition;
+	type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL loadable shared library module
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a database object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_loadable_module',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_loadable_module'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_module_type;
+	')
+
+	typeattribute $1 sepgsql_module_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_loadable_module'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL database object type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a database object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_database_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_database_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_database_type;
+	')
+
+	typeattribute $1 sepgsql_database_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_database_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL schema object type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a schema object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_schema_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_schema_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_schema_type;
+	')
+
+	typeattribute $1 sepgsql_schema_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_schema_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL table/column/tuple object type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a table/column/tuple object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_table_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_table_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_table_type;
+	')
+
+	typeattribute $1 sepgsql_table_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_table_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL system table/column/tuple object type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a table/column/tuple object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_system_table_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_system_table_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_table_type, sepgsql_sysobj_table_type;
+	')
+
+	typeattribute $1 sepgsql_table_type;
+	typeattribute $1 sepgsql_sysobj_table_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_system_table_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL sequence type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a sequence type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_sequence_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_sequence_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_sequence_type;
+	')
+
+	typeattribute $1 sepgsql_sequence_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_sequence_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL view object type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a view object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_view_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_view_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_view_type;
+	')
+
+	typeattribute $1 sepgsql_view_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_view_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL procedure object type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a procedure object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_procedure_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_procedure_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_procedure_type;
+	')
+
+	typeattribute $1 sepgsql_procedure_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_procedure_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL trusted procedure object type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a trusted procedure object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_trusted_procedure_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_trusted_procedure_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_procedure_type;
+		attribute sepgsql_trusted_procedure_type;
+	')
+
+	typeattribute $1 sepgsql_procedure_type;
+	typeattribute $1 sepgsql_trusted_procedure_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_trusted_procedure_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL procedural language object type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a procedural language object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_language_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_language_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_language_type;
+	')
+
+	typeattribute $1 sepgsql_language_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_language_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Marks as a SE-PostgreSQL binary large object type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type marked as a database binary large object type.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_blob_object',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_blob_object'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_blob_type;
+	')
+
+	typeattribute $1 sepgsql_blob_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_blob_object'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to search postgresql's database directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_search_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_search_db'($*)) dnl
+	
+	gen_require(`
+		type postgresql_db_t;
+	')
+
+	allow $1 postgresql_db_t:dir search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_search_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to manage postgresql's database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+ 	 	define(`postgresql_manage_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_manage_db'($*)) dnl
+	
+	gen_require(`
+		type postgresql_db_t;
+	')
+
+	allow $1 postgresql_db_t:dir rw_dir_perms;
+	allow $1 postgresql_db_t:file rw_file_perms;
+	allow $1 postgresql_db_t:lnk_file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_manage_db'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute postgresql in the calling domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_exec'($*)) dnl
+	
+	gen_require(`
+		type postgresql_exec_t;
+	')
+
+	can_exec($1, postgresql_exec_t);
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute postgresql in the postgresql domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_domtrans'($*)) dnl
+	
+	gen_require(`
+		type postgresql_t, postgresql_exec_t;
+	')
+
+	domtrans_pattern($1, postgresql_exec_t, postgresql_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Allow domain to signal postgresql
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_signal'($*)) dnl
+	
+	gen_require(`
+		type postgresql_t;
+	')
+	allow $1 postgresql_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to read postgresql's etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`postgresql_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_read_config'($*)) dnl
+	
+	gen_require(`
+		type postgresql_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 postgresql_etc_t:dir list_dir_perms;
+	allow $1 postgresql_etc_t:file read_file_perms;
+	allow $1 postgresql_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to connect to postgresql with a tcp socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_tcp_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_tcp_connect'($*)) dnl
+	
+	gen_require(`
+		type postgresql_t;
+	')
+
+	corenet_tcp_recvfrom_labeled($1, postgresql_t)
+	corenet_tcp_connect_postgresql_port($1)
+	corenet_sendrecv_postgresql_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_tcp_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to connect to postgresql with a unix socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`postgresql_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type postgresql_t, postgresql_runtime_t, postgresql_tmp_t;
+	')
+
+	stream_connect_pattern($1, { postgresql_runtime_t postgresql_tmp_t }, { postgresql_runtime_t postgresql_tmp_t }, postgresql_t)
+
+	files_search_pids($1)
+	files_search_tmp($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain unprivileged accesses to unifined database objects
+##	managed by SE-PostgreSQL,
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_unpriv_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_unpriv_client'($*)) dnl
+	
+	gen_require(`
+		class db_database all_db_database_perms;
+		class db_schema all_db_schema_perms;
+		class db_table all_db_table_perms;
+		class db_sequence all_db_sequence_perms;
+		class db_view all_db_view_perms;
+		class db_procedure all_db_procedure_perms;
+		class db_language all_db_language_perms;
+		class db_column all_db_column_perms;
+		class db_tuple all_db_tuple_perms;
+		class db_blob all_db_blob_perms;
+
+		attribute sepgsql_client_type;
+		attribute sepgsql_database_type, sepgsql_schema_type;
+		attribute sepgsql_sysobj_table_type;
+
+		type sepgsql_ranged_proc_t, sepgsql_ranged_proc_exec_t;
+		type sepgsql_temp_object_t;
+		type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
+		type unpriv_sepgsql_blob_t, unpriv_sepgsql_proc_exec_t;
+		type unpriv_sepgsql_schema_t, unpriv_sepgsql_seq_t;
+		type unpriv_sepgsql_sysobj_t, unpriv_sepgsql_table_t;
+		type unpriv_sepgsql_view_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	typeattribute $1 sepgsql_client_type;
+
+	########################################
+	#
+	# Client local policy
+	#
+
+	type_transition $1 sepgsql_ranged_proc_exec_t:process sepgsql_ranged_proc_t;
+	allow $1 sepgsql_ranged_proc_t:process transition;
+	allow sepgsql_ranged_proc_t $1:process dyntransition;
+
+	type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+	allow $1 sepgsql_trusted_proc_t:process transition;
+
+	allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
+	type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
+
+	allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };
+	type_transition $1 sepgsql_schema_type:db_procedure unpriv_sepgsql_proc_exec_t;
+
+	allow $1 unpriv_sepgsql_schema_t:db_schema { getattr add_name remove_name };
+	type_transition $1 sepgsql_database_type:db_schema unpriv_sepgsql_schema_t;
+	type_transition $1 sepgsql_database_type:db_schema sepgsql_temp_object_t "pg_temp";
+
+	allow $1 unpriv_sepgsql_table_t:db_table { getattr select update insert delete lock };
+	allow $1 unpriv_sepgsql_table_t:db_column { getattr select update insert };
+	allow $1 unpriv_sepgsql_table_t:db_tuple { select update insert delete };
+	type_transition $1 sepgsql_schema_type:db_table unpriv_sepgsql_table_t;
+
+	allow $1 unpriv_sepgsql_seq_t:db_sequence { getattr get_value next_value set_value };
+	type_transition $1 sepgsql_schema_type:db_sequence unpriv_sepgsql_seq_t;
+
+	allow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select };
+	type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;
+
+	allow $1 unpriv_sepgsql_view_t:db_view { getattr expand };
+	type_transition $1 sepgsql_schema_type:db_view unpriv_sepgsql_view_t;
+
+
+	tunable_policy(`sepgsql_enable_users_ddl',`
+		allow $1 unpriv_sepgsql_schema_t:db_schema { create drop setattr };
+		allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
+		allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
+		allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
+		allow $1 unpriv_sepgsql_seq_t:db_sequence { create drop setattr };
+		allow $1 unpriv_sepgsql_view_t:db_view { create drop setattr };
+		allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_unpriv_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain unconfined accesses to any database objects
+##	managed by SE-PostgreSQL,
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgresql_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_unconfined_type;
+	')
+
+	typeattribute $1 sepgsql_unconfined_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate an postgresql environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the postgresql domain.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`postgresql_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgresql_admin'($*)) dnl
+	
+	gen_require(`
+		attribute sepgsql_admin_type;
+
+		type postgresql_t, postgresql_runtime_t;
+		type postgresql_tmp_t, postgresql_db_t;
+		type postgresql_etc_t, postgresql_log_t;
+		type postgresql_initrc_exec_t, postgresql_unit_t;
+	')
+
+	typeattribute $1 sepgsql_admin_type;
+
+	allow $1 postgresql_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postgresql_t)
+
+	init_startstop_service($1, $2, postgresql_t, postgresql_initrc_exec_t, postgresql_unit_t)
+
+	admin_pattern($1, postgresql_runtime_t)
+
+	admin_pattern($1, postgresql_db_t)
+
+	admin_pattern($1, postgresql_etc_t)
+
+	admin_pattern($1, postgresql_log_t)
+
+	admin_pattern($1, postgresql_tmp_t)
+
+	postgresql_tcp_connect($1)
+	postgresql_stream_connect($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgresql_admin'($*)) dnl
+	')
+
+## <summary>Telnet daemon.</summary>
+
+########################################
+## <summary>
+##	Read and write telnetd pty devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`telnet_use_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `telnet_use_ptys'($*)) dnl
+	
+	gen_require(`
+		type telnetd_devpts_t;
+	')
+
+	term_list_ptys($1)
+	allow $1 telnetd_devpts_t:chr_file rw_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `telnet_use_ptys'($*)) dnl
+	')
+
+## <summary>Network router discovery daemon.</summary>
+
+######################################
+## <summary>
+##	Execute rdisc in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rdisc_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rdisc_exec'($*)) dnl
+	
+	gen_require(`
+		type rdisc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, rdisc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rdisc_exec'($*)) dnl
+	')
+
+## <summary>Remote-mail retrieval and forwarding utility.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an fetchmail environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fetchmail_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fetchmail_admin'($*)) dnl
+	
+	gen_require(`
+		type fetchmail_t, fetchmail_etc_t, fetchmail_uidl_cache_t;
+		type fetchmail_runtime_t, fetchmail_initrc_exec_t, fetchmail_log_t;
+	')
+
+	init_startstop_service($1, $2, fetchmail_t, fetchmail_initrc_exec_t)
+
+	allow $1 fetchmail_t:process { ptrace signal_perms };
+	ps_process_pattern($1, fetchmail_t)
+
+	files_list_etc($1)
+	admin_pattern($1, fetchmail_etc_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, fetchmail_uidl_cache_t)
+
+	files_list_pids($1)
+	admin_pattern($1, fetchmail_runtime_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, fetchmail_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fetchmail_admin'($*)) dnl
+	')
+
+## <summary>Watchdog multiplexing daemon.</summary>
+
+########################################
+## <summary>
+##	Connect to wdmd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`wdmd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wdmd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type wdmd_t, wdmd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, wdmd_runtime_t, wdmd_runtime_t, wdmd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wdmd_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an wdmd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`wdmd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wdmd_admin'($*)) dnl
+	
+	gen_require(`
+		type wdmd_t, wdmd_initrc_exec_t, wdmd_runtime_t;
+	')
+
+	allow $1 wdmd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, wdmd_t)
+
+	init_startstop_service($1, $2, wdmd_t, wdmd_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, wdmd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wdmd_admin'($*)) dnl
+	')
+
+## <summary>X Windows Server</summary>
+
+########################################
+## <summary>
+##	Rules required for using the X Windows server
+##	and environment, for restricted users.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_restricted_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_restricted_role'($*)) dnl
+	
+	gen_require(`
+		type xserver_t, xserver_tmp_t, xserver_tmpfs_t;
+		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
+		type iceauth_t, iceauth_exec_t, iceauth_home_t;
+		type xauth_t, xauth_exec_t, xauth_home_t;
+		type xdm_t, xdm_tmp_t;
+	')
+
+	role $1 types { xserver_t xauth_t iceauth_t };
+
+	# Xserver read/write client shm
+	allow xserver_t $2:fd use;
+	allow xserver_t $2:shm rw_shm_perms;
+
+	allow xserver_t $2:process signal;
+
+	allow xserver_t $2:shm rw_shm_perms;
+
+	allow $2 user_fonts_t:dir list_dir_perms;
+	allow $2 user_fonts_t:file read_file_perms;
+
+	allow $2 user_fonts_config_t:dir list_dir_perms;
+	allow $2 user_fonts_config_t:file read_file_perms;
+
+	manage_dirs_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
+	manage_files_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
+
+	stream_connect_pattern($2, xserver_tmp_t, xserver_tmp_t, xserver_t)
+	files_search_tmp($2)
+
+	# Communicate via System V shared memory.
+	allow $2 xserver_t:shm r_shm_perms;
+	allow $2 xserver_tmpfs_t:file read_file_perms;
+
+	# allow ps to show iceauth
+	ps_process_pattern($2, iceauth_t)
+
+	domtrans_pattern($2, iceauth_exec_t, iceauth_t)
+
+	allow $2 iceauth_home_t:file read_file_perms;
+
+	domtrans_pattern($2, xauth_exec_t, xauth_t)
+
+	allow $2 xauth_t:process signal;
+
+	# allow ps to show xauth
+	ps_process_pattern($2, xauth_t)
+	allow $2 xserver_t:process signal;
+
+	allow $2 xauth_home_t:file read_file_perms;
+
+	# for when /tmp/.X11-unix is created by the system
+	allow $2 xdm_t:fd use;
+	allow $2 xdm_t:fifo_file { getattr read write ioctl };
+	allow $2 xdm_tmp_t:dir search;
+	allow $2 xdm_tmp_t:sock_file { read write };
+	dontaudit $2 xdm_t:tcp_socket { read write };
+
+	# Client read xserver shm
+	allow $2 xserver_t:fd use;
+	allow $2 xserver_tmpfs_t:file read_file_perms;
+
+	# Read /tmp/.X0-lock
+	allow $2 xserver_tmp_t:file { getattr read };
+
+	dev_rw_xserver_misc($2)
+	dev_map_xserver_misc($2)
+	dev_rw_power_management($2)
+	dev_read_input($2)
+	dev_read_misc($2)
+	dev_write_misc($2)
+	# open office is looking for the following
+	dev_getattr_agp_dev($2)
+	dev_dontaudit_rw_dri($2)
+	# GNOME checks for usb and other devices:
+	dev_rw_usbfs($2)
+
+	miscfiles_read_fonts($2)
+
+	xserver_common_x_domain_template(user, $2)
+	xserver_domtrans($2)
+	xserver_unconfined($2)
+	xserver_xsession_entry_type($2)
+	xserver_dontaudit_write_log($2)
+	xserver_stream_connect_xdm($2)
+	# certain apps want to read xdm.pid file
+	xserver_read_xdm_pid($2)
+	# gnome-session creates socket under /tmp/.ICE-unix/
+	xserver_create_xdm_tmp_sockets($2)
+	# Needed for escd, remove if we get escd policy
+	xserver_manage_xdm_tmp_files($2)
+
+	# for the .xsession-errors log file
+	xserver_user_home_dir_filetrans_user_xsession_log($2)
+	xserver_manage_xsession_log($2)
+
+	# Client write xserver shm
+	tunable_policy(`allow_write_xshm',`
+		allow $2 xserver_t:shm rw_shm_perms;
+		allow $2 xserver_tmpfs_t:file rw_file_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_restricted_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Rules required for using the X Windows server
+##	and environment.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_role'($*)) dnl
+	
+	gen_require(`
+		type iceauth_home_t, xserver_t, xserver_tmp_t, xserver_tmpfs_t, xauth_home_t;
+		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
+		type mesa_shader_cache_t;
+	')
+
+	xserver_restricted_role($1, $2)
+
+	# Communicate via System V shared memory.
+	allow $2 xserver_t:shm rw_shm_perms;
+	allow $2 xserver_tmpfs_t:file rw_file_perms;
+
+	# XCB Event Queue: used by the Qt library for example
+	allow $2 xserver_tmp_t:file rw_file_perms;
+
+	allow $2 iceauth_home_t:file manage_file_perms;
+	allow $2 iceauth_home_t:file { relabelfrom relabelto };
+
+	allow $2 xauth_home_t:file manage_file_perms;
+	allow $2 xauth_home_t:file { relabelfrom relabelto };
+
+	manage_dirs_pattern($2, user_fonts_t, user_fonts_t)
+	manage_files_pattern($2, user_fonts_t, user_fonts_t)
+	relabel_dirs_pattern($2, user_fonts_t, user_fonts_t)
+	relabel_files_pattern($2, user_fonts_t, user_fonts_t)
+
+	manage_dirs_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
+	manage_files_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
+	relabel_dirs_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
+	relabel_files_pattern($2, user_fonts_cache_t, user_fonts_cache_t)
+
+	manage_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
+	manage_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
+	relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
+	relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
+
+	manage_dirs_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
+	manage_files_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
+	allow $2 mesa_shader_cache_t:file map;
+	relabel_dirs_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
+	relabel_files_pattern($2, mesa_shader_cache_t, mesa_shader_cache_t)
+
+	xserver_user_home_dir_filetrans_user_iceauth($2, ".ICEauthority")
+
+	xserver_read_xkb_libs($2)
+
+	optional_policy(`
+		xdg_manage_all_cache($2)
+		xdg_relabel_all_cache($2)
+		xdg_manage_all_config($2)
+		xdg_relabel_all_config($2)
+		xdg_manage_all_data($2)
+		xdg_relabel_all_data($2)
+
+		xdg_generic_user_home_dir_filetrans_cache($2, dir, ".cache")
+		xdg_generic_user_home_dir_filetrans_config($2, dir, ".config")
+		xdg_generic_user_home_dir_filetrans_data($2, dir, ".local")
+
+		xdg_generic_user_home_dir_filetrans_documents($2, dir, "Documents")
+		xdg_generic_user_home_dir_filetrans_downloads($2, dir, "Downloads")
+		xdg_generic_user_home_dir_filetrans_music($2, dir, "Music")
+		xdg_generic_user_home_dir_filetrans_pictures($2, dir, "Pictures")
+		xdg_generic_user_home_dir_filetrans_videos($2, dir, "Videos")
+
+		xdg_manage_documents($2)
+		xdg_relabel_documents($2)
+		xdg_manage_downloads($2)
+		xdg_relabel_downloads($2)
+		xdg_manage_music($2)
+		xdg_relabel_music($2)
+		xdg_manage_pictures($2)
+		xdg_relabel_pictures($2)
+		xdg_manage_videos($2)
+		xdg_relabel_videos($2)
+
+		xdg_cache_filetrans($2, mesa_shader_cache_t, dir, "mesa_shader_cache")
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_role'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create sessions on the X server, with read-only
+##	access to the X server shared
+##	memory segments.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="tmpfs_type">
+##	<summary>
+##	The type of the domain SYSV tmpfs files.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_ro_session',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_ro_session'($*)) dnl
+	
+	gen_require(`
+		type xserver_t, xserver_tmp_t, xserver_tmpfs_t;
+	')
+
+	# Xserver read/write client shm
+	allow xserver_t $1:fd use;
+	allow xserver_t $1:shm rw_shm_perms;
+	allow xserver_t $2:file { rw_file_perms map };
+
+	# Connect to xserver
+	allow $1 xserver_t:unix_stream_socket connectto;
+	allow $1 xserver_t:process signal;
+
+	# Read /tmp/.X0-lock
+	allow $1 xserver_tmp_t:file { getattr read };
+
+	# Client read xserver shm
+	allow $1 xserver_t:fd use;
+	allow $1 xserver_t:shm r_shm_perms;
+	allow $1 xserver_tmpfs_t:file read_file_perms;
+
+	allow $1 $2:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_ro_session'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create sessions on the X server, with read and write
+##	access to the X server shared
+##	memory segments.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="tmpfs_type">
+##	<summary>
+##	The type of the domain SYSV tmpfs files.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_rw_session',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_rw_session'($*)) dnl
+	
+	gen_require(`
+		type xserver_t, xserver_tmpfs_t;
+	')
+
+	xserver_ro_session($1,$2)
+	allow $1 xserver_t:shm rw_shm_perms;
+	allow $1 xserver_tmpfs_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_rw_session'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create non-drawing client sessions on an X server.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_non_drawing_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_non_drawing_client'($*)) dnl
+	
+	gen_require(`
+		class x_drawable { getattr get_property };
+		class x_extension { query use };
+		class x_gc { create setattr };
+		class x_property read;
+
+		type xserver_t, xdm_var_run_t;
+		type xextension_t, xproperty_t, root_xdrawable_t;
+	')
+
+	allow $1 self:x_gc { create setattr };
+
+	allow $1 xdm_var_run_t:dir search;
+	allow $1 xserver_t:unix_stream_socket connectto;
+
+	allow $1 xextension_t:x_extension { query use };
+	allow $1 root_xdrawable_t:x_drawable { getattr get_property };
+	allow $1 xproperty_t:x_property read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_non_drawing_client'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Interface to provide X object permissions on a given X server to
+##	an X client domain.  Provides the minimal set required by a basic
+##	X client application.
+## </summary>
+## <param name="prefix">
+##	<summary>
+##	The prefix of the X client domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Client domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_common_x_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_common_x_domain_template'($*)) dnl
+	
+	gen_require(`
+		type root_xdrawable_t;
+		type xevent_t, client_xevent_t;
+		type input_xevent_t, $1_input_xevent_t;
+
+		attribute x_domain;
+		attribute xdrawable_type, xcolormap_type;
+		attribute input_xevent_type;
+
+		class x_drawable all_x_drawable_perms;
+		class x_property all_x_property_perms;
+		class x_event all_x_event_perms;
+		class x_synthetic_event all_x_synthetic_event_perms;
+	')
+
+	##############################
+	#
+	# Local Policy
+	#
+
+	# Type attributes
+	typeattribute $2 x_domain;
+	typeattribute $2 xdrawable_type, xcolormap_type;
+
+	# X Properties
+	# disable property transitions for the time being.
+#	type_transition $2 xproperty_t:x_property $1_xproperty_t;
+
+	# X Windows
+	# new windows have the domain type
+	type_transition $2 root_xdrawable_t:x_drawable $2;
+
+	# X Input
+	# distinguish input events
+	type_transition $2 input_xevent_t:x_event $1_input_xevent_t;
+	# can send own events
+	allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } send;
+	# can receive own events
+	allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } receive;
+	# can receive default events
+	allow $2 client_xevent_t:{ x_event x_synthetic_event } receive;
+	allow $2 xevent_t:{ x_event x_synthetic_event } receive;
+	# dont audit send failures
+	dontaudit $2 input_xevent_type:x_event send;
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_common_x_domain_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Template for creating the set of types used
+##	in an X windows domain.
+## </summary>
+## <param name="prefix">
+##	<summary>
+##	The prefix of the X client domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_object_types_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_object_types_template'($*)) dnl
+	
+	gen_require(`
+		attribute xproperty_type, input_xevent_type, xevent_type;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	# Types for properties
+	type $1_xproperty_t, xproperty_type;
+	ubac_constrained($1_xproperty_t)
+
+	# Types for events
+	type $1_input_xevent_t, input_xevent_type, xevent_type;
+	ubac_constrained($1_input_xevent_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_object_types_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Interface to provide X object permissions on a given X server to
+##	an X client domain.  Provides the minimal set required by a basic
+##	X client application.
+## </summary>
+## <param name="prefix">
+##	<summary>
+##	The prefix of the X client domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Client domain allowed access.
+##	</summary>
+## </param>
+## <param name="tmpfs_type">
+##	<summary>
+##	The type of the domain SYSV tmpfs files.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_user_x_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_user_x_domain_template'($*)) dnl
+	
+	gen_require(`
+		type xdm_t, xdm_tmp_t;
+		type xauth_home_t, iceauth_home_t, xserver_t, xserver_tmpfs_t;
+	')
+
+	allow $2 self:shm create_shm_perms;
+	allow $2 self:unix_dgram_socket create_socket_perms;
+	allow $2 self:unix_stream_socket { connectto create_stream_socket_perms };
+
+	# Read .Xauthority file
+	allow $2 xauth_home_t:file read_file_perms;
+	allow $2 iceauth_home_t:file read_file_perms;
+
+	# for when /tmp/.X11-unix is created by the system
+	allow $2 xdm_t:fd use;
+	allow $2 xdm_t:fifo_file { getattr read write ioctl };
+	allow $2 xdm_tmp_t:dir search_dir_perms;
+	allow $2 xdm_tmp_t:sock_file { read write };
+	dontaudit $2 xdm_t:tcp_socket { read write };
+
+	# Allow connections to X server.
+	files_search_tmp($2)
+
+	miscfiles_read_fonts($2)
+
+	userdom_search_user_home_dirs($2)
+	# for .xsession-errors
+	xserver_rw_xsession_log($2)
+
+	xserver_ro_session($2,$3)
+	xserver_use_user_fonts($2)
+
+	xserver_read_xdm_tmp_files($2)
+
+	# X object manager
+	xserver_object_types_template($1)
+	xserver_common_x_domain_template($1,$2)
+
+	# Client write xserver shm
+	tunable_policy(`allow_write_xshm',`
+		allow $2 xserver_t:shm rw_shm_perms;
+		allow $2 xserver_tmpfs_t:file rw_file_perms;
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_user_x_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read user fonts, user font configuration,
+##	and manage the user font cache.
+## </summary>
+## <desc>
+##	<p>
+##	Read user fonts, user font configuration,
+##	and manage the user font cache.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_use_user_fonts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_use_user_fonts'($*)) dnl
+	
+	gen_require(`
+		type user_fonts_t, user_fonts_cache_t, user_fonts_config_t;
+	')
+
+	# Read per user fonts
+	allow $1 user_fonts_t:dir list_dir_perms;
+	allow $1 user_fonts_t:file { map read_file_perms };
+
+	# Manipulate the global font cache
+	manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
+	manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
+	allow $1 user_fonts_cache_t:file { map read_file_perms };
+
+	# Read per user font config
+	allow $1 user_fonts_config_t:dir list_dir_perms;
+	allow $1 user_fonts_config_t:file read_file_perms;
+
+	userdom_search_user_home_dirs($1)
+	xdg_search_cache_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_use_user_fonts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transition to the Xauthority domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_domtrans_xauth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_domtrans_xauth'($*)) dnl
+	
+	gen_require(`
+		type xauth_t, xauth_exec_t;
+	')
+
+	domtrans_pattern($1, xauth_exec_t, xauth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_domtrans_xauth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a Xauthority file in the user home directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_user_home_dir_filetrans_user_xauth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_user_home_dir_filetrans_user_xauth'($*)) dnl
+	
+	gen_require(`
+		type xauth_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xauth_home_t, file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_user_home_dir_filetrans_user_xauth'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create a ICEauthority file in
+##	the user home directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_user_home_dir_filetrans_user_iceauth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_user_home_dir_filetrans_user_iceauth'($*)) dnl
+	
+	gen_require(`
+		type iceauth_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, iceauth_home_t, file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_user_home_dir_filetrans_user_iceauth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a .xsession-errors log
+##	file in the user home directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_user_home_dir_filetrans_user_xsession_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_user_home_dir_filetrans_user_xsession_log'($*)) dnl
+	
+	gen_require(`
+		type xsession_log_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xsession_log_t, file, ".xsession-errors")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_user_home_dir_filetrans_user_xsession_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all users .Xauthority.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_user_xauth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_user_xauth'($*)) dnl
+	
+	gen_require(`
+		type xauth_home_t;
+	')
+
+	allow $1 xauth_home_t:file read_file_perms;
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_user_xauth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all users .dmrc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_user_dmrc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_user_dmrc'($*)) dnl
+	
+	gen_require(`
+		type dmrc_home_t;
+	')
+
+	allow $1 dmrc_home_t:file read_file_perms;
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_user_dmrc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all users .ICEauthority.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_user_iceauth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_user_iceauth'($*)) dnl
+	
+	gen_require(`
+		type iceauth_home_t;
+	')
+
+	allow $1 iceauth_home_t:file read_file_perms;
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_user_iceauth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of the X windows console named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_setattr_console_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_setattr_console_pipes'($*)) dnl
+	
+	gen_require(`
+		type xconsole_device_t;
+	')
+
+	allow $1 xconsole_device_t:fifo_file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_setattr_console_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the X windows console named pipe.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_rw_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_rw_console'($*)) dnl
+	
+	gen_require(`
+		type xconsole_device_t;
+	')
+
+	allow $1 xconsole_device_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_rw_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Create the X windows console named pipes.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`xserver_create_console_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_create_console_pipes'($*)) dnl
+	
+	gen_require(`
+		type xconsole_device_t;
+	')
+
+	allow $1 xconsole_device_t:fifo_file create;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_create_console_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      relabel the X windows console named pipes.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`xserver_relabel_console_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_relabel_console_pipes'($*)) dnl
+	
+	gen_require(`
+		type xconsole_device_t;
+	')
+
+	allow $1 xconsole_device_t:fifo_file { getattr relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_relabel_console_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use file descriptors for xdm.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_use_xdm_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_use_xdm_fds'($*)) dnl
+	
+	gen_require(`
+		type xdm_t;
+	')
+
+	allow $1 xdm_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_use_xdm_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit
+##	XDM file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_dontaudit_use_xdm_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_dontaudit_use_xdm_fds'($*)) dnl
+	
+	gen_require(`
+		type xdm_t;
+	')
+
+	dontaudit $1 xdm_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_dontaudit_use_xdm_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow domain to send sigchld to xdm_t
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_sigchld_xdm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_sigchld_xdm'($*)) dnl
+	
+	gen_require(`
+		type xdm_t;
+	')
+
+	allow $1 xdm_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_sigchld_xdm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write XDM unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_rw_xdm_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_rw_xdm_pipes'($*)) dnl
+	
+	gen_require(`
+		type xdm_t;
+	')
+
+	allow $1 xdm_t:fifo_file { getattr read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_rw_xdm_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	XDM unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_dontaudit_rw_xdm_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_dontaudit_rw_xdm_pipes'($*)) dnl
+	
+
+	gen_require(`
+		type xdm_t;
+	')
+
+	dontaudit $1 xdm_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_dontaudit_rw_xdm_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	xdm over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_dbus_chat_xdm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_dbus_chat_xdm'($*)) dnl
+	
+	gen_require(`
+		type xdm_t;
+		class dbus send_msg;
+	')
+
+	allow $1 xdm_t:dbus send_msg;
+	allow xdm_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_dbus_chat_xdm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read xdm process state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_xdm_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_xdm_state'($*)) dnl
+	
+	gen_require(`
+		type xdm_t;
+	')
+
+	kernel_search_proc($1)
+	allow $1 xdm_t:dir list_dir_perms;
+	allow $1 xdm_t:file read_file_perms;
+	allow $1 xdm_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_xdm_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the priority of the X Display
+##	Manager (XDM).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_setsched_xdm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_setsched_xdm'($*)) dnl
+	
+	gen_require(`
+		type xdm_t;
+	')
+
+	allow $1 xdm_t:process setsched;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_setsched_xdm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	xdm_spool files.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_manage_xdm_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_manage_xdm_spool_files'($*)) dnl
+	
+	refpolicywarn(`$0() has been deprecated.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_manage_xdm_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to XDM over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_stream_connect_xdm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_stream_connect_xdm'($*)) dnl
+	
+	gen_require(`
+		type xdm_t, xdm_tmp_t;
+	')
+
+	files_search_tmp($1)
+	stream_connect_pattern($1, xdm_tmp_t, xdm_tmp_t, xdm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_stream_connect_xdm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read xdm-writable configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_xdm_rw_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_xdm_rw_config'($*)) dnl
+	
+	gen_require(`
+		type xdm_rw_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 xdm_rw_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_xdm_rw_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of XDM temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_setattr_xdm_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_setattr_xdm_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+	allow $1 xdm_tmp_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_setattr_xdm_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a named socket in a XDM
+##	temporary directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_create_xdm_tmp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_create_xdm_tmp_sockets'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 xdm_tmp_t:dir list_dir_perms;
+	create_sock_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_create_xdm_tmp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete a named socket in a XDM
+##	temporary directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_delete_xdm_tmp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_delete_xdm_tmp_sockets'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+	files_search_tmp($1)
+	delete_sock_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_delete_xdm_tmp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read XDM pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_xdm_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_xdm_pid'($*)) dnl
+	
+	gen_require(`
+		type xdm_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 xdm_var_run_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_xdm_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read XDM var lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_xdm_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_xdm_lib_files'($*)) dnl
+	
+	gen_require(`
+		type xdm_var_lib_t;
+	')
+
+	allow $1 xdm_var_lib_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_xdm_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make an X session script an entrypoint for the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain for which the shell is an entrypoint.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_xsession_entry_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_xsession_entry_type'($*)) dnl
+	
+	gen_require(`
+		type xsession_exec_t;
+	')
+
+	domain_entry_file($1, xsession_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_xsession_entry_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute an X session in the target domain.  This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
+## <desc>
+##	<p>
+##	Execute an Xsession in the target domain.  This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the shell process.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_xsession_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_xsession_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type xsession_exec_t;
+	')
+
+	domain_transition_pattern($1, xsession_exec_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_xsession_spec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to inherited  xsession log
+##	files such as .xsession-errors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_write_inherited_xsession_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_write_inherited_xsession_log'($*)) dnl
+	
+	gen_require(`
+		type xsession_log_t;
+	')
+
+	allow $1 xsession_log_t:file write_inherited_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_write_inherited_xsession_log'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Read and write xsession log
+##	files such as .xsession-errors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_rw_xsession_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_rw_xsession_log'($*)) dnl
+	
+	gen_require(`
+		type xsession_log_t;
+	')
+
+	allow $1 xsession_log_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_rw_xsession_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage xsession log files such
+##	as .xsession-errors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_manage_xsession_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_manage_xsession_log'($*)) dnl
+	
+	gen_require(`
+		type xsession_log_t;
+	')
+
+	allow $1 xsession_log_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_manage_xsession_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to inherited X server log
+##  files like /var/log/lightdm/lightdm.log
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_write_inherited_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_write_inherited_log'($*)) dnl
+	
+	gen_require(`
+		type xserver_log_t;
+	')
+
+	allow $1 xserver_log_t:file write_inherited_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_write_inherited_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of X server logs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_getattr_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_getattr_log'($*)) dnl
+	
+	gen_require(`
+		type xserver_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 xserver_log_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_getattr_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write the X server
+##	log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_dontaudit_write_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_dontaudit_write_log'($*)) dnl
+	
+	gen_require(`
+		type xserver_log_t;
+	')
+
+	dontaudit $1 xserver_log_t:file { append ioctl write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_dontaudit_write_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete X server log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_delete_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_delete_log'($*)) dnl
+	
+	gen_require(`
+		type xserver_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 xserver_log_t:dir list_dir_perms;
+	delete_files_pattern($1, xserver_log_t, xserver_log_t)
+	delete_fifo_files_pattern($1, xserver_log_t, xserver_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_delete_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read X keyboard extension libraries.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_xkb_libs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_xkb_libs'($*)) dnl
+	
+	gen_require(`
+		type xkb_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 xkb_var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, xkb_var_lib_t, xkb_var_lib_t)
+	read_lnk_files_pattern($1, xkb_var_lib_t, xkb_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_xkb_libs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Create xdm temporary directories.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to allow access.
+##      </summary>
+## </param>
+#
+ 	 	define(`xserver_create_xdm_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_create_xdm_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+	allow $1 xdm_tmp_t:dir create;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_create_xdm_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read xdm temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_xdm_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_xdm_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+ 	files_search_tmp($1)
+	read_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_xdm_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read xdm temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_dontaudit_read_xdm_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_dontaudit_read_xdm_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+	dontaudit $1 xdm_tmp_t:dir search_dir_perms;
+	dontaudit $1 xdm_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_dontaudit_read_xdm_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read write xdm temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_rw_xdm_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_rw_xdm_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+	allow $1 xdm_tmp_t:dir search_dir_perms;
+	allow $1 xdm_tmp_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_rw_xdm_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete xdm temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_manage_xdm_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_manage_xdm_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+	manage_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_manage_xdm_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of
+##	xdm temporary named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_dontaudit_getattr_xdm_tmp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_dontaudit_getattr_xdm_tmp_sockets'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+	dontaudit $1 xdm_tmp_t:sock_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_dontaudit_getattr_xdm_tmp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	list xdm_tmp_t directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to allow
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_list_xdm_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_list_xdm_tmp'($*)) dnl
+	
+	gen_require(`
+		type xdm_tmp_t;
+	')
+
+	allow $1 xdm_tmp_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_list_xdm_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the X server in the X server domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_domtrans'($*)) dnl
+	
+	gen_require(`
+		type xserver_t, xserver_exec_t;
+	')
+
+ 	allow $1 xserver_t:process siginh;
+	domtrans_pattern($1, xserver_exec_t, xserver_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Signal X servers
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_signal'($*)) dnl
+	
+	gen_require(`
+		type xserver_t;
+	')
+
+	allow $1 xserver_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Kill X servers
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_kill'($*)) dnl
+	
+	gen_require(`
+		type xserver_t;
+	')
+
+	allow $1 xserver_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Allow reading xserver_t files to get cgroup and sessionid
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`xserver_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_state'($*)) dnl
+	
+	gen_require(`
+		type xserver_t;
+	')
+
+	allow $1 xserver_t:dir search;
+	allow $1 xserver_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write X server Sys V Shared
+##	memory segments.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type xserver_t;
+	')
+
+	allow $1 xserver_t:shm rw_shm_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_rw_shm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write to
+##	X server sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_dontaudit_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_dontaudit_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type xserver_t;
+	')
+
+	dontaudit $1 xserver_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_dontaudit_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write X server
+##	unix domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_dontaudit_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_dontaudit_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type xserver_t;
+	')
+
+	dontaudit $1 xserver_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_dontaudit_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to the X server over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type xserver_t, xserver_tmp_t;
+	')
+
+	files_search_tmp($1)
+	stream_connect_pattern($1, xserver_tmp_t, xserver_tmp_t, xserver_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read X server temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type xserver_tmp_t;
+	')
+
+	allow $1 xserver_tmp_t:file read_file_perms;
+	files_search_tmp($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      talk to xserver_t by dbus
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`xserver_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type xserver_t;
+	')
+
+	allow $1 xserver_t:dbus send_msg;
+	allow xserver_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Interface to provide X object permissions on a given X server to
+##	an X client domain.  Gives the domain permission to read the
+##      virtual core keyboard and virtual core pointer devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_manage_core_devices',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_manage_core_devices'($*)) dnl
+	
+	gen_require(`
+		type xserver_t;
+		class x_device all_x_device_perms;
+		class x_pointer all_x_pointer_perms;
+		class x_keyboard all_x_keyboard_perms;
+	')
+
+	allow $1 xserver_t:{ x_device x_pointer x_keyboard } { getattr setattr use read write getfocus setfocus bell force_cursor freeze grab manage list_property get_property set_property add remove create destroy };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_manage_core_devices'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Interface to provide X object permissions on a given X server to
+##	an X client domain.  Gives the domain complete control over the
+##	display.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute x_domain;
+		attribute xserver_unconfined_type;
+	')
+
+	typeattribute $1 x_domain;
+	typeattribute $1 xserver_unconfined_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage keys for xdm.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_rw_xdm_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_rw_xdm_keys'($*)) dnl
+	
+	gen_require(`
+		type xdm_t;
+	')
+
+	allow $1 xdm_t:key { read write setattr };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_rw_xdm_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage keys for xdm.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_link_xdm_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_link_xdm_keys'($*)) dnl
+	
+	gen_require(`
+		type xdm_t;
+	')
+
+	allow $1 xdm_t:key link;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_link_xdm_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the mesa shader cache.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xserver_rw_mesa_shader_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xserver_rw_mesa_shader_cache'($*)) dnl
+	
+	gen_require(`
+		type mesa_shader_cache_t;
+	')
+
+	rw_dirs_pattern($1, mesa_shader_cache_t, mesa_shader_cache_t)
+	rw_files_pattern($1, mesa_shader_cache_t, mesa_shader_cache_t)
+	allow $1 mesa_shader_cache_t:file map;
+
+	xdg_search_cache_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xserver_rw_mesa_shader_cache'($*)) dnl
+	')
+
+## <summary>Postfix email server.</summary>
+
+########################################
+## <summary>
+##	Postfix stub interface.  No access allowed.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_stub',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_stub'($*)) dnl
+	
+	gen_require(`
+		type postfix_master_t;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_stub'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template to define a postfix domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute postfix_domain;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type postfix_$1_t, postfix_domain;
+	type postfix_$1_exec_t;
+	domain_type(postfix_$1_t)
+	domain_entry_file(postfix_$1_t, postfix_$1_exec_t)
+	role system_r types postfix_$1_t;
+
+	########################################
+	#
+	# Policy
+	#
+
+	can_exec(postfix_$1_t, postfix_$1_exec_t)
+
+	auth_use_nsswitch(postfix_$1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_domain_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template to define a postfix server domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_server_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_server_domain_template'($*)) dnl
+	
+	gen_require(`
+		type postfix_master_t;
+		attribute postfix_server_domain, postfix_server_tmp_content;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	postfix_domain_template($1)
+
+	typeattribute postfix_$1_t postfix_server_domain;
+
+	type postfix_$1_tmp_t, postfix_server_tmp_content;
+	files_tmp_file(postfix_$1_tmp_t)
+
+	########################################
+	#
+	# Declarations
+	#
+
+	manage_dirs_pattern(postfix_$1_t, postfix_$1_tmp_t, postfix_$1_tmp_t)
+	manage_files_pattern(postfix_$1_t, postfix_$1_tmp_t, postfix_$1_tmp_t)
+	files_tmp_filetrans(postfix_$1_t, postfix_$1_tmp_t, { file dir })
+
+	domtrans_pattern(postfix_master_t, postfix_$1_exec_t, postfix_$1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_server_domain_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template to define a postfix user domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_user_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_user_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute postfix_user_domains, postfix_user_domtrans;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	postfix_domain_template($1)
+
+	typeattribute postfix_$1_t postfix_user_domains;
+
+	########################################
+	#
+	# Policy
+	#
+
+	allow postfix_$1_t self:capability dac_override;
+
+	domtrans_pattern(postfix_user_domtrans, postfix_$1_exec_t, postfix_$1_t)
+
+	domain_use_interactive_fds(postfix_$1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_user_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read postfix configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`postfix_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_read_config'($*)) dnl
+	
+	gen_require(`
+		type postfix_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 postfix_etc_t:dir list_dir_perms;
+	allow $1 postfix_etc_t:file read_file_perms;
+	allow $1 postfix_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified object in postfix
+##	etc directories with a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_config_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_config_filetrans'($*)) dnl
+	
+	gen_require(`
+		type postfix_etc_t;
+	')
+
+	filetrans_pattern($1, postfix_etc_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_config_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write postfix local delivery
+##	TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_dontaudit_rw_local_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_dontaudit_rw_local_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type postfix_local_t;
+	')
+
+	dontaudit $1 postfix_local_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_dontaudit_rw_local_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write postfix local pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_rw_local_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_rw_local_pipes'($*)) dnl
+	
+	gen_require(`
+		type postfix_local_t;
+	')
+
+	allow $1 postfix_local_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_rw_local_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read postfix local process state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_read_local_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_read_local_state'($*)) dnl
+	
+	gen_require(`
+		type postfix_local_t;
+	')
+
+	kernel_search_proc($1)
+	allow $1 postfix_local_t:dir list_dir_perms;
+	allow $1 postfix_local_t:file read_file_perms;
+	allow $1 postfix_local_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_read_local_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write inherited postfix master pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_rw_inherited_master_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_rw_inherited_master_pipes'($*)) dnl
+	
+	gen_require(`
+		type postfix_master_t;
+	')
+
+	allow $1 postfix_master_t:fd use;
+	allow $1 postfix_master_t:fifo_file { getattr write append lock ioctl read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_rw_inherited_master_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read postfix master process state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_read_master_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_read_master_state'($*)) dnl
+	
+	gen_require(`
+		type postfix_master_t;
+	')
+
+	kernel_search_proc($1)
+	allow $1 postfix_master_t:dir list_dir_perms;
+	allow $1 postfix_master_t:file read_file_perms;
+	allow $1 postfix_master_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_read_master_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use postfix master file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_use_fds_master',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_use_fds_master'($*)) dnl
+	
+	gen_require(`
+		type postfix_master_t;
+	')
+
+	allow $1 postfix_master_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_use_fds_master'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use
+##	postfix master process file
+##	file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type postfix_master_t;
+	')
+
+	dontaudit $1 postfix_master_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute postfix_map in the postfix_map domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_domtrans_map',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_domtrans_map'($*)) dnl
+	
+	gen_require(`
+		type postfix_map_t, postfix_map_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, postfix_map_exec_t, postfix_map_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_domtrans_map'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute postfix map in the postfix
+##	map domain, and allow the specified
+##	role the postfix_map domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`postfix_run_map',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_run_map'($*)) dnl
+	
+	gen_require(`
+		attribute_role postfix_map_roles;
+	')
+
+	postfix_domtrans_map($1)
+	roleattribute $2 postfix_map_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_run_map'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the master postfix program
+##	in the postfix_master domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_domtrans_master',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_domtrans_master'($*)) dnl
+	
+	gen_require(`
+		type postfix_master_t, postfix_master_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, postfix_master_exec_t, postfix_master_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_domtrans_master'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the master postfix program
+##	in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_exec_master',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_exec_master'($*)) dnl
+	
+	gen_require(`
+		type postfix_master_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, postfix_master_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_exec_master'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Connect to postfix master process
+##	using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`postfix_stream_connect_master',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_stream_connect_master'($*)) dnl
+	
+	gen_require(`
+		type postfix_master_t, postfix_public_t;
+	')
+
+	stream_connect_pattern($1, postfix_public_t, postfix_public_t, postfix_master_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_stream_connect_master'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the master postdrop in the
+##	postfix postdrop domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_domtrans_postdrop',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_domtrans_postdrop'($*)) dnl
+	
+	gen_require(`
+		type postfix_postdrop_t, postfix_postdrop_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, postfix_postdrop_exec_t, postfix_postdrop_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_domtrans_postdrop'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the master postqueue in the
+##	postfix postqueue domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_domtrans_postqueue',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_domtrans_postqueue'($*)) dnl
+	
+	gen_require(`
+		type postfix_postqueue_t, postfix_postqueue_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, postfix_postqueue_exec_t, postfix_postqueue_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_domtrans_postqueue'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute postfix postqueue in
+##	the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_exec_postqueue',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_exec_postqueue'($*)) dnl
+	
+	gen_require(`
+		type postfix_postqueue_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, postfix_postqueue_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_exec_postqueue'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create postfix private sock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_create_private_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_create_private_sockets'($*)) dnl
+	
+	gen_require(`
+		type postfix_private_t;
+	')
+
+	create_sock_files_pattern($1, postfix_private_t, postfix_private_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_create_private_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	postfix private sock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_manage_private_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_manage_private_sockets'($*)) dnl
+	
+	gen_require(`
+		type postfix_private_t;
+	')
+
+	manage_sock_files_pattern($1, postfix_private_t, postfix_private_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_manage_private_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the smtp postfix program
+##	in the postfix smtp domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_domtrans_smtp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_domtrans_smtp'($*)) dnl
+	
+	gen_require(`
+		type postfix_smtp_t, postfix_smtp_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, postfix_smtp_exec_t, postfix_smtp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_domtrans_smtp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of all postfix mail
+##	spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_getattr_all_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_getattr_all_spool_files'($*)) dnl
+	
+	gen_require(`
+		attribute postfix_spool_type;
+	')
+
+	files_search_spool($1)
+	getattr_files_pattern($1, postfix_spool_type, postfix_spool_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_getattr_all_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search postfix mail spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_search_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_search_spool'($*)) dnl
+	
+	gen_require(`
+		type postfix_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 postfix_spool_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_search_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List postfix mail spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_list_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_list_spool'($*)) dnl
+	
+	gen_require(`
+		type postfix_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 postfix_spool_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_list_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read postfix mail spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_read_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_read_spool_files'($*)) dnl
+	
+	gen_require(`
+		type postfix_spool_t;
+	')
+
+	files_search_spool($1)
+	read_files_pattern($1, postfix_spool_t, postfix_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_read_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	postfix mail spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_manage_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_manage_spool_files'($*)) dnl
+	
+	gen_require(`
+		type postfix_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_files_pattern($1, postfix_spool_t, postfix_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_manage_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute postfix user mail programs
+##	in their respective domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postfix_domtrans_user_mail_handler',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_domtrans_user_mail_handler'($*)) dnl
+	
+	gen_require(`
+		attribute postfix_user_domtrans;
+	')
+
+	typeattribute $1 postfix_user_domtrans;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_domtrans_user_mail_handler'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an postfix environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`postfix_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfix_admin'($*)) dnl
+	
+	gen_require(`
+		attribute postfix_domain, postfix_spool_type, postfix_server_tmp_content;
+		type postfix_initrc_exec_t, postfix_prng_t, postfix_etc_t;
+		type postfix_data_t, postfix_runtime_t, postfix_public_t;
+		type postfix_private_t, postfix_map_tmp_t, postfix_exec_t;
+		type postfix_keytab_t, postfix_t;
+	')
+
+	allow $1 postfix_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_domain)
+
+	init_startstop_service($1, $2, postfix_t, postfix_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, { postfix_prng_t postfix_etc_t postfix_exec_t postfix_keytab_t })
+
+	files_search_spool($1)
+	admin_pattern($1, { postfix_public_t postfix_private_t postfix_spool_type })
+
+	files_search_var_lib($1)
+	admin_pattern($1, postfix_data_t)
+
+	files_search_pids($1)
+	admin_pattern($1, postfix_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, { postfix_server_tmp_content postfix_map_tmp_t })
+
+	postfix_exec_master($1)
+	postfix_exec_postqueue($1)
+	postfix_stream_connect_master($1)
+	postfix_run_map($1, $2)
+
+	ifdef(`distro_gentoo',`
+		gen_require(`
+			type postfix_showq_exec_t;
+			type postfix_master_exec_t;
+			type postfix_postqueue_t;
+		')
+
+		allow postfix_postqueue_t $1:process sigchld;
+
+		can_exec($1, postfix_showq_exec_t)
+
+		# Postfix admin must be able to execute postfix main (for instance for "postfix reload")
+		can_exec($1, postfix_master_exec_t)
+
+		# Allow postfix admin to send message to log files, needed during operations like "postfix reload"
+		logging_send_syslog_msg($1)
+
+		# Reloading the system through postfix reload needs a few permissions
+		# "postfix: fatal: socket: Permission denied"
+		allow $1 self:tcp_socket create_stream_socket_perms;
+		# "postfix: fatal: inet_addr_local[getifaddrs]: getifaddrs: Permission denied"
+		allow $1 self:netlink_route_socket r_netlink_socket_perms;
+		# "postsuper: fatal: setuid(207): Operation not permitted"
+		allow $1 self:capability { setuid setgid };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfix_admin'($*)) dnl
+	')
+
+## <summary>Postfix grey-listing server.</summary>
+
+########################################
+## <summary>
+##	Connect to postgrey using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgrey_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgrey_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type postgrey_runtime_t, postgrey_t, postgrey_spool_t;
+	')
+
+	files_search_pids($1)
+	files_search_spool($1)
+	stream_connect_pattern($1, { postgrey_spool_t postgrey_runtime_t }, { postgrey_spool_t postgrey_runtime_t }, postgrey_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgrey_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`postgrey_search_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgrey_search_spool'($*)) dnl
+	
+	gen_require(`
+		type postgrey_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 postgrey_spool_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgrey_search_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an postgrey environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`postgrey_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postgrey_admin'($*)) dnl
+	
+	gen_require(`
+		type postgrey_t, postgrey_etc_t, postgrey_spool_t;
+		type postgrey_var_lib_t, postgrey_runtime_t;
+		type postgrey_initrc_exec_t;
+	')
+
+	allow $1 postgrey_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postgrey_t)
+
+	init_startstop_service($1, $2, postgrey_t, postgrey_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, postgrey_etc_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, postgrey_var_lib_t)
+
+	files_list_spool($1)
+	admin_pattern($1, postgrey_spool_t)
+
+	files_list_pids($1)
+	admin_pattern($1, postgrey_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postgrey_admin'($*)) dnl
+	')
+
+## <summary> Tools to send and receive short messages through GSM modems or mobile phones.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an smstools environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`smstools_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `smstools_admin'($*)) dnl
+	
+	gen_require(`
+		type smsd_t, smsd_initrc_exec_t, smsd_conf_t;
+		type smsd_log_t, smsd_var_lib_t, smsd_runtime_t;
+		type smsd_spool_t;
+	')
+
+	allow $1 smsd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, smsd_t)
+
+	init_startstop_service($1, $2, smsd_t, smsd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, smsd_conf_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, smsd_var_lib_t)
+
+	files_search_spool($1)
+	admin_pattern($1, smsd_spool_t)
+
+	files_search_pids($1)
+	admin_pattern($1, smsd_runtime_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, smsd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `smstools_admin'($*)) dnl
+	')
+
+## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an pegasus environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pegasus_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pegasus_admin'($*)) dnl
+	
+	gen_require(`
+		type pegasus_t, pegasus_initrc_exec_t, pegasus_tmp_t;
+		type pegasus_cache_t, pegasus_data_t, pegasus_conf_t;
+		type pegasus_mof_t, pegasus_runtime_t;
+	')
+
+	allow $1 pegasus_t:process { ptrace signal_perms };
+	ps_process_pattern($1, pegasus_t)
+
+	init_startstop_service($1, $2, pegasus_t, pegasus_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, pegasus_conf_t)
+
+	files_search_usr($1)
+	admin_pattern($1, pegasus_mof_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, pegasus_tmp_t)
+
+	files_search_var($1)
+	admin_pattern($1, pegasus_cache_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, pegasus_data_t)
+
+	files_search_pids($1)
+	admin_pattern($1, pegasus_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pegasus_admin'($*)) dnl
+	')
+
+## <summary>Geoclue is a D-Bus service that provides location information.</summary>
+## <summary>Libvirt virtualization API.</summary>
+
+#######################################
+## <summary>
+##	The template to define a virt domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute_role virt_domain_roles;
+		attribute virt_image_type, virt_domain, virt_tmpfs_type;
+		attribute virt_ptynode, virt_tmp_type;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_t, virt_domain;
+	application_type($1_t)
+	domain_user_exemption_target($1_t)
+	mls_rangetrans_target($1_t)
+	mcs_constrained($1_t)
+	role virt_domain_roles types $1_t;
+
+	type $1_devpts_t, virt_ptynode;
+	term_pty($1_devpts_t)
+
+	type $1_tmp_t, virt_tmp_type;
+	files_tmp_file($1_tmp_t)
+
+	type $1_tmpfs_t, virt_tmpfs_type;
+	files_tmpfs_file($1_tmpfs_t)
+
+	optional_policy(`
+		pulseaudio_tmpfs_content($1_tmpfs_t)
+	')
+
+	type $1_image_t, virt_image_type;
+	files_type($1_image_t)
+	dev_node($1_image_t)
+	dev_associate_sysfs($1_image_t)
+
+	ifdef(`distro_gentoo',`
+		optional_policy(`
+			qemu_entry_type($1_t)
+		')
+	')
+
+	########################################
+	#
+	# Policy
+	#
+
+	allow $1_t $1_devpts_t:chr_file { rw_term_perms setattr_chr_file_perms };
+	term_create_pty($1_t, $1_devpts_t)
+
+	manage_dirs_pattern($1_t, $1_image_t, $1_image_t)
+	manage_files_pattern($1_t, $1_image_t, $1_image_t)
+	manage_fifo_files_pattern($1_t, $1_image_t, $1_image_t)
+	read_lnk_files_pattern($1_t, $1_image_t, $1_image_t)
+	manage_sock_files_pattern($1_t, $1_image_t, $1_image_t)
+	rw_chr_files_pattern($1_t, $1_image_t, $1_image_t)
+	rw_blk_files_pattern($1_t, $1_image_t, $1_image_t)
+	fs_hugetlbfs_filetrans($1_t, $1_image_t, file)
+
+	manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t)
+	manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
+	manage_lnk_files_pattern($1_t, $1_tmp_t, $1_tmp_t)
+	files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
+
+	manage_dirs_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
+	manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
+	manage_lnk_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
+	fs_tmpfs_filetrans($1_t, $1_tmpfs_t, { dir file lnk_file })
+
+	optional_policy(`
+		pulseaudio_run($1_t, virt_domain_roles)
+	')
+
+	optional_policy(`
+		xserver_rw_shm($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_domain_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template to define a virt lxc domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_lxc_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_lxc_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute_role svirt_lxc_domain_roles;
+		attribute svirt_lxc_domain;
+	')
+
+	type $1_t, svirt_lxc_domain;
+	domain_type($1_t)
+	domain_user_exemption_target($1_t)
+	mls_rangetrans_target($1_t)
+	mcs_constrained($1_t)
+	role svirt_lxc_domain_roles types $1_t;
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_lxc_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type virt image type.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a virtual image.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_image',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_image'($*)) dnl
+	
+	gen_require(`
+		attribute virt_image_type;
+	')
+
+	typeattribute $1 virt_image_type;
+	files_type($1)
+	dev_node($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_image'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run virtd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_domtrans'($*)) dnl
+	
+	gen_require(`
+		type virtd_t, virtd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, virtd_exec_t, virtd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run virt qmf.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_domtrans_qmf',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_domtrans_qmf'($*)) dnl
+	
+	gen_require(`
+		type virt_qmf_t, virt_qmf_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, virt_qmf_exec_t, virt_qmf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_domtrans_qmf'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run virt bridgehelper.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_domtrans_bridgehelper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_domtrans_bridgehelper'($*)) dnl
+	
+	gen_require(`
+		type virt_bridgehelper_t, virt_bridgehelper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, virt_bridgehelper_exec_t, virt_bridgehelper_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_domtrans_bridgehelper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run virt leaseshelper.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_domtrans_leaseshelper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_domtrans_leaseshelper'($*)) dnl
+	
+	gen_require(`
+		type virt_leaseshelper_t, virt_leaseshelper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, virt_leaseshelper_exec_t, virt_leaseshelper_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_domtrans_leaseshelper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute bridgehelper in the bridgehelper
+##	domain, and allow the specified role
+##	the bridgehelper domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_run_bridgehelper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_run_bridgehelper'($*)) dnl
+	
+	gen_require(`
+		attribute_role virt_bridgehelper_roles;
+	')
+
+	virt_domtrans_bridgehelper($1)
+	roleattribute $2 virt_bridgehelper_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_run_bridgehelper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute virt domain in the their
+##	domain, and allow the specified
+##	role that virt domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_run_virt_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_run_virt_domain'($*)) dnl
+	
+	gen_require(`
+		attribute virt_domain;
+		attribute_role virt_domain_roles;
+	')
+
+	allow $1 virt_domain:process { signal transition };
+	roleattribute $2 virt_domain_roles;
+
+	allow virt_domain $1:fd use;
+	allow virt_domain $1:fifo_file rw_fifo_file_perms;
+	allow virt_domain $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_run_virt_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to all virt domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_signal_all_virt_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_signal_all_virt_domains'($*)) dnl
+	
+	gen_require(`
+		attribute virt_domain;
+	')
+
+	allow $1 virt_domain:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_signal_all_virt_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to all virt domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_kill_all_virt_domains',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_kill_all_virt_domains'($*)) dnl
+	
+	gen_require(`
+		attribute virt_domain;
+	')
+
+	allow $1 virt_domain:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_kill_all_virt_domains'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute svirt lxc domains in their
+##	domain, and allow the specified
+##	role that svirt lxc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_run_svirt_lxc_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_run_svirt_lxc_domain'($*)) dnl
+	
+	gen_require(`
+		attribute svirt_lxc_domain;
+		attribute_role svirt_lxc_domain_roles;
+	')
+
+	allow $1 svirt_lxc_domain:process { signal transition };
+	roleattribute $2 svirt_lxc_domain_roles;
+
+	allow svirt_lxc_domain $1:fd use;
+	allow svirt_lxc_domain $1:fifo_file rw_fifo_file_perms;
+	allow svirt_lxc_domain $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_run_svirt_lxc_domain'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Get attributes of virtd executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_getattr_virtd_exec_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_getattr_virtd_exec_files'($*)) dnl
+	
+	gen_require(`
+		type virtd_exec_t;
+	')
+
+	allow $1 virtd_exec_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_getattr_virtd_exec_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Connect to virt with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type virtd_t, virt_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, virt_runtime_t, virt_runtime_t, virtd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Attach to virt tun devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_attach_tun_iface',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_attach_tun_iface'($*)) dnl
+	
+	gen_require(`
+		type virtd_t;
+	')
+
+	allow $1 virtd_t:tun_socket relabelfrom;
+	allow $1 self:tun_socket relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_attach_tun_iface'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read virt configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_read_config'($*)) dnl
+	
+	gen_require(`
+		type virt_etc_t, virt_etc_rw_t;
+	')
+
+	files_search_etc($1)
+	allow $1 { virt_etc_t virt_etc_rw_t }:dir list_dir_perms;
+	read_files_pattern($1, virt_etc_t, virt_etc_t)
+	read_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
+	read_lnk_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	virt configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_config'($*)) dnl
+	
+	gen_require(`
+		type virt_etc_t, virt_etc_rw_t;
+	')
+
+	files_search_etc($1)
+	allow $1 { virt_etc_t virt_etc_rw_t }:dir manage_dir_perms;
+	manage_files_pattern($1, virt_etc_t, virt_etc_t)
+	manage_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
+	manage_lnk_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read virt content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_read_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_read_content'($*)) dnl
+	
+	gen_require(`
+		type virt_content_t;
+	')
+
+	virt_search_lib($1)
+	allow $1 virt_content_t:dir list_dir_perms;
+	list_dirs_pattern($1, virt_content_t, virt_content_t)
+	read_files_pattern($1, virt_content_t, virt_content_t)
+	read_lnk_files_pattern($1, virt_content_t, virt_content_t)
+	read_blk_files_pattern($1, virt_content_t, virt_content_t)
+
+	tunable_policy(`virt_use_nfs',`
+		fs_list_nfs($1)
+		fs_read_nfs_files($1)
+		fs_read_nfs_symlinks($1)
+	')
+
+	tunable_policy(`virt_use_samba',`
+		fs_list_cifs($1)
+		fs_read_cifs_files($1)
+		fs_read_cifs_symlinks($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_read_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	virt content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_virt_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_virt_content'($*)) dnl
+	
+	gen_require(`
+		type virt_content_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 virt_content_t:dir manage_dir_perms;
+	allow $1 virt_content_t:file manage_file_perms;
+	allow $1 virt_content_t:fifo_file manage_fifo_file_perms;
+	allow $1 virt_content_t:lnk_file manage_lnk_file_perms;
+	allow $1 virt_content_t:sock_file manage_sock_file_perms;
+	allow $1 virt_content_t:blk_file manage_blk_file_perms;
+
+	tunable_policy(`virt_use_nfs',`
+		fs_manage_nfs_dirs($1)
+		fs_manage_nfs_files($1)
+		fs_manage_nfs_symlinks($1)
+	')
+
+	tunable_policy(`virt_use_samba',`
+		fs_manage_cifs_dirs($1)
+		fs_manage_cifs_files($1)
+		fs_manage_cifs_symlinks($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_virt_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel virt content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_relabel_virt_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_relabel_virt_content'($*)) dnl
+	
+	gen_require(`
+		type virt_content_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 virt_content_t:dir relabel_dir_perms;
+	allow $1 virt_content_t:file relabel_file_perms;
+	allow $1 virt_content_t:fifo_file relabel_fifo_file_perms;
+	allow $1 virt_content_t:lnk_file relabel_lnk_file_perms;
+	allow $1 virt_content_t:sock_file relabel_sock_file_perms;
+	allow $1 virt_content_t:blk_file relabel_blk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_relabel_virt_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	directories with the virt content type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_home_filetrans_virt_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_home_filetrans_virt_content'($*)) dnl
+	
+	gen_require(`
+		type virt_content_t;
+	')
+
+	virt_home_filetrans($1, virt_content_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_home_filetrans_virt_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	svirt home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_svirt_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_svirt_home_content'($*)) dnl
+	
+	gen_require(`
+		type svirt_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 svirt_home_t:dir manage_dir_perms;
+	allow $1 svirt_home_t:file manage_file_perms;
+	allow $1 svirt_home_t:fifo_file manage_fifo_file_perms;
+	allow $1 svirt_home_t:lnk_file manage_lnk_file_perms;
+	allow $1 svirt_home_t:sock_file manage_sock_file_perms;
+
+	tunable_policy(`virt_use_nfs',`
+		fs_manage_nfs_dirs($1)
+		fs_manage_nfs_files($1)
+		fs_manage_nfs_symlinks($1)
+	')
+
+	tunable_policy(`virt_use_samba',`
+		fs_manage_cifs_dirs($1)
+		fs_manage_cifs_files($1)
+		fs_manage_cifs_symlinks($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_svirt_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel svirt home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_relabel_svirt_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_relabel_svirt_home_content'($*)) dnl
+	
+	gen_require(`
+		type svirt_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 svirt_home_t:dir relabel_dir_perms;
+	allow $1 svirt_home_t:file relabel_file_perms;
+	allow $1 svirt_home_t:fifo_file relabel_fifo_file_perms;
+	allow $1 svirt_home_t:lnk_file relabel_lnk_file_perms;
+	allow $1 svirt_home_t:sock_file relabel_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_relabel_svirt_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	directories with the svirt home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_home_filetrans_svirt_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_home_filetrans_svirt_home'($*)) dnl
+	
+	gen_require(`
+		type svirt_home_t;
+	')
+
+	virt_home_filetrans($1, svirt_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_home_filetrans_svirt_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	virt home directories with private
+##	home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_home_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_home_filetrans'($*)) dnl
+	
+	gen_require(`
+		type virt_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	filetrans_pattern($1, virt_home_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_home_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	virt home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_home_files'($*)) dnl
+	
+	gen_require(`
+		type virt_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	manage_files_pattern($1, virt_home_t, virt_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	virt home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_generic_virt_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_generic_virt_home_content'($*)) dnl
+	
+	gen_require(`
+		type virt_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 virt_home_t:dir manage_dir_perms;
+	allow $1 virt_home_t:file manage_file_perms;
+	allow $1 virt_home_t:fifo_file manage_fifo_file_perms;
+	allow $1 virt_home_t:lnk_file manage_lnk_file_perms;
+	allow $1 virt_home_t:sock_file manage_sock_file_perms;
+
+	tunable_policy(`virt_use_nfs',`
+		fs_manage_nfs_dirs($1)
+		fs_manage_nfs_files($1)
+		fs_manage_nfs_symlinks($1)
+	')
+
+	tunable_policy(`virt_use_samba',`
+		fs_manage_cifs_dirs($1)
+		fs_manage_cifs_files($1)
+		fs_manage_cifs_symlinks($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_generic_virt_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel virt home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_relabel_generic_virt_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_relabel_generic_virt_home_content'($*)) dnl
+	
+	gen_require(`
+		type virt_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 virt_home_t:dir relabel_dir_perms;
+	allow $1 virt_home_t:file relabel_file_perms;
+	allow $1 virt_home_t:fifo_file relabel_fifo_file_perms;
+	allow $1 virt_home_t:lnk_file relabel_lnk_file_perms;
+	allow $1 virt_home_t:sock_file relabel_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_relabel_generic_virt_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in user home
+##	directories with the generic virt
+##	home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_home_filetrans_virt_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_home_filetrans_virt_home'($*)) dnl
+	
+	gen_require(`
+		type virt_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, virt_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_home_filetrans_virt_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read virt pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type virt_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, virt_runtime_t, virt_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	virt pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type virt_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, virt_runtime_t, virt_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search virt lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_search_lib'($*)) dnl
+	
+	gen_require(`
+		type virt_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 virt_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read virt lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type virt_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
+	read_lnk_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	virt lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type virt_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, virt_var_lib_t, virt_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in virt pid
+##	directories with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`virt_pid_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_pid_filetrans'($*)) dnl
+	
+	gen_require(`
+		type virt_runtime_t;
+	')
+
+	files_search_pids($1)
+	filetrans_pattern($1, virt_runtime_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_pid_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read virt log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`virt_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_read_log'($*)) dnl
+	
+	gen_require(`
+		type virt_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, virt_log_t, virt_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append virt log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_append_log'($*)) dnl
+	
+	gen_require(`
+		type virt_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, virt_log_t, virt_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	virt log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_log'($*)) dnl
+	
+	gen_require(`
+		type virt_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_dirs_pattern($1, virt_log_t, virt_log_t)
+	manage_files_pattern($1, virt_log_t, virt_log_t)
+	manage_lnk_files_pattern($1, virt_log_t, virt_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search virt image directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_search_images',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_search_images'($*)) dnl
+	
+	gen_require(`
+		attribute virt_image_type;
+	')
+
+	virt_search_lib($1)
+	allow $1 virt_image_type:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_search_images'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read virt image files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_read_images',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_read_images'($*)) dnl
+	
+	gen_require(`
+		attribute virt_image_type;
+	')
+
+	virt_search_lib($1)
+	allow $1 virt_image_type:dir list_dir_perms;
+	list_dirs_pattern($1, virt_image_type, virt_image_type)
+	read_files_pattern($1, virt_image_type, virt_image_type)
+	read_lnk_files_pattern($1, virt_image_type, virt_image_type)
+	read_blk_files_pattern($1, virt_image_type, virt_image_type)
+
+	tunable_policy(`virt_use_nfs',`
+		fs_list_nfs($1)
+		fs_read_nfs_files($1)
+		fs_read_nfs_symlinks($1)
+	')
+
+	tunable_policy(`virt_use_samba',`
+		fs_list_cifs($1)
+		fs_read_cifs_files($1)
+		fs_read_cifs_symlinks($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_read_images'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write all virt image
+##	character files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_rw_all_image_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_rw_all_image_chr_files'($*)) dnl
+	
+	gen_require(`
+		attribute virt_image_type;
+	')
+
+	virt_search_lib($1)
+	allow $1 virt_image_type:dir list_dir_perms;
+	rw_chr_files_pattern($1, virt_image_type, virt_image_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_rw_all_image_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	virt cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_virt_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_virt_cache'($*)) dnl
+	
+	gen_require(`
+		type virt_cache_t;
+	')
+
+	files_search_var($1)
+	manage_dirs_pattern($1, virt_cache_t, virt_cache_t)
+	manage_files_pattern($1, virt_cache_t, virt_cache_t)
+	manage_lnk_files_pattern($1, virt_cache_t, virt_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_virt_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	virt image files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`virt_manage_images',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_manage_images'($*)) dnl
+	
+	gen_require(`
+		attribute virt_image_type;
+	')
+
+	virt_search_lib($1)
+	allow $1 virt_image_type:dir list_dir_perms;
+	manage_dirs_pattern($1, virt_image_type, virt_image_type)
+	manage_files_pattern($1, virt_image_type, virt_image_type)
+	read_lnk_files_pattern($1, virt_image_type, virt_image_type)
+	rw_blk_files_pattern($1, virt_image_type, virt_image_type)
+
+	tunable_policy(`virt_use_nfs',`
+		fs_manage_nfs_dirs($1)
+		fs_manage_nfs_files($1)
+		fs_read_nfs_symlinks($1)
+	')
+
+	tunable_policy(`virt_use_samba',`
+		fs_manage_cifs_files($1)
+		fs_manage_cifs_files($1)
+		fs_read_cifs_symlinks($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_manage_images'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an virt environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`virt_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `virt_admin'($*)) dnl
+	
+	gen_require(`
+		attribute virt_domain, virt_image_type, virt_tmpfs_type;
+		attribute virt_ptynode, svirt_lxc_domain, virt_tmp_type;
+		type virtd_t, virtd_initrc_exec_t, virtd_lxc_t;
+		type virsh_t, virtd_lxc_runtime_t, svirt_lxc_file_t;
+		type virt_bridgehelper_t, virt_qmf_t, virt_var_lib_t;
+		type virt_runtime_t, virt_tmp_t, virt_log_t;
+		type virt_lock_t, svirt_runtime_t, virt_etc_rw_t;
+		type virt_etc_t, svirt_cache_t, virtd_keytab_t;
+	')
+
+	allow $1 { virt_domain svirt_lxc_domain virtd_t }:process { ptrace signal_perms };
+	allow $1 { virtd_lxc_t virsh_t virt_bridgehelper_t virt_qmf_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { virt_domain svirt_lxc_domain virtd_t })
+	ps_process_pattern($1, { virtd_lxc_t virsh_t virt_bridgehelper_t virt_qmf_t })
+
+	init_startstop_service($1, $2, virtd_t, virtd_initrc_exec_t)
+
+	fs_search_tmpfs($1)
+	admin_pattern($1, virt_tmpfs_type)
+
+	files_search_tmp($1)
+	admin_pattern($1, { virt_tmp_type virt_tmp_t })
+
+	files_search_etc($1)
+	admin_pattern($1, { virt_etc_t virt_etc_rw_t virtd_keytab_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, virt_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, { virt_runtime_t virtd_lxc_runtime_t svirt_runtime_t })
+
+	files_search_var($1)
+	admin_pattern($1, svirt_cache_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, { virt_image_type virt_var_lib_t svirt_lxc_file_t })
+
+	files_search_locks($1)
+	admin_pattern($1, virt_lock_t)
+
+	dev_list_all_dev_nodes($1)
+	allow $1 virt_ptynode:chr_file rw_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `virt_admin'($*)) dnl
+	')
+
+## <summary>Intrusion Detection and Log Analysis with iptables.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run psad.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`psad_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_domtrans'($*)) dnl
+	
+	gen_require(`
+		type psad_t, psad_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, psad_exec_t, psad_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to psad.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`psad_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_signal'($*)) dnl
+	
+	gen_require(`
+		type psad_t;
+	')
+
+	allow $1 psad_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_signal'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send null signals to psad.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`psad_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_signull'($*)) dnl
+	
+	gen_require(`
+		type psad_t;
+	')
+
+	allow $1 psad_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read psad configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`psad_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_read_config'($*)) dnl
+	
+	gen_require(`
+		type psad_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 psad_etc_t:dir list_dir_perms;
+	allow $1 psad_etc_t:file read_file_perms;
+	allow $1 psad_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	psad configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`psad_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_manage_config'($*)) dnl
+	
+	gen_require(`
+		type psad_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 psad_etc_t:dir manage_dir_perms;
+	allow $1 psad_etc_t:file manage_file_perms;
+	allow $1 psad_etc_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read psad pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`psad_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type psad_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, psad_runtime_t, psad_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write psad pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`psad_rw_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_rw_pid_files'($*)) dnl
+	
+	gen_require(`
+		type psad_runtime_t;
+	')
+
+	files_search_pids($1)
+	rw_files_pattern($1, psad_runtime_t, psad_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_rw_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read psad log content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`psad_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_read_log'($*)) dnl
+	
+	gen_require(`
+		type psad_var_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 psad_var_log_t:dir list_dir_perms;
+	allow $1 psad_var_log_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append psad log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`psad_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_append_log'($*)) dnl
+	
+	gen_require(`
+		type psad_var_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, psad_var_log_t, psad_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write psad fifo files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`psad_rw_fifo_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_rw_fifo_file'($*)) dnl
+	
+	gen_require(`
+		type psad_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	rw_fifo_files_pattern($1, psad_var_lib_t, psad_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_rw_fifo_file'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write psad temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`psad_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type psad_tmp_t;
+	')
+
+	files_search_tmp($1)
+	rw_files_pattern($1, psad_tmp_t, psad_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_rw_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an psad environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`psad_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `psad_admin'($*)) dnl
+	
+	gen_require(`
+		type psad_t, psad_runtime_t, psad_var_log_t;
+		type psad_initrc_exec_t, psad_var_lib_t;
+		type psad_tmp_t, psad_etc_t;
+	')
+
+	allow $1 psad_t:process { ptrace signal_perms };
+	ps_process_pattern($1, psad_t)
+
+	init_startstop_service($1, $2, psad_t, psad_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, psad_etc_t)
+
+	files_search_pids($1)
+	admin_pattern($1, psad_runtime_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, psad_var_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, psad_var_lib_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, psad_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `psad_admin'($*)) dnl
+	')
+
+## <summary>Content-based spam filter designed for multi-user enterprise systems.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run dspam.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dspam_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dspam_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dspam_t, dspam_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dspam_exec_t, dspam_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dspam_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Connect to dspam using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dspam_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dspam_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type dspam_t, dspam_runtime_t;
+	')
+
+	files_search_pids($1)
+	files_search_tmp($1)
+	stream_connect_pattern($1, dspam_runtime_t, dspam_runtime_t, dspam_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dspam_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dspam environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dspam_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dspam_admin'($*)) dnl
+	
+	gen_require(`
+		type dspam_t, dspam_initrc_exec_t, dspam_log_t;
+		type dspam_var_lib_t, dspam_runtime_t;
+	')
+
+	allow $1 dspam_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dspam_t)
+
+	init_startstop_service($1, $2, dspam_t, dspam_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, dspam_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, dspam_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, dspam_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dspam_admin'($*)) dnl
+	')
+
+## <summary>Implementations of the Cryptoki specification.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an pkcs slotd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pkcs_admin_slotd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pkcs_admin_slotd'($*)) dnl
+	
+	gen_require(`
+		type pkcs_slotd_t, pkcs_slotd_initrc_exec_t, pkcs_slotd_var_lib_t;
+		type pkcs_slotd_runtime_t, pkcs_slotd_tmp_t, pkcs_slotd_tmpfs_t;
+	')
+
+	allow $1 pkcs_slotd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, pkcs_slotd_t)
+
+	init_startstop_service($1, $2, pkcs_slotd_t, pkcs_slotd_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, pkcs_slotd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, pkcs_slotd_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, pkcs_slotd_tmp_t)
+
+	fs_search_tmpfs($1)
+	admin_pattern($1, pkcs_slotd_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pkcs_admin_slotd'($*)) dnl
+	')
+
+## <summary>Monopoly daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an monop environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`monop_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `monop_admin'($*)) dnl
+	
+	gen_require(`
+		type monopd_t, monopd_initrc_exec_t, monopd_share_t;
+		type monopd_etc_t, monopd_runtime_t;
+	')
+
+	allow $1 monopd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, monopd_t)
+
+	init_startstop_service($1, $2, monopd_t, monopd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, monopd_etc_t)
+
+	files_search_pids($1)
+	admin_pattern($1, monopd_runtime_t)
+
+	files_search_usr($1)
+	admin_pattern($1, monopd_share_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `monop_admin'($*)) dnl
+	')
+
+## <summary>Mail transfer agent.</summary>
+
+########################################
+## <summary>
+##	Execute exim in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`exim_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_exec'($*)) dnl
+	
+	gen_require(`
+		type exim_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, exim_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run exim.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`exim_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_domtrans'($*)) dnl
+	
+	gen_require(`
+		type exim_t, exim_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, exim_exec_t, exim_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute exim in the exim domain,
+##	and allow the specified role
+##	the exim domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`exim_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role exim_roles;
+	')
+
+	exim_domtrans($1)
+	roleattribute $2 exim_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read exim
+##	temporary tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`exim_dontaudit_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_dontaudit_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type exim_tmp_t;
+	')
+
+	dontaudit $1 exim_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_dontaudit_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read exim temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`exim_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type exim_tmp_t;
+	')
+
+	allow $1 exim_tmp_t:file read_file_perms;
+	files_search_tmp($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read exim pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`exim_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type exim_pid_t;
+	')
+
+	allow $1 exim_pid_t:file read_file_perms;
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read exim log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`exim_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_read_log'($*)) dnl
+	
+	gen_require(`
+		type exim_log_t;
+	')
+
+	read_files_pattern($1, exim_log_t, exim_log_t)
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append exim log files.
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+#
+ 	 	define(`exim_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_append_log'($*)) dnl
+	
+	gen_require(`
+		type exim_log_t;
+	')
+
+	append_files_pattern($1, exim_log_t, exim_log_t)
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	exim log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`exim_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_manage_log'($*)) dnl
+	
+	gen_require(`
+		type exim_log_t;
+	')
+
+	manage_files_pattern($1, exim_log_t, exim_log_t)
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	exim spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`exim_manage_spool_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_manage_spool_dirs'($*)) dnl
+	
+	gen_require(`
+		type exim_spool_t;
+	')
+
+	manage_dirs_pattern($1, exim_spool_t, exim_spool_t)
+	files_search_spool($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_manage_spool_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read exim spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`exim_read_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_read_spool_files'($*)) dnl
+	
+	gen_require(`
+		type exim_spool_t;
+	')
+
+	allow $1 exim_spool_t:file read_file_perms;
+	allow $1 exim_spool_t:dir list_dir_perms;
+	files_search_spool($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_read_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	exim spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`exim_manage_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_manage_spool_files'($*)) dnl
+	
+	gen_require(`
+		type exim_spool_t;
+	')
+
+	manage_files_pattern($1, exim_spool_t, exim_spool_t)
+	files_search_spool($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_manage_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read exim var lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`exim_read_var_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_read_var_lib_files'($*)) dnl
+	
+	gen_require(`
+		type exim_var_lib_t;
+	')
+
+	read_files_pattern($1, exim_var_lib_t, exim_var_lib_t)
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_read_var_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, and write exim var lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`exim_manage_var_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_manage_var_lib_files'($*)) dnl
+	
+	gen_require(`
+		type exim_var_lib_t;
+	')
+
+	manage_files_pattern($1, exim_var_lib_t, exim_var_lib_t)
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_manage_var_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an exim environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`exim_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `exim_admin'($*)) dnl
+	
+	gen_require(`
+		type exim_t, exim_spool_t, exim_log_t;
+		type exim_pid_t, exim_initrc_exec_t, exim_tmp_t;
+		type exim_keytab_t;
+	')
+
+	allow $1 exim_t:process { ptrace signal_perms };
+	ps_process_pattern($1, exim_t)
+
+	init_startstop_service($1, $2, exim_t, exim_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, exim_keytab_t)
+
+	files_search_spool($1)
+	admin_pattern($1, exim_spool_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, exim_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, exim_pid_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, exim_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `exim_admin'($*)) dnl
+	')
+
+## <summary>Simple network management protocol services.</summary>
+
+########################################
+## <summary>
+##	Connect to snmpd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`snmp_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snmp_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type snmpd_t, snmpd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snmp_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to snmp over the TCP network.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`snmp_tcp_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snmp_tcp_connect'($*)) dnl
+	
+	gen_require(`
+		type snmpd_t;
+	')
+
+	corenet_tcp_recvfrom_labeled($1, snmpd_t)
+	corenet_tcp_connect_snmp_port($1)
+	corenet_sendrecv_snmp_client_packets($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snmp_tcp_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	snmp lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`snmp_manage_var_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snmp_manage_var_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type snmpd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 snmpd_var_lib_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snmp_manage_var_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	snmp lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`snmp_manage_var_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snmp_manage_var_lib_files'($*)) dnl
+	
+	gen_require(`
+		type snmpd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 snmpd_var_lib_t:dir list_dir_perms;
+	manage_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snmp_manage_var_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read snmpd lib content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`snmp_read_snmp_var_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snmp_read_snmp_var_lib_files'($*)) dnl
+	
+	gen_require(`
+		type snmpd_var_lib_t;
+	')
+
+	allow $1 snmpd_var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
+	read_lnk_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snmp_read_snmp_var_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read
+##	snmpd lib content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`snmp_dontaudit_read_snmp_var_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snmp_dontaudit_read_snmp_var_lib_files'($*)) dnl
+	
+	gen_require(`
+		type snmpd_var_lib_t;
+	')
+
+	dontaudit $1 snmpd_var_lib_t:dir list_dir_perms;
+	dontaudit $1 snmpd_var_lib_t:file read_file_perms;
+	dontaudit $1 snmpd_var_lib_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snmp_dontaudit_read_snmp_var_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write
+##	snmpd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`snmp_dontaudit_write_snmp_var_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snmp_dontaudit_write_snmp_var_lib_files'($*)) dnl
+	
+	gen_require(`
+		type snmpd_var_lib_t;
+	')
+
+	dontaudit $1 snmpd_var_lib_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snmp_dontaudit_write_snmp_var_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an snmp environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`snmp_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snmp_admin'($*)) dnl
+	
+	gen_require(`
+		type snmpd_t, snmpd_log_t, snmpd_initrc_exec_t;
+		type snmpd_var_lib_t, snmpd_runtime_t;
+	')
+
+	allow $1 snmpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, snmpd_t)
+
+	init_startstop_service($1, $2, snmpd_t, snmpd_initrc_exec_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, snmpd_log_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, snmpd_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, snmpd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snmp_admin'($*)) dnl
+	')
+
+
+# Gentoo stuff but cannot use ifdef distro_gentoo
+
+########################################
+## <summary>
+##	Append to the snmp variable lib data
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`snmp_append_var_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `snmp_append_var_lib_files'($*)) dnl
+	
+	gen_require(`
+		type snmp_var_lib_t;
+	')
+
+	allow $1 snmp_var_lib_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `snmp_append_var_lib_files'($*)) dnl
+	')
+
+## <summary>Virtual network service for Openstack.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an quantum environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`quantum_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `quantum_admin'($*)) dnl
+	
+	gen_require(`
+		type quantum_t, quantum_initrc_exec_t, quantum_log_t;
+		type quantum_var_lib_t, quantum_tmp_t;
+	')
+
+	allow $1 quantum_t:process { ptrace signal_perms };
+	ps_process_pattern($1, quantum_t)
+
+	init_startstop_service($1, $2, quantum_t, quantum_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, quantum_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, quantum_var_lib_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, quantum_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `quantum_admin'($*)) dnl
+	')
+
+## <summary>Encrypted tunnel daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cipe environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cipe_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cipe_admin'($*)) dnl
+	
+	gen_require(`
+		type ciped_t, ciped_initrc_exec_t;
+	')
+
+	allow $1 ciped_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ciped_t)
+
+	init_startstop_service($1, $2, ciped_t, ciped_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cipe_admin'($*)) dnl
+	')
+
+## <summary>Zarafa collaboration platform.</summary>
+
+#######################################
+## <summary>
+##	The template to define a zarafa domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`zarafa_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zarafa_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute zarafa_domain, zarafa_logfile, zarafa_pidfile;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type zarafa_$1_t, zarafa_domain;
+	type zarafa_$1_exec_t;
+	init_daemon_domain(zarafa_$1_t, zarafa_$1_exec_t)
+
+	type zarafa_$1_log_t, zarafa_logfile;
+	logging_log_file(zarafa_$1_log_t)
+
+	type zarafa_$1_runtime_t alias zarafa_$1_var_run_t, zarafa_pidfile;
+	files_pid_file(zarafa_$1_runtime_t)
+
+	########################################
+	#
+	# Policy
+	#
+
+	manage_files_pattern(zarafa_$1_t, zarafa_$1_runtime_t, zarafa_$1_runtime_t)
+	manage_sock_files_pattern(zarafa_$1_t, zarafa_$1_runtime_t, zarafa_$1_runtime_t)
+	files_pid_filetrans(zarafa_$1_t, zarafa_$1_runtime_t, { file sock_file })
+
+	append_files_pattern(zarafa_$1_t, zarafa_$1_log_t, zarafa_$1_log_t)
+	create_files_pattern(zarafa_$1_t, zarafa_$1_log_t, zarafa_$1_log_t)
+	setattr_files_pattern(zarafa_$1_t, zarafa_$1_log_t, zarafa_$1_log_t)
+	logging_log_filetrans(zarafa_$1_t, zarafa_$1_log_t, file)
+
+	auth_use_nsswitch(zarafa_$1_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zarafa_domain_template'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	search zarafa configuration directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`zarafa_search_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zarafa_search_config'($*)) dnl
+	
+	gen_require(`
+		type zarafa_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 zarafa_etc_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zarafa_search_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run zarafa deliver.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`zarafa_domtrans_deliver',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zarafa_domtrans_deliver'($*)) dnl
+	
+	gen_require(`
+		type zarafa_deliver_t, zarafa_deliver_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, zarafa_deliver_exec_t, zarafa_deliver_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zarafa_domtrans_deliver'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run zarafa server.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`zarafa_domtrans_server',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zarafa_domtrans_server'($*)) dnl
+	
+	gen_require(`
+		type zarafa_server_t, zarafa_server_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, zarafa_server_exec_t, zarafa_server_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zarafa_domtrans_server'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Connect to zarafa server with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`zarafa_stream_connect_server',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zarafa_stream_connect_server'($*)) dnl
+	
+	gen_require(`
+		type zarafa_server_t, zarafa_server_runtime_t;
+	')
+
+	files_search_var_lib($1)
+	stream_connect_pattern($1, zarafa_server_runtime_t, zarafa_server_runtime_t, zarafa_server_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zarafa_stream_connect_server'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an zarafa environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`zarafa_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zarafa_admin'($*)) dnl
+	
+	gen_require(`
+		attribute zarafa_domain, zarafa_logfile, zarafa_pidfile;
+		type zarafa_etc_t, zarafa_initrc_exec_t, zarafa_deliver_tmp_t;
+		type zarafa_indexer_tmp_t, zarafa_server_tmp_t, zarafa_share_t;
+		type zarafa_var_lib_t;
+	')
+
+	allow $1 zarafa_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, zarafa_domain)
+
+	init_startstop_service($1, $2, zarafa_t, zarafa_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, zarafa_etc_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, { zarafa_deliver_tmp_t zarafa_indexer_tmp_t zarafa_server_tmp_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, zarafa_logfile)
+
+	files_search_var_lib($1)
+	admin_pattern($1, { zarafa_var_lib_t zarafa_share_t })
+
+	files_search_pids($1)
+	admin_pattern($1, zarafa_pidfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zarafa_admin'($*)) dnl
+	')
+
+## <summary>General Purpose Mouse driver.</summary>
+
+########################################
+## <summary>
+##	Connect to GPM over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpm_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpm_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type gpmctl_t, gpm_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	stream_connect_pattern($1, gpmctl_t, gpmctl_t, gpm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpm_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of gpm control
+##	channel named sock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpm_getattr_gpmctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpm_getattr_gpmctl'($*)) dnl
+	
+	gen_require(`
+		type gpmctl_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 gpmctl_t:sock_file getattr_sock_file_perms;
+	allow $1 gpmctl_t:fifo_file getattr_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpm_getattr_gpmctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get
+##	attributes of gpm control channel
+##	named sock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpm_dontaudit_getattr_gpmctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpm_dontaudit_getattr_gpmctl'($*)) dnl
+	
+	gen_require(`
+		type gpmctl_t;
+	')
+
+	dontaudit $1 gpmctl_t:sock_file getattr_sock_file_perms;
+	dontaudit $1 gpmctl_t:fifo_file getattr_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpm_dontaudit_getattr_gpmctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of gpm control
+##	channel named sock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpm_setattr_gpmctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpm_setattr_gpmctl'($*)) dnl
+	
+	gen_require(`
+		type gpmctl_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 gpmctl_t:sock_file setattr_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpm_setattr_gpmctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an gpm environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`gpm_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpm_admin'($*)) dnl
+	
+	gen_require(`
+		type gpm_t, gpm_conf_t, gpm_initrc_exec_t;
+		type gpm_runtime_t, gpmctl_t;
+	')
+
+	allow $1 gpm_t:process { ptrace signal_perms };
+	ps_process_pattern($1, gpm_t)
+
+	init_startstop_service($1, $2, gpm_t, gpm_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, gpm_conf_t)
+
+	dev_list_all_dev_nodes($1)
+	admin_pattern($1, gpmctl_t)
+
+	files_search_pids($1)
+	admin_pattern($1, gpm_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpm_admin'($*)) dnl
+	')
+
+## <summary>full-featured SSL VPN solution.</summary>
+
+########################################
+## <summary>
+##	Execute openvpn clients in the
+##	openvpn domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`openvpn_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvpn_domtrans'($*)) dnl
+	
+	gen_require(`
+		type openvpn_t, openvpn_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, openvpn_exec_t, openvpn_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvpn_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute openvpn clients in the
+##	openvpn domain, and allow the
+##	specified role the openvpn domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`openvpn_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvpn_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role openvpn_roles;
+	')
+
+	openvpn_domtrans($1)
+	roleattribute $2 openvpn_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvpn_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to openvpn.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openvpn_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvpn_kill'($*)) dnl
+	
+	gen_require(`
+		type openvpn_t;
+	')
+
+	allow $1 openvpn_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvpn_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to openvpn.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openvpn_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvpn_signal'($*)) dnl
+	
+	gen_require(`
+		type openvpn_t;
+	')
+
+	allow $1 openvpn_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvpn_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to openvpn.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openvpn_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvpn_signull'($*)) dnl
+	
+	gen_require(`
+		type openvpn_t;
+	')
+
+	allow $1 openvpn_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvpn_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read openvpn configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`openvpn_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvpn_read_config'($*)) dnl
+	
+	gen_require(`
+		type openvpn_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 openvpn_etc_t:dir list_dir_perms;
+	allow $1 openvpn_etc_t:file read_file_perms;
+	allow $1 openvpn_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvpn_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an openvpn environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`openvpn_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvpn_admin'($*)) dnl
+	
+	gen_require(`
+		type openvpn_t, openvpn_etc_t, openvpn_var_log_t;
+		type openvpn_runtime_t, openvpn_initrc_exec_t, openvpn_etc_rw_t;
+		type openvpn_status_t;
+	')
+
+	allow $1 openvpn_t:process { ptrace signal_perms };
+	ps_process_pattern($1, openvpn_t)
+
+	init_startstop_service($1, $2, openvpn_t, openvpn_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { openvpn_etc_t openvpn_etc_rw_t })
+
+	logging_list_logs($1)
+	admin_pattern($1, { openvpn_status_t openvpn_var_log_t })
+
+	files_list_pids($1)
+	admin_pattern($1, openvpn_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvpn_admin'($*)) dnl
+	')
+
+## <summary>Dynamic adaptive system tuning daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run tuned.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tuned_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tuned_domtrans'($*)) dnl
+	
+	gen_require(`
+		type tuned_t, tuned_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, tuned_exec_t, tuned_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tuned_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute tuned in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tuned_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tuned_exec'($*)) dnl
+	
+	gen_require(`
+		type tuned_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, tuned_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tuned_exec'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read tuned pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tuned_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tuned_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type tuned_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, tuned_runtime_t, tuned_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tuned_read_pid_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	tuned pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tuned_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tuned_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type tuned_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, tuned_runtime_t, tuned_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tuned_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute tuned init scripts in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tuned_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tuned_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type tuned_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, tuned_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tuned_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an tuned environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tuned_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tuned_admin'($*)) dnl
+	
+	gen_require(`
+		type tuned_t, tuned_runtime_t, tuned_initrc_exec_t;
+		type tuned_etc_t, tuned_rw_etc_t, tuned_log_t;
+	')
+
+	allow $1 tuned_t:process { ptrace signal_perms };
+	ps_process_pattern($1, tuned_t)
+
+	init_startstop_service($1, $2, tuned_t, tuned_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, { tuned_etc_t tuned_rw_etc_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, tuned_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, tuned_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tuned_admin'($*)) dnl
+	')
+
+## <summary>High-performance interface between an email server and content checkers.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run amavis.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_domtrans'($*)) dnl
+	
+	gen_require(`
+		type amavis_t, amavis_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, amavis_exec_t, amavis_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute amavis server in the amavis domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type amavis_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, amavis_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read amavis spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_read_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_read_spool_files'($*)) dnl
+	
+	gen_require(`
+		type amavis_spool_t;
+	')
+
+	files_search_spool($1)
+	read_files_pattern($1, amavis_spool_t, amavis_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_read_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	amavis spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_manage_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_manage_spool_files'($*)) dnl
+	
+	gen_require(`
+		type amavis_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_dirs_pattern($1, amavis_spool_t, amavis_spool_t)
+	manage_files_pattern($1, amavis_spool_t, amavis_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_manage_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the amavis spool directories
+##	with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	Private file type.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_spool_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_spool_filetrans'($*)) dnl
+	
+	gen_require(`
+		type amavis_spool_t;
+	')
+
+	files_search_spool($1)
+	filetrans_pattern($1, amavis_spool_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_spool_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search amavis lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_search_lib'($*)) dnl
+	
+	gen_require(`
+		type amavis_var_lib_t;
+	')
+
+	allow $1 amavis_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read amavis lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type amavis_var_lib_t;
+	')
+
+	read_files_pattern($1, amavis_var_lib_t, amavis_var_lib_t)
+	allow $1 amavis_var_lib_t:dir list_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	amavis lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type amavis_var_lib_t;
+	')
+
+	manage_files_pattern($1, amavis_var_lib_t, amavis_var_lib_t)
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of amavis pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_setattr_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_setattr_pid_files'($*)) dnl
+	
+	gen_require(`
+		type amavis_runtime_t;
+	')
+
+	allow $1 amavis_runtime_t:file setattr_file_perms;
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_setattr_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create amavis pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`amavis_create_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_create_pid_files'($*)) dnl
+	
+	gen_require(`
+		type amavis_runtime_t;
+	')
+
+	allow $1 amavis_runtime_t:dir add_entry_dir_perms;
+	allow $1 amavis_runtime_t:file create_file_perms;
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_create_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an amavis environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`amavis_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `amavis_admin'($*)) dnl
+	
+	gen_require(`
+		type amavis_t, amavis_tmp_t, amavis_var_log_t;
+		type amavis_spool_t, amavis_var_lib_t, amavis_runtime_t;
+		type amavis_etc_t, amavis_quarantine_t, amavis_initrc_exec_t;
+	')
+
+	allow $1 amavis_t:process { ptrace signal_perms };
+	ps_process_pattern($1, amavis_t)
+
+	init_startstop_service($1, $2, amavis_t, amavis_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, amavis_etc_t)
+
+	admin_pattern($1, amavis_quarantine_t)
+
+	files_list_spool($1)
+	admin_pattern($1, amavis_spool_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, amavis_tmp_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, amavis_var_lib_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, amavis_var_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, amavis_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `amavis_admin'($*)) dnl
+	')
+
+## <summary>Likewise Active Directory support for UNIX.</summary>
+
+#######################################
+## <summary>
+##	The template to define a likewise domain.
+## </summary>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The type of daemon to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`likewise_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `likewise_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute likewise_domains;
+		type likewise_var_lib_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_t;
+	type $1_exec_t;
+	init_daemon_domain($1_t, $1_exec_t)
+
+	typeattribute $1_t likewise_domains;
+
+	type $1_runtime_t alias $1_var_run_t;
+	files_pid_file($1_runtime_t)
+
+	type $1_var_socket_t;
+	files_type($1_var_socket_t)
+
+	type $1_var_lib_t;
+	files_type($1_var_lib_t)
+
+	####################################
+	#
+	# Policy
+	#
+
+	allow $1_t self:process { signal_perms getsched setsched };
+	allow $1_t self:fifo_file rw_fifo_file_perms;
+	allow $1_t self:unix_stream_socket { accept listen };
+	allow $1_t self:tcp_socket create_stream_socket_perms;
+	allow $1_t self:udp_socket create_socket_perms;
+
+	manage_files_pattern($1_t, $1_runtime_t, $1_runtime_t)
+	files_pid_filetrans($1_t, $1_runtime_t, file)
+
+	manage_files_pattern($1_t, likewise_var_lib_t, $1_var_lib_t)
+	filetrans_pattern($1_t, likewise_var_lib_t, $1_var_lib_t, file)
+
+	manage_sock_files_pattern($1_t, likewise_var_lib_t, $1_var_socket_t)
+	filetrans_pattern($1_t, likewise_var_lib_t, $1_var_socket_t, sock_file)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `likewise_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to lsassd with a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`likewise_stream_connect_lsassd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `likewise_stream_connect_lsassd'($*)) dnl
+	
+	gen_require(`
+		type likewise_var_lib_t, lsassd_var_socket_t, lsassd_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, likewise_var_lib_t, lsassd_var_socket_t, lsassd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `likewise_stream_connect_lsassd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an likewise environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`likewise_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `likewise_admin'($*)) dnl
+	
+	gen_require(`
+		attribute likewise_domains;
+		type likewise_initrc_exec_t, likewise_etc_t, likewise_pstore_lock_t;
+		type likewise_krb5_ad_t, likewise_var_lib_t, eventlogd_var_socket_t;
+		type lsassd_var_socket_t, lwiod_var_socket_t, lwregd_var_socket_t;
+		type lwsmd_var_socket_t, lwsmd_var_lib_t, netlogond_var_socket_t;
+		type netlogond_var_lib_t, lsassd_var_lib_t, lwregd_var_lib_t;
+		type eventlogd_var_lib_t, dcerpcd_var_lib_t, lsassd_tmp_t;
+		type eventlogd_runtime_t, lsassd_runtime_t, lwiod_runtime_t;
+		type lwregd_runtime_t, netlogond_runtime_t, srvsvcd_runtime_t;
+	')
+
+	allow $1 likewise_domains:process { ptrace signal_perms };
+	ps_process_pattern($1, likewise_domains)
+
+	init_startstop_service($1, $2, likewise_domains, likewise_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { likewise_etc_t likewise_pstore_lock_t likewise_krb5_ad_t })
+
+	files_search_var_lib($1)
+	admin_pattern($1, { likewise_var_lib_t eventlogd_var_socket_t lsassd_var_socket_t })
+	admin_pattern($1, { lwiod_var_socket_t lwregd_var_socket_t lwsmd_var_socket_t })
+	admin_pattern($1, { lwsmd_var_lib_t netlogond_var_socket_t netlogond_var_lib_t })
+	admin_pattern($1, { lsassd_var_lib_t lwregd_var_lib_t eventlogd_var_lib_t })
+	admin_pattern($1, dcerpcd_var_lib_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, lsassd_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, { eventlogd_runtime_t lsassd_runtime_t lwiod_runtime_t })
+	admin_pattern($1, { lwregd_runtime_t netlogond_runtime_t srvsvcd_runtime_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `likewise_admin'($*)) dnl
+	')
+
+## <summary>PCSC smart card service.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run pcscd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcscd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcscd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type pcscd_t, pcscd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, pcscd_exec_t, pcscd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcscd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read pcscd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcscd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcscd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type pcscd_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, pcscd_runtime_t, pcscd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcscd_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to pcscd over an unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcscd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcscd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type pcscd_t, pcscd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, pcscd_runtime_t, pcscd_runtime_t, pcscd_t)
+
+	allow pcscd_t $1:dir list_dir_perms;
+	allow pcscd_t $1:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcscd_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an pcscd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pcscd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcscd_admin'($*)) dnl
+	
+	gen_require(`
+		type pcscd_t, pcscd_initrc_exec_t, pcscd_runtime_t;
+	')
+
+	allow $1 pcscd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, pcscd_t)
+
+	init_startstop_service($1, $2, pcscd_t, pcscd_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, pcscd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcscd_admin'($*)) dnl
+	')
+
+## <summary>D-Bus service providing high-level OBEX client and server side functionality.</summary>
+
+#######################################
+## <summary>
+##	The role template for obex.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`obex_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `obex_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute_role obex_roles;
+		type obex_t, obex_exec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $2 obex_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	allow $3 obex_t:process { ptrace signal_perms };
+	ps_process_pattern($3, obex_t)
+
+	dbus_spec_session_domain($1, obex_t, obex_exec_t)
+
+	obex_dbus_chat($3)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `obex_role_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute obex in the obex domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`obex_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `obex_domtrans'($*)) dnl
+	
+	gen_require(`
+		type obex_t, obex_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, obex_exec_t, obex_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `obex_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	obex over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`obex_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `obex_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type obex_t;
+		class dbus send_msg;
+	')
+
+	allow $1 obex_t:dbus send_msg;
+	allow obex_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `obex_dbus_chat'($*)) dnl
+	')
+
+## <summary>External plugin for mod_authnz_external authenticator.</summary>
+
+########################################
+## <summary>
+##	Role access for pwauth.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`pwauth_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pwauth_role'($*)) dnl
+	
+	gen_require(`
+		type pwauth_t;
+	')
+
+	pwauth_run($2, $1)
+
+	ps_process_pattern($2, pwauth_t)
+	allow $2 pwauth_t:process { ptrace signal_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pwauth_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pwauth in the pwauth domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`pwauth_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pwauth_domtrans'($*)) dnl
+	
+	gen_require(`
+		type pwauth_t, pwauth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, pwauth_exec_t, pwauth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pwauth_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pwauth in the pwauth
+##	domain, and allow the specified
+##	role the pwauth domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pwauth_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pwauth_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role pwauth_roles;
+	')
+
+	pwauth_domtrans($1)
+	roleattribute $2 pwauth_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pwauth_run'($*)) dnl
+	')
+
+## <summary>Automated bug-reporting tool.</summary>
+
+######################################
+## <summary>
+##	Execute abrt in the abrt domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_domtrans'($*)) dnl
+	
+	gen_require(`
+		type abrt_t, abrt_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, abrt_exec_t, abrt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute abrt in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_exec'($*)) dnl
+	
+	gen_require(`
+		type abrt_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, abrt_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to abrt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_signull'($*)) dnl
+	
+	gen_require(`
+		type abrt_t;
+	')
+
+	allow $1 abrt_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read process state of abrt.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_read_state'($*)) dnl
+	
+	gen_require(`
+		type abrt_t;
+	')
+
+	ps_process_pattern($1, abrt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to abrt over an unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type abrt_t, abrt_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, abrt_runtime_t, abrt_runtime_t, abrt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	abrt over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type abrt_t;
+		class dbus send_msg;
+	')
+
+	allow $1 abrt_t:dbus send_msg;
+	allow abrt_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_dbus_chat'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Execute abrt-helper in the abrt
+##	helper domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_domtrans_helper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_domtrans_helper'($*)) dnl
+	
+	gen_require(`
+		type abrt_helper_t, abrt_helper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, abrt_helper_exec_t, abrt_helper_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_domtrans_helper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute abrt helper in the abrt
+##	helper domain, and allow the
+##	specified role the abrt helper domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`abrt_run_helper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_run_helper'($*)) dnl
+	
+	gen_require(`
+		attribute_role abrt_helper_roles;
+	')
+
+	abrt_domtrans_helper($1)
+	roleattribute $2 abrt_helper_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_run_helper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	abrt cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_manage_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_manage_cache'($*)) dnl
+	
+	gen_require(`
+		type abrt_var_cache_t;
+	')
+
+	files_search_var($1)
+	manage_files_pattern($1, abrt_var_cache_t, abrt_var_cache_t)
+	manage_lnk_files_pattern($1, abrt_var_cache_t, abrt_var_cache_t)
+	manage_dirs_pattern($1, abrt_var_cache_t, abrt_var_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_manage_cache'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Read abrt configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_read_config'($*)) dnl
+	
+	gen_require(`
+		type abrt_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, abrt_etc_t, abrt_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_read_config'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read abrt log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_read_log'($*)) dnl
+	
+	gen_require(`
+		type abrt_var_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, abrt_var_log_t, abrt_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_read_log'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read abrt PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type abrt_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, abrt_runtime_t, abrt_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_read_pid_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Create, read, write, and delete
+##	abrt PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`abrt_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type abrt_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, abrt_runtime_t, abrt_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_manage_pid_files'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	All of the rules required to
+##	administrate an abrt environment,
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`abrt_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `abrt_admin'($*)) dnl
+	
+	gen_require(`
+		attribute abrt_domain;
+		type abrt_t, abrt_etc_t, abrt_initrc_exec_t;
+		type abrt_var_cache_t, abrt_var_log_t, abrt_retrace_cache_t;
+		type abrt_runtime_t, abrt_tmp_t, abrt_retrace_spool_t;
+	')
+
+	allow $1 abrt_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, abrt_domain)
+
+	init_startstop_service($1, $2, abrt_t, abrt_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, abrt_etc_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, abrt_var_log_t)
+
+	files_search_var($1)
+	admin_pattern($1, { abrt_retrace_cache_t abrt_var_cache_t abrt_retrace_spool_t })
+
+	files_search_pids($1)
+	admin_pattern($1, abrt_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, abrt_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `abrt_admin'($*)) dnl
+	')
+
+## <summary>Port of Apple Rendezvous multicast DNS.</summary>
+
+########################################
+## <summary>
+##	Send generic signals to howl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`howl_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `howl_signal'($*)) dnl
+	
+	gen_require(`
+		type howl_t;
+	')
+
+	allow $1 howl_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `howl_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an howl environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`howl_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `howl_admin'($*)) dnl
+	
+	gen_require(`
+		type howl_t, howl_initrc_exec_t, howl_runtime_t;
+	')
+
+	allow $1 howl_t:process { ptrace signal_perms };
+	ps_process_pattern($1, howl_t)
+
+	init_startstop_service($1, $2, howl_t, howl_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, howl_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `howl_admin'($*)) dnl
+	')
+
+## <summary>Cobbler installation server.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run cobblerd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`cobblerd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cobblerd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type cobblerd_t, cobblerd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cobblerd_exec_t, cobblerd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cobblerd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cobblerd init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cobblerd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cobblerd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type cobblerd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, cobblerd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cobblerd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cobbler configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cobbler_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cobbler_read_config'($*)) dnl
+	
+	gen_require(`
+		type cobbler_etc_t;
+	')
+
+	read_files_pattern($1, cobbler_etc_t, cobbler_etc_t)
+	files_search_etc($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cobbler_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	cobbler log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`cobbler_dontaudit_rw_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cobbler_dontaudit_rw_log'($*)) dnl
+	
+	gen_require(`
+		type cobbler_var_log_t;
+	')
+
+	dontaudit $1 cobbler_var_log_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cobbler_dontaudit_rw_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search cobbler lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cobbler_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cobbler_search_lib'($*)) dnl
+	
+	gen_require(`
+		type cobbler_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cobbler_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cobbler lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cobbler_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cobbler_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type cobbler_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cobbler_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	cobbler lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cobbler_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cobbler_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type cobbler_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cobbler_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cobbler environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cobbler_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cobbler_admin'($*)) dnl
+	
+	gen_require(`
+		type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
+		type cobbler_etc_t, cobblerd_initrc_exec_t, cobbler_content_t;
+		type cobbler_tmp_t;
+	')
+
+	allow $1 cobblerd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cobblerd_t)
+
+	init_startstop_service($1, $2, cobblerd_t, cobblerd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, cobbler_etc_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, cobbler_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, cobbler_var_lib_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, cobbler_var_log_t)
+
+	apache_search_sys_content($1)
+	admin_pattern($1, cobbler_content_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cobbler_admin'($*)) dnl
+	')
+
+## <summary>Common UNIX printing system.</summary>
+
+########################################
+## <summary>
+##	Create a domain which can be
+##	started by cupsd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_backend',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_backend'($*)) dnl
+	
+	gen_require(`
+		type cupsd_t;
+	')
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+	role system_r types $1;
+
+	domtrans_pattern(cupsd_t, $2, $1)
+	allow cupsd_t $1:process signal;
+	allow $1 cupsd_t:unix_stream_socket connected_stream_socket_perms;
+
+	cups_read_config($1)
+	cups_append_log($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_backend'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cups in the cups domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_domtrans'($*)) dnl
+	
+	gen_require(`
+		type cupsd_t, cupsd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cupsd_exec_t, cupsd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to cupsd over an unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type cupsd_t, cupsd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 cupsd_runtime_t:sock_file read_sock_file_perms;
+	stream_connect_pattern($1, cupsd_runtime_t, cupsd_runtime_t, cupsd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	cups over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type cupsd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 cupsd_t:dbus send_msg;
+	allow cupsd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cups PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type cupsd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 cupsd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cups_config in the
+##	cups config domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_domtrans_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_domtrans_config'($*)) dnl
+	
+	gen_require(`
+		type cupsd_config_t, cupsd_config_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cupsd_config_exec_t, cupsd_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_domtrans_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to the cups
+##	configuration daemon.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_signal_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_signal_config'($*)) dnl
+	
+	gen_require(`
+		type cupsd_config_t;
+	')
+
+	allow $1 cupsd_config_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_signal_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	cupsd_config over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_dbus_chat_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_dbus_chat_config'($*)) dnl
+	
+	gen_require(`
+		type cupsd_config_t;
+		class dbus send_msg;
+	')
+
+	allow $1 cupsd_config_t:dbus send_msg;
+	allow cupsd_config_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_dbus_chat_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cups configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cups_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_read_config'($*)) dnl
+	
+	gen_require(`
+		type cupsd_etc_t, cupsd_rw_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, { cupsd_etc_t cupsd_rw_etc_t }, { cupsd_etc_t cupsd_rw_etc_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cups-writable configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cups_read_rw_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_read_rw_config'($*)) dnl
+	
+	gen_require(`
+		type cupsd_etc_t, cupsd_rw_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, { cupsd_etc_t cupsd_rw_etc_t }, cupsd_rw_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_read_rw_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cups log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cups_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_read_log'($*)) dnl
+	
+	gen_require(`
+		type cupsd_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 cupsd_log_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append cups log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_append_log'($*)) dnl
+	
+	gen_require(`
+		type cupsd_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, cupsd_log_t, cupsd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write cups log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_write_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_write_log'($*)) dnl
+	
+	gen_require(`
+		type cupsd_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 cupsd_log_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_write_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to ptal over an unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_stream_connect_ptal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_stream_connect_ptal'($*)) dnl
+	
+	gen_require(`
+		type ptal_t, ptal_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, ptal_runtime_t, ptal_runtime_t, ptal_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_stream_connect_ptal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the process state (/proc/pid) of cupsd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_read_state'($*)) dnl
+	
+	gen_require(`
+		type cupsd_t;
+	')
+
+	allow $1 cupsd_t:dir search_dir_perms;
+	allow $1 cupsd_t:file read_file_perms;
+	allow $1 cupsd_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute HP Linux Imaging and
+##	Printing applications in their
+##	own domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cups_domtrans_hplip',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_domtrans_hplip'($*)) dnl
+	
+	gen_require(`
+		type hplip_t, hplip_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, hplip_exec_t, hplip_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_domtrans_hplip'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cups environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cups_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cups_admin'($*)) dnl
+	
+	gen_require(`
+		type cupsd_t, cupsd_tmp_t, cupsd_lpd_tmp_t;
+		type cupsd_etc_t, cupsd_log_t;
+		type cupsd_config_runtime_t, cupsd_lpd_runtime_t;
+		type cupsd_runtime_t, ptal_etc_t, cupsd_rw_etc_t;
+		type ptal_runtime_t, hplip_runtime_t, cupsd_initrc_exec_t;
+		type cupsd_config_t, cupsd_lpd_t, cups_pdf_t;
+		type hplip_t, ptal_t;
+	')
+
+	allow $1 { cupsd_t cupsd_config_t cupsd_lpd_t }:process { ptrace signal_perms };
+	allow $1 { cups_pdf_t hplip_t ptal_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { cupsd_t cupsd_config_t cupsd_lpd_t })
+	ps_process_pattern($1, { cups_pdf_t hplip_t ptal_t })
+
+	init_startstop_service($1, $2, cupsd_t, cupsd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { cupsd_etc_t cupsd_rw_etc_t ptal_etc_t })
+
+	logging_list_logs($1)
+	admin_pattern($1, cupsd_log_t)
+
+	files_list_spool($1)
+
+	files_list_tmp($1)
+	admin_pattern($1, { cupsd_tmp_t  cupsd_lpd_tmp_t })
+
+	files_list_pids($1)
+	admin_pattern($1, { cupsd_config_runtime_t cupsd_runtime_t hplip_runtime_t })
+	admin_pattern($1, { ptal_runtime_t cupsd_lpd_runtime_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cups_admin'($*)) dnl
+	')
+
+## <summary>Portslave terminal server software.</summary>
+
+########################################
+## <summary>
+##	Execute portslave with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`portslave_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portslave_domtrans'($*)) dnl
+	
+	gen_require(`
+		type portslave_t, portslave_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, portslave_exec_t, portslave_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portslave_domtrans'($*)) dnl
+	')
+
+## <summary>Filter used for removing unsolicited email.</summary>
+
+########################################
+## <summary>
+##	Role access for spamassassin.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_role'($*)) dnl
+	
+	gen_require(`
+		type spamc_t, spamc_exec_t, spamc_tmp_t;
+		type spamassassin_t, spamassassin_exec_t, spamd_home_t;
+		type spamassassin_home_t, spamassassin_tmp_t;
+	')
+
+	role $1 types { spamc_t spamassassin_t };
+
+	domtrans_pattern($2, spamassassin_exec_t, spamassassin_t)
+	domtrans_pattern($2, spamc_exec_t, spamc_t)
+
+	admin_process_pattern($2, { spamc_t spamassassin_t })
+
+	allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	userdom_user_home_dir_filetrans($2, spamassassin_home_t, dir, ".spamassassin")
+	userdom_user_home_dir_filetrans($2, spamd_home_t, dir, ".spamd")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute sa-update in the spamd-update domain,
+##	and allow the specified role
+##	the spamd-update domain. Also allow transitive
+##	access to the private gpg domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_run_update',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_run_update'($*)) dnl
+	
+	gen_require(`
+		type spamd_gpg_t, spamd_update_exec_t, spamd_update_t;
+	')
+
+	role $2 types { spamd_gpg_t spamd_update_t };
+	domtrans_pattern($1, spamd_update_exec_t, spamd_update_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_run_update'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the standalone spamassassin
+##	program in the caller directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_exec'($*)) dnl
+	
+	gen_require(`
+		type spamassassin_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, spamassassin_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to spamd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_signal_spamd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_signal_spamd'($*)) dnl
+	
+	gen_require(`
+		type spamd_t;
+	')
+
+	allow $1 spamd_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_signal_spamd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute spamd in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_exec_spamd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_exec_spamd'($*)) dnl
+	
+	gen_require(`
+		type spamd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, spamd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_exec_spamd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute spamc in the spamc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_domtrans_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_domtrans_client'($*)) dnl
+	
+	gen_require(`
+		type spamc_t, spamc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, spamc_exec_t, spamc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_domtrans_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute spamc in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_exec_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_exec_client'($*)) dnl
+	
+	gen_require(`
+		type spamc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, spamc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_exec_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to spamc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_kill_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_kill_client'($*)) dnl
+	
+	gen_require(`
+		type spamc_t;
+	')
+
+	allow $1 spamc_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_kill_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute spamassassin standalone client
+##	in the user spamassassin domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_domtrans_local_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_domtrans_local_client'($*)) dnl
+	
+	gen_require(`
+		type spamassassin_t, spamassassin_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, spamassassin_exec_t, spamassassin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_domtrans_local_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	spamd home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_manage_spamd_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_manage_spamd_home_content'($*)) dnl
+	
+	gen_require(`
+		type spamd_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 spamd_home_t:dir manage_dir_perms;
+	allow $1 spamd_home_t:file manage_file_perms;
+	allow $1 spamd_home_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_manage_spamd_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel spamd home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_relabel_spamd_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_relabel_spamd_home_content'($*)) dnl
+	
+	gen_require(`
+		type spamd_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 spamd_home_t:dir relabel_dir_perms;
+	allow $1 spamd_home_t:file relabel_file_perms;
+	allow $1 spamd_home_t:lnk_file relabel_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_relabel_spamd_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the spamd home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_home_filetrans_spamd_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_home_filetrans_spamd_home'($*)) dnl
+	
+	gen_require(`
+		type spamd_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, spamd_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_home_filetrans_spamd_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read spamd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type spamd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	spamd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type spamd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read spamd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_read_spamd_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_read_spamd_pid_files'($*)) dnl
+	
+	gen_require(`
+		type spamd_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, spamd_runtime_t, spamd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_read_spamd_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read temporary spamd files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_read_spamd_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_read_spamd_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type spamd_tmp_t;
+	')
+
+	allow $1 spamd_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_read_spamd_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get
+##	attributes of temporary spamd sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_dontaudit_getattr_spamd_tmp_sockets'($*)) dnl
+	
+	gen_require(`
+		type spamd_tmp_t;
+	')
+
+	dontaudit $1 spamd_tmp_t:sock_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_dontaudit_getattr_spamd_tmp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to spamd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`spamassassin_stream_connect_spamd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_stream_connect_spamd'($*)) dnl
+	
+	gen_require(`
+		type spamd_t, spamd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, spamd_runtime_t, spamd_runtime_t, spamd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_stream_connect_spamd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an spamassassin environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`spamassassin_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `spamassassin_admin'($*)) dnl
+	
+	gen_require(`
+		type spamd_t, spamd_tmp_t, spamd_log_t;
+		type spamd_spool_t, spamd_var_lib_t, spamd_runtime_t;
+		type spamd_initrc_exec_t, spamassassin_unit_t;
+		type spamd_gpg_t, spamd_update_t, spamd_update_tmp_t;
+	')
+
+	admin_process_pattern($1, { spamd_t spamd_gpg_t spamd_update_t })
+
+	init_startstop_service($1, $2, spamd_t, spamd_initrc_exec_t, spamassassin_unit_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, { spamd_tmp_t spamd_update_tmp_t })
+
+	logging_list_logs($1)
+	admin_pattern($1, spamd_log_t)
+
+	files_list_spool($1)
+	admin_pattern($1, spamd_spool_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, spamd_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, spamd_runtime_t)
+
+	# This makes it impossible to apply _admin if _role has already been applied
+	#spamassassin_role($2, $1)
+
+	# sa-update
+	spamassassin_run_update($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `spamassassin_admin'($*)) dnl
+	')
+
+## <summary>High-performance memory object caching system.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run memcached.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`memcached_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `memcached_domtrans'($*)) dnl
+	
+	gen_require(`
+		type memcached_t,memcached_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, memcached_exec_t, memcached_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `memcached_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	memcached pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`memcached_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `memcached_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type memcached_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, memcached_runtime_t, memcached_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `memcached_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read memcached pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`memcached_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `memcached_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type memcached_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 memcached_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `memcached_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to memcached using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`memcached_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `memcached_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type memcached_t, memcached_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, memcached_runtime_t, memcached_runtime_t, memcached_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `memcached_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Connect to memcache over the network.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`memcached_tcp_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `memcached_tcp_connect'($*)) dnl
+	
+	gen_require(`
+		type memcached_t;
+	')
+
+	corenet_sendrecv_memcache_client_packets($1)
+	corenet_tcp_connect_memcache_port($1)
+	corenet_tcp_recvfrom_labeled($1, memcached_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `memcached_tcp_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an memcached environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`memcached_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `memcached_admin'($*)) dnl
+	
+	gen_require(`
+		type memcached_t, memcached_initrc_exec_t, memcached_runtime_t;
+	')
+
+	allow $1 memcached_t:process { ptrace signal_perms };
+	ps_process_pattern($1, memcached_t)
+
+	init_startstop_service($1, $2, memcached_t, memcached_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, memcached_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `memcached_admin'($*)) dnl
+	')
+
+## <summary>Lightweight forwarding and caching proxy server.</summary>
+
+########################################
+## <summary>
+##	Role access for Polipo session.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`polipo_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `polipo_role'($*)) dnl
+	
+	gen_require(`
+		type polipo_session_t, polipo_exec_t, polipo_config_home_t;
+		type polipo_cache_home_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	role $1 types polipo_session_t;
+
+	########################################
+	#
+	# Policy
+	#
+
+	allow $2 polipo_cache_home_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { polipo_cache_home_t polipo_config_home_t }:file { manage_file_perms relabel_file_perms };
+
+	userdom_user_home_dir_filetrans($2, polipo_config_home_t, file, ".forbidden")
+	userdom_user_home_dir_filetrans($2, polipo_config_home_t, file, ".polipo")
+	userdom_user_home_dir_filetrans($2, polipo_cache_home_t, dir, ".polipo-cache")
+
+	allow $2 polipo_session_t:process { ptrace signal_perms };
+	ps_process_pattern($2, polipo_session_t)
+
+	tunable_policy(`polipo_session_users',`
+		domtrans_pattern($2, polipo_exec_t, polipo_session_t)
+	',`
+		can_exec($2, polipo_exec_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `polipo_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute Polipo in the Polipo
+##	system domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`polipo_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `polipo_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type polipo_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, polipo_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `polipo_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	log directories with the polipo
+##	log file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`polipo_log_filetrans_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `polipo_log_filetrans_log'($*)) dnl
+	
+	gen_require(`
+		type polipo_log_t;
+	')
+
+	logging_log_filetrans($1, polipo_log_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `polipo_log_filetrans_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an polipo environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`polipo_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `polipo_admin'($*)) dnl
+	
+	gen_require(`
+		type polipo_system_t, polipo_initrc_exec_t, polipo_cache_t;
+		type polipo_conf_t, polipo_log_t, polipo_runtime_t;
+	')
+
+	allow $1 polipo_system_t:process { ptrace signal_perms };
+	ps_process_pattern($1, polipo_system_t)
+
+	init_startstop_service($1, $2, polipo_t, polipo_initrc_exec_t)
+
+	files_search_var($1)
+	admin_pattern($1, polipo_cache_t)
+
+	files_search_etc($1)
+	admin_pattern($1, polipo_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, polipo_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, polipo_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `polipo_admin'($*)) dnl
+	')
+
+## <summary>Server for managing and downloading certificate revocation lists.</summary>
+
+############################################################
+## <summary>
+##	Role access for dirmngr.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`dirmngr_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirmngr_role'($*)) dnl
+	
+	gen_require(`
+		type dirmngr_t, dirmngr_exec_t;
+		type dirmngr_tmp_t;
+	')
+
+	role $1 types dirmngr_t;
+
+	domtrans_pattern($2, dirmngr_exec_t, dirmngr_t)
+
+	allow $2 dirmngr_t:process { ptrace signal_perms };
+	ps_process_pattern($2, dirmngr_t)
+
+	allow dirmngr_t $2:fd use;
+	allow dirmngr_t $2:fifo_file { read write };
+
+	allow $2 dirmngr_tmp_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirmngr_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dirmngr in the dirmngr domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dirmngr_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirmngr_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dirmngr_t, dirmngr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dirmngr_exec_t, dirmngr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirmngr_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the dirmngr in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dirmngr_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirmngr_exec'($*)) dnl
+	
+	gen_require(`
+		type dirmngr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, dirmngr_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirmngr_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to dirmngr socket
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dirmngr_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirmngr_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type dirmngr_t, dirmngr_tmp_t;
+	')
+
+	gpg_search_agent_tmp_dirs($1)
+	allow $1 dirmngr_tmp_t:sock_file rw_sock_file_perms;
+	allow $1 dirmngr_t:unix_stream_socket connectto;
+	userdom_search_user_runtime($1)
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirmngr_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dirmngr environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dirmngr_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dirmngr_admin'($*)) dnl
+	
+	gen_require(`
+		type dirmngr_t, dirmngr_initrc_exec_t, dirmngr_runtime_t;
+		type dirmngr_conf_t, dirmngr_var_lib_t, dirmngr_log_t;
+	')
+
+	allow $1 dirmngr_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dirmngr_t)
+
+	init_startstop_service($1, $2, dirmngr_t, dirmngr_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, dirmngr_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, dirmngr_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, dirmngr_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, dirmngr_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dirmngr_admin'($*)) dnl
+	')
+
+## <summary>RADIUS authentication and accounting server.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an radius environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`radius_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `radius_admin'($*)) dnl
+	
+	gen_require(`
+		type radiusd_t, radiusd_etc_t, radiusd_log_t;
+		type radiusd_etc_rw_t, radiusd_var_lib_t, radiusd_runtime_t;
+		type radiusd_initrc_exec_t;
+	')
+
+	allow $1 radiusd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, radiusd_t)
+
+	init_startstop_service($1, $2, radiusd_t, radiusd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { radiusd_etc_t radiusd_etc_rw_t })
+
+	logging_list_logs($1)
+	admin_pattern($1, radiusd_log_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, radiusd_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, radiusd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `radius_admin'($*)) dnl
+	')
+
+## <summary>Various web servers.</summary>
+
+########################################
+## <summary>
+##	Create a set of derived types for
+##	httpd web content.
+## </summary>
+## <param name="prefix">
+##	<summary>
+##	The prefix to be used for deriving type names.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_content_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_content_template'($*)) dnl
+	
+	gen_require(`
+		attribute httpdcontent, httpd_exec_scripts, httpd_script_exec_type;
+		attribute httpd_script_domains, httpd_htaccess_type;
+		attribute httpd_ro_content, httpd_rw_content, httpd_ra_content;
+		type httpd_t, httpd_suexec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	## <desc>
+	##	<p>
+	##	Determine whether the script domain can
+	##	modify public files used for public file
+	##	transfer services. Directories/Files must
+	##	be labeled public_content_rw_t.
+	##	</p>
+	## </desc>
+	gen_tunable(allow_httpd_$1_script_anon_write, false)
+
+	type httpd_$1_content_t, httpdcontent, httpd_ro_content; # customizable
+	files_type(httpd_$1_content_t)
+
+	type httpd_$1_htaccess_t, httpd_htaccess_type; # customizable;
+	files_type(httpd_$1_htaccess_t)
+
+	type httpd_$1_script_t, httpd_script_domains;
+	domain_type(httpd_$1_script_t)
+	role system_r types httpd_$1_script_t;
+
+	type httpd_$1_script_exec_t, httpd_script_exec_type; # customizable;
+	corecmd_shell_entry_type(httpd_$1_script_t)
+	domain_entry_file(httpd_$1_script_t, httpd_$1_script_exec_t)
+
+	type httpd_$1_rw_content_t, httpdcontent, httpd_rw_content; # customizable
+	files_type(httpd_$1_rw_content_t)
+
+	type httpd_$1_ra_content_t, httpdcontent, httpd_ra_content; # customizable
+	files_type(httpd_$1_ra_content_t)
+
+	########################################
+	#
+	# Policy
+	#
+
+	can_exec(httpd_$1_script_t, httpd_$1_script_exec_t)
+
+	allow httpd_$1_script_t httpd_$1_ra_content_t:dir { list_dir_perms add_entry_dir_perms setattr_dir_perms };
+	allow httpd_$1_script_t httpd_$1_ra_content_t:file { append_file_perms read_file_perms create_file_perms setattr_file_perms };
+	allow httpd_$1_script_t httpd_$1_ra_content_t:lnk_file read_lnk_file_perms;
+
+	allow httpd_$1_script_t { httpd_$1_content_t httpd_$1_script_exec_t }:dir list_dir_perms;
+	allow httpd_$1_script_t httpd_$1_content_t:file read_file_perms;
+	allow httpd_$1_script_t { httpd_$1_content_t httpd_$1_script_exec_t }:lnk_file read_lnk_file_perms;
+
+	manage_dirs_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
+	manage_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
+	manage_lnk_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
+	manage_fifo_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
+	manage_sock_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)
+	files_tmp_filetrans(httpd_$1_script_t, httpd_$1_rw_content_t, { dir file lnk_file sock_file fifo_file })
+
+	tunable_policy(`allow_httpd_$1_script_anon_write',`
+		miscfiles_manage_public_files(httpd_$1_script_t)
+	')
+
+	tunable_policy(`httpd_enable_cgi',`
+		allow httpd_$1_script_t httpd_$1_script_exec_t:file entrypoint;
+		domtrans_pattern({ httpd_t httpd_suexec_t httpd_exec_scripts }, httpd_$1_script_exec_t, httpd_$1_script_t)
+	')
+
+	tunable_policy(`httpd_enable_cgi && httpd_tmp_exec',`
+		can_exec(httpd_$1_script_t, httpd_$1_rw_content_t)
+	')
+
+	tunable_policy(`httpd_enable_cgi && httpd_unified',`
+		allow httpd_$1_script_t { httpd_$1_content_t httpd_$1_ra_content_t }:file entrypoint;
+		allow httpd_$1_script_t { httpd_$1_content_t httpd_$1_ra_content_t }:dir manage_dir_perms;
+		allow httpd_$1_script_t { httpd_$1_content_t httpd_$1_ra_content_t }:file manage_file_perms;
+	')
+
+	tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
+		filetrans_pattern(httpd_t, httpd_$1_content_t, httpd_$1_rw_content_t, { file dir fifo_file lnk_file sock_file })
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_content_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for apache.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_role'($*)) dnl
+	
+	gen_require(`
+		attribute httpdcontent;
+		type httpd_user_content_t, httpd_user_htaccess_t;
+		type httpd_user_script_t, httpd_user_script_exec_t;
+		type httpd_user_ra_content_t, httpd_user_rw_content_t;
+	')
+
+	role $1 types httpd_user_script_t;
+
+	allow $2 httpd_user_htaccess_t:file { manage_file_perms relabel_file_perms };
+
+	allow $2 httpd_user_content_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 httpd_user_content_t:file { manage_file_perms relabel_file_perms };
+	allow $2 httpd_user_content_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	allow $2 httpd_user_ra_content_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 httpd_user_ra_content_t:file { manage_file_perms relabel_file_perms };
+	allow $2 httpd_user_ra_content_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	allow $2 httpd_user_rw_content_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 httpd_user_rw_content_t:file { manage_file_perms relabel_file_perms };
+	allow $2 httpd_user_rw_content_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	allow $2 httpd_user_script_exec_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 httpd_user_script_exec_t:file { manage_file_perms relabel_file_perms };
+	allow $2 httpd_user_script_exec_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	userdom_user_home_dir_filetrans($2, httpd_user_content_t, dir, "public_html")
+	userdom_user_home_dir_filetrans($2, httpd_user_content_t, dir, "web")
+	userdom_user_home_dir_filetrans($2, httpd_user_content_t, dir, "www")
+
+	filetrans_pattern($2, httpd_user_content_t, httpd_user_htaccess_t, file, ".htaccess")
+	filetrans_pattern($2, httpd_user_content_t, httpd_user_script_exec_t, dir, "cgi-bin")
+	filetrans_pattern($2, httpd_user_content_t, httpd_user_ra_content_t, dir, "logs")
+
+	tunable_policy(`httpd_enable_cgi',`
+		domtrans_pattern($2, httpd_user_script_exec_t, httpd_user_script_t)
+	')
+
+	tunable_policy(`httpd_enable_cgi && httpd_unified',`
+		domtrans_pattern($2, httpdcontent, httpd_user_script_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read user httpd script executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_read_user_scripts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_user_scripts'($*)) dnl
+	
+	gen_require(`
+		type httpd_user_script_exec_t;
+	')
+
+	allow $1 httpd_user_script_exec_t:dir list_dir_perms;
+	read_files_pattern($1, httpd_user_script_exec_t, httpd_user_script_exec_t)
+	read_lnk_files_pattern($1, httpd_user_script_exec_t, httpd_user_script_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_user_scripts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read user httpd content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_read_user_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_user_content'($*)) dnl
+	
+	gen_require(`
+		type httpd_user_content_t;
+	')
+
+	allow $1 httpd_user_content_t:dir list_dir_perms;
+	read_files_pattern($1, httpd_user_content_t, httpd_user_content_t)
+	read_lnk_files_pattern($1, httpd_user_content_t, httpd_user_content_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_user_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute httpd with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_domtrans'($*)) dnl
+	
+	gen_require(`
+		type httpd_t, httpd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, httpd_exec_t, httpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute httpd server in the httpd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type httpd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, httpd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_initrc_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send generic signals to httpd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_signal'($*)) dnl
+	
+	gen_require(`
+		type httpd_t;
+	')
+
+	allow $1 httpd_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to httpd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_signull'($*)) dnl
+	
+	gen_require(`
+		type httpd_t;
+	')
+
+	allow $1 httpd_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send child terminated signals to httpd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_sigchld'($*)) dnl
+	
+	gen_require(`
+		type httpd_t;
+	')
+
+	allow $1 httpd_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use file descriptors
+##	from httpd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_use_fds'($*)) dnl
+	
+	gen_require(`
+		type httpd_t;
+	')
+
+	allow $1 httpd_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write httpd unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_dontaudit_rw_fifo_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_dontaudit_rw_fifo_file'($*)) dnl
+	
+	gen_require(`
+		type httpd_t;
+	')
+
+	dontaudit $1 httpd_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_dontaudit_rw_fifo_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write httpd unix domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_dontaudit_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_dontaudit_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type httpd_t;
+	')
+
+	dontaudit $1 httpd_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_dontaudit_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write httpd unix domain
+##      stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type httpd_t;
+	')
+
+	allow $1 httpd_t:unix_stream_socket rw_stream_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write httpd TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_dontaudit_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_dontaudit_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type httpd_t;
+	')
+
+	dontaudit $1 httpd_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_dontaudit_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Reload the httpd service (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_reload',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_reload'($*)) dnl
+	
+	gen_require(`
+		type httpd_unit_t;
+		class service { reload status };
+	')
+
+	allow $1 httpd_unit_t:service { reload status };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_reload'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all appendable content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_read_all_ra_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_all_ra_content'($*)) dnl
+	
+	gen_require(`
+		attribute httpd_ra_content;
+	')
+
+	read_files_pattern($1, httpd_ra_content, httpd_ra_content)
+	read_lnk_files_pattern($1, httpd_ra_content, httpd_ra_content)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_all_ra_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append to all appendable web content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_append_all_ra_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_append_all_ra_content'($*)) dnl
+	
+	gen_require(`
+		attribute httpd_ra_content;
+	')
+
+	append_files_pattern($1, httpd_ra_content, httpd_ra_content)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_append_all_ra_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all read/write content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_read_all_rw_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_all_rw_content'($*)) dnl
+	
+	gen_require(`
+		attribute httpd_rw_content;
+	')
+
+	read_files_pattern($1, httpd_rw_content, httpd_rw_content)
+	read_lnk_files_pattern($1, httpd_rw_content, httpd_rw_content)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_all_rw_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all read/write content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_manage_all_rw_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_manage_all_rw_content'($*)) dnl
+	
+	gen_require(`
+		attribute httpd_rw_content;
+	')
+
+	manage_dirs_pattern($1, httpd_rw_content, httpd_rw_content)
+	manage_files_pattern($1, httpd_rw_content, httpd_rw_content)
+	manage_lnk_files_pattern($1, httpd_rw_content, httpd_rw_content)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_manage_all_rw_content'($*)) dnl
+	')
+
+########################################
+## <summary>
+##	Read all web content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_read_all_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_all_content'($*)) dnl
+	
+	gen_require(`
+		attribute httpdcontent, httpd_script_exec_type;
+	')
+
+	read_files_pattern($1, httpdcontent, httpdcontent)
+	read_lnk_files_pattern($1, httpdcontent, httpdcontent)
+
+	read_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
+	read_lnk_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_all_content'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Search all apache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_search_all_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_search_all_content'($*)) dnl
+	
+	gen_require(`
+		attribute httpdcontent;
+	')
+
+	allow $1 httpdcontent:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_search_all_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	all httpd content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apache_manage_all_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_manage_all_content'($*)) dnl
+	
+	gen_require(`
+		attribute httpdcontent, httpd_script_exec_type;
+	')
+
+	manage_dirs_pattern($1, httpdcontent, httpdcontent)
+	manage_files_pattern($1, httpdcontent, httpdcontent)
+	manage_lnk_files_pattern($1, httpdcontent, httpdcontent)
+
+	manage_dirs_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
+	manage_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
+	manage_lnk_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_manage_all_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes httpd cache directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_setattr_cache_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_setattr_cache_dirs'($*)) dnl
+	
+	gen_require(`
+		type httpd_cache_t;
+	')
+
+	allow $1 httpd_cache_t:dir setattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_setattr_cache_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List httpd cache directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_list_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_list_cache'($*)) dnl
+	
+	gen_require(`
+		type httpd_cache_t;
+	')
+
+	list_dirs_pattern($1, httpd_cache_t, httpd_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_list_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write httpd cache files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_rw_cache_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_rw_cache_files'($*)) dnl
+	
+	gen_require(`
+		type httpd_cache_t;
+	')
+
+	allow $1 httpd_cache_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_rw_cache_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete httpd cache directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_delete_cache_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_delete_cache_dirs'($*)) dnl
+	
+	gen_require(`
+		type httpd_cache_t;
+	')
+
+	delete_dirs_pattern($1, httpd_cache_t, httpd_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_delete_cache_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete httpd cache files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_delete_cache_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_delete_cache_files'($*)) dnl
+	
+	gen_require(`
+		type httpd_cache_t;
+	')
+
+	delete_files_pattern($1, httpd_cache_t, httpd_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_delete_cache_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read httpd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apache_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_config'($*)) dnl
+	
+	gen_require(`
+		type httpd_config_t;
+	')
+
+	files_search_etc($1)
+	allow $1 httpd_config_t:dir list_dir_perms;
+	read_files_pattern($1, httpd_config_t, httpd_config_t)
+	read_lnk_files_pattern($1, httpd_config_t, httpd_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search httpd configuration directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_search_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_search_config'($*)) dnl
+	
+	gen_require(`
+		type httpd_config_t;
+	')
+
+	files_search_etc($1)
+	allow $1 httpd_config_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_search_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	httpd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_manage_config'($*)) dnl
+	
+	gen_require(`
+		type httpd_config_t;
+	')
+
+	files_search_etc($1)
+	manage_dirs_pattern($1, httpd_config_t, httpd_config_t)
+	manage_files_pattern($1, httpd_config_t, httpd_config_t)
+	read_lnk_files_pattern($1, httpd_config_t, httpd_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the Apache helper program
+##	with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_domtrans_helper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_domtrans_helper'($*)) dnl
+	
+	gen_require(`
+		type httpd_helper_t, httpd_helper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, httpd_helper_exec_t, httpd_helper_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_domtrans_helper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the Apache helper program with
+##	a domain transition, and allow the
+##	specified role the Apache helper domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apache_run_helper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_run_helper'($*)) dnl
+	
+	gen_require(`
+		attribute_role httpd_helper_roles;
+	')
+
+	apache_domtrans_helper($1)
+	roleattribute $2 httpd_helper_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_run_helper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read httpd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apache_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_log'($*)) dnl
+	
+	gen_require(`
+		type httpd_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 httpd_log_t:dir list_dir_perms;
+	read_files_pattern($1, httpd_log_t, httpd_log_t)
+	read_lnk_files_pattern($1, httpd_log_t, httpd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append httpd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_append_log'($*)) dnl
+	
+	gen_require(`
+		type httpd_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 httpd_log_t:dir list_dir_perms;
+	append_files_pattern($1, httpd_log_t, httpd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to append
+##	httpd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_dontaudit_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_dontaudit_append_log'($*)) dnl
+	
+	gen_require(`
+		type httpd_log_t;
+	')
+
+	dontaudit $1 httpd_log_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_dontaudit_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	httpd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_manage_log'($*)) dnl
+	
+	gen_require(`
+		type httpd_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_dirs_pattern($1, httpd_log_t, httpd_log_t)
+	manage_files_pattern($1, httpd_log_t, httpd_log_t)
+	read_lnk_files_pattern($1, httpd_log_t, httpd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_manage_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Write apache log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_write_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_write_log'($*)) dnl
+	
+	gen_require(`
+		type httpd_log_t;
+	')
+
+	logging_search_logs($1)
+	write_files_pattern($1, httpd_log_t, httpd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_write_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search
+##	httpd module directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_dontaudit_search_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_dontaudit_search_modules'($*)) dnl
+	
+	gen_require(`
+		type httpd_modules_t;
+	')
+
+	dontaudit $1 httpd_modules_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_dontaudit_search_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List httpd module directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_list_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_list_modules'($*)) dnl
+	
+	gen_require(`
+		type httpd_modules_t;
+	')
+
+	allow $1 httpd_modules_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_list_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute httpd module files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_exec_modules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_exec_modules'($*)) dnl
+	
+	gen_require(`
+		type httpd_modules_t;
+	')
+
+	allow $1 httpd_modules_t:dir list_dir_perms;
+	allow $1 httpd_modules_t:lnk_file read_lnk_file_perms;
+	can_exec($1, httpd_modules_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_exec_modules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read httpd module files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_read_module_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_module_files'($*)) dnl
+	
+	gen_require(`
+		type httpd_modules_t;
+	')
+
+	libs_search_lib($1)
+	read_files_pattern($1, httpd_modules_t, httpd_modules_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_module_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run httpd_rotatelogs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_domtrans_rotatelogs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_domtrans_rotatelogs'($*)) dnl
+	
+	gen_require(`
+		type httpd_rotatelogs_t, httpd_rotatelogs_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, httpd_rotatelogs_exec_t, httpd_rotatelogs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_domtrans_rotatelogs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List httpd system content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_list_sys_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_list_sys_content'($*)) dnl
+	
+	gen_require(`
+		type httpd_sys_content_t;
+	')
+
+	list_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
+	files_search_var($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_list_sys_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	httpd system content files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apache_manage_sys_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_manage_sys_content'($*)) dnl
+	
+	gen_require(`
+		type httpd_sys_content_t;
+	')
+
+	files_search_var($1)
+	manage_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
+	manage_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
+	manage_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_manage_sys_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	httpd system rw content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_manage_sys_rw_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_manage_sys_rw_content'($*)) dnl
+	
+	gen_require(`
+		type httpd_sys_rw_content_t;
+	')
+
+	apache_search_sys_content($1)
+	manage_dirs_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
+	manage_files_pattern($1,httpd_sys_rw_content_t, httpd_sys_rw_content_t)
+	manage_lnk_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_manage_sys_rw_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute all httpd scripts in the
+##	system script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_domtrans_sys_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_domtrans_sys_script'($*)) dnl
+	
+	gen_require(`
+		attribute httpdcontent;
+		type httpd_sys_script_t;
+	')
+
+	tunable_policy(`httpd_enable_cgi && httpd_unified',`
+		domtrans_pattern($1, httpdcontent, httpd_sys_script_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_domtrans_sys_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write httpd system script unix
+##	domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_dontaudit_rw_sys_script_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_dontaudit_rw_sys_script_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type httpd_sys_script_t;
+	')
+
+	dontaudit $1 httpd_sys_script_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_dontaudit_rw_sys_script_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute all user scripts in the user
+##	script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_domtrans_all_scripts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_domtrans_all_scripts'($*)) dnl
+	
+	gen_require(`
+		attribute httpd_exec_scripts;
+	')
+
+	typeattribute $1 httpd_exec_scripts;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_domtrans_all_scripts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute all user scripts in the user
+##	script domain. Add user script domains
+##	to the specified role.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_run_all_scripts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_run_all_scripts'($*)) dnl
+	
+	gen_require(`
+		attribute httpd_script_domains;
+	')
+
+	role $2 types httpd_script_domains;
+	apache_domtrans_all_scripts($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_run_all_scripts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read httpd squirrelmail data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_read_squirrelmail_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_squirrelmail_data'($*)) dnl
+	
+	gen_require(`
+		type httpd_squirrelmail_t;
+	')
+
+	allow $1 httpd_squirrelmail_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_squirrelmail_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append httpd squirrelmail data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_append_squirrelmail_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_append_squirrelmail_data'($*)) dnl
+	
+	gen_require(`
+		type httpd_squirrelmail_t;
+	')
+
+	allow $1 httpd_squirrelmail_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_append_squirrelmail_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search httpd system content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_search_sys_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_search_sys_content'($*)) dnl
+	
+	gen_require(`
+		type httpd_sys_content_t;
+	')
+
+	files_search_var($1)
+	allow $1 httpd_sys_content_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_search_sys_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read httpd system content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_read_sys_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_sys_content'($*)) dnl
+	
+	gen_require(`
+		type httpd_sys_content_t;
+	')
+
+	allow $1 httpd_sys_content_t:dir list_dir_perms;
+	read_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
+	read_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_sys_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search httpd system CGI directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_search_sys_scripts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_search_sys_scripts'($*)) dnl
+	
+	gen_require(`
+		type httpd_sys_content_t, httpd_sys_script_exec_t;
+	')
+
+	search_dirs_pattern($1, httpd_sys_content_t, httpd_sys_script_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_search_sys_scripts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete all
+##	user httpd content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apache_manage_all_user_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_manage_all_user_content'($*)) dnl
+	
+	gen_require(`
+		type httpd_user_content_t, httpd_user_content_rw_t, httpd_user_content_ra_t;
+		type httpd_user_htaccess_t, httpd_user_script_exec_t;
+	')
+
+	manage_dirs_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
+	manage_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t httpd_user_htaccess_t })
+	manage_lnk_files_pattern($1, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t }, { httpd_user_content_t httpd_user_content_rw_t httpd_user_content_ra_t httpd_user_script_exec_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_manage_all_user_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search system script state directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_search_sys_script_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_search_sys_script_state'($*)) dnl
+	
+	gen_require(`
+		type httpd_sys_script_t;
+	')
+
+	allow $1 httpd_sys_script_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_search_sys_script_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read httpd tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type httpd_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, httpd_tmp_t, httpd_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write
+##	httpd tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_dontaudit_write_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_dontaudit_write_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type httpd_tmp_t;
+	')
+
+	dontaudit $1 httpd_tmp_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_dontaudit_write_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete httpd_var_lib_t files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain that can delete the files
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_delete_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_delete_lib_files'($*)) dnl
+	
+	gen_require(`
+		type httpd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	delete_files_pattern($1, httpd_var_lib_t, httpd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_delete_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute CGI in the specified domain.
+## </summary>
+##	<desc>
+##	<p>
+##	This is an interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+##	</desc>
+## <param name="domain">
+##	<summary>
+##	Domain run the cgi script in.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	Type of the executable to enter the cgi domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`apache_cgi_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_cgi_domain'($*)) dnl
+	
+	gen_require(`
+		type httpd_t;
+	')
+
+	domtrans_pattern(httpd_t, $2, $1)
+	apache_search_sys_scripts($1)
+
+	allow httpd_t $1:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_cgi_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an apache environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`apache_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `apache_admin'($*)) dnl
+	
+	gen_require(`
+		attribute httpdcontent, httpd_script_exec_type;
+		attribute httpd_script_domains, httpd_htaccess_type;
+		type httpd_t, httpd_config_t, httpd_log_t;
+		type httpd_modules_t, httpd_lock_t, httpd_helper_t;
+		type httpd_runtime_t, httpd_passwd_t, httpd_suexec_t;
+		type httpd_suexec_tmp_t, httpd_tmp_t, httpd_rotatelogs_t;
+		type httpd_initrc_exec_t, httpd_keytab_t;
+	')
+
+	allow $1 { httpd_script_domains httpd_t httpd_helper_t }:process { ptrace signal_perms };
+	allow $1 { httpd_rotatelogs_t httpd_suexec_t httpd_passwd_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { httpd_script_domains httpd_t httpd_helper_t })
+	ps_process_pattern($1, { httpd_rotatelogs_t httpd_suexec_t httpd_passwd_t })
+
+	init_startstop_service($1, $2, httpd_t, httpd_initrc_exec_t)
+
+	apache_manage_all_content($1)
+	miscfiles_manage_public_files($1)
+
+	files_search_etc($1)
+	admin_pattern($1, { httpd_keytab_t httpd_config_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, httpd_log_t)
+
+	admin_pattern($1, httpd_modules_t)
+
+	admin_pattern($1, httpd_lock_t)
+	files_lock_filetrans($1, httpd_lock_t, file)
+
+	admin_pattern($1, httpd_runtime_t)
+	files_pid_filetrans($1, httpd_runtime_t, file)
+
+	admin_pattern($1, { httpdcontent httpd_script_exec_type httpd_htaccess_type })
+	admin_pattern($1, { httpd_tmp_t httpd_suexec_tmp_t })
+
+	apache_run_all_scripts($1, $2)
+	apache_run_helper($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `apache_admin'($*)) dnl
+	')
+
+## <summary>Cluster mirror log daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run cmirrord.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cmirrord_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cmirrord_domtrans'($*)) dnl
+	
+	gen_require(`
+		type cmirrord_t, cmirrord_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cmirrord_exec_t, cmirrord_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cmirrord_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cmirrord server in the
+##	cmirrord domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`cmirrord_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cmirrord_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type cmirrord_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, cmirrord_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cmirrord_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cmirrord PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cmirrord_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cmirrord_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type cmirrord_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 cmirrord_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cmirrord_read_pid_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write cmirrord shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cmirrord_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cmirrord_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type cmirrord_t, cmirrord_tmpfs_t;
+	')
+
+	allow $1 cmirrord_t:shm rw_shm_perms;
+
+	allow $1 cmirrord_tmpfs_t:dir list_dir_perms;
+	rw_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
+	read_lnk_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cmirrord_rw_shm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cmirrord environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cmirrord_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cmirrord_admin'($*)) dnl
+	
+	gen_require(`
+		type cmirrord_t, cmirrord_initrc_exec_t, cmirrord_runtime_t;
+	')
+
+	allow $1 cmirrord_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cmirrord_t)
+
+	init_startstop_service($1, $2, cmirrord_t, cmirrord_initrc_exec_t)
+
+	files_list_pids($1)
+	admin_pattern($1, cmirrord_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cmirrord_admin'($*)) dnl
+	')
+
+## <summary>DBus fingerprint reader service.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run fprintd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`fprintd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fprintd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type fprintd_t, fprintd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, fprintd_exec_t, fprintd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fprintd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	fprintd over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fprintd_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fprintd_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type fprintd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 fprintd_t:dbus send_msg;
+	allow fprintd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fprintd_dbus_chat'($*)) dnl
+	')
+
+## <summary>Internet News NNTP server.</summary>
+
+########################################
+## <summary>
+##	Execute innd in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`inn_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_exec'($*)) dnl
+	
+	gen_require(`
+		type innd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, innd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute inn configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`inn_exec_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_exec_config'($*)) dnl
+	
+	gen_require(`
+		type innd_etc_t;
+	')
+
+	files_search_etc($1)
+	exec_files_pattern($1, innd_etc_t, innd_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_exec_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	innd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`inn_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_manage_log'($*)) dnl
+	
+	gen_require(`
+		type innd_log_t;
+	')
+
+	manage_files_pattern($1, innd_log_t, innd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	log directories with the innd log file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`inn_generic_log_filetrans_innd_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_generic_log_filetrans_innd_log'($*)) dnl
+	
+	gen_require(`
+		type innd_log_t;
+	')
+
+	logging_log_filetrans($1, innd_log_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_generic_log_filetrans_innd_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	innd pid content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`inn_manage_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_manage_pid'($*)) dnl
+	
+	gen_require(`
+		type innd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 innd_runtime_t:dir manage_dir_perms;
+	allow $1 innd_runtime_t:file manage_file_perms;
+	allow $1 innd_runtime_t:sock_file manage_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_manage_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read innd configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+
+#
+ 	 	define(`inn_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_read_config'($*)) dnl
+	
+	gen_require(`
+		type innd_etc_t;
+	')
+
+	allow $1 innd_etc_t:dir list_dir_perms;
+	allow $1 innd_etc_t:file read_file_perms;
+	allow $1 innd_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read innd news library content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`inn_read_news_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_read_news_lib'($*)) dnl
+	
+	gen_require(`
+		type innd_var_lib_t;
+	')
+
+	allow $1 innd_var_lib_t:dir list_dir_perms;
+	allow $1 innd_var_lib_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_read_news_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read innd news spool content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`inn_read_news_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_read_news_spool'($*)) dnl
+	
+	gen_require(`
+		type news_spool_t;
+	')
+
+	allow $1 news_spool_t:dir list_dir_perms;
+	allow $1 news_spool_t:file read_file_perms;
+	allow $1 news_spool_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_read_news_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send to a innd unix dgram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`inn_dgram_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_dgram_send'($*)) dnl
+	
+	gen_require(`
+		type innd_t, innd_runtime_t;
+	')
+
+	files_search_pids($1)
+	dgram_send_pattern($1, innd_runtime_t, innd_runtime_t, innd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_dgram_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute innd in the innd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`inn_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_domtrans'($*)) dnl
+	
+	gen_require(`
+		type innd_t, innd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, innd_exec_t, innd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an inn environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`inn_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inn_admin'($*)) dnl
+	
+	gen_require(`
+		type innd_t, innd_etc_t, innd_log_t;
+		type news_spool_t, innd_var_lib_t;
+		type innd_runtime_t, innd_initrc_exec_t;
+	')
+
+	init_startstop_service($1, $2, innd_t, innd_initrc_exec_t)
+
+	allow $1 innd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, innd_t)
+
+	files_list_etc($1)
+	admin_pattern($1, innd_etc_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, innd_log_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, innd_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, innd_runtime_t)
+
+	files_list_spool($1)
+	admin_pattern($1, news_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inn_admin'($*)) dnl
+	')
+
+## <summary>A network traffic probe similar to the UNIX top command.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ntop environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ntop_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntop_admin'($*)) dnl
+	
+	gen_require(`
+		type ntop_t, ntop_etc_t, ntop_runtime_t;
+		type ntop_initrc_exec_t, ntop_var_lib_t;
+	')
+
+	allow $1 ntop_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ntop_t)
+
+	init_startstop_service($1, $2, ntop_t, ntop_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, ntop_etc_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, ntop_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, ntop_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntop_admin'($*)) dnl
+	')
+
+## <summary>Gnome clock handler for setting the time.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run gnomeclock.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`gnomeclock_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnomeclock_domtrans'($*)) dnl
+	
+	gen_require(`
+		type gnomeclock_t, gnomeclock_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, gnomeclock_exec_t, gnomeclock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnomeclock_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute gnomeclock in the gnomeclock
+##	domain, and allow the specified
+##	role the gnomeclock domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnomeclock_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnomeclock_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role gnomeclock_roles;
+	')
+
+	gnomeclock_domtrans($1)
+	roleattribute $2 gnomeclock_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnomeclock_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	gnomeclock over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnomeclock_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnomeclock_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type gnomeclock_t;
+		class dbus send_msg;
+	')
+
+	allow $1 gnomeclock_t:dbus send_msg;
+	allow gnomeclock_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnomeclock_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send and
+##	receive messages from gnomeclock
+##	over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`gnomeclock_dontaudit_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gnomeclock_dontaudit_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type gnomeclock_t;
+		class dbus send_msg;
+	')
+
+	dontaudit $1 gnomeclock_t:dbus send_msg;
+	dontaudit gnomeclock_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gnomeclock_dontaudit_dbus_chat'($*)) dnl
+	')
+
+## <summary>Monit - utility for monitoring services on a Unix system.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run monit cli.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`monit_domtrans_cli',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `monit_domtrans_cli'($*)) dnl
+	
+	gen_require(`
+		type monit_cli_t, monit_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, monit_exec_t, monit_cli_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `monit_domtrans_cli'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute monit in the monit cli domain,
+##	and allow the specified role
+##	the monit cli domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`monit_run_cli',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `monit_run_cli'($*)) dnl
+	
+	gen_require(`
+		attribute_role monit_cli_roles;
+	')
+
+	monit_domtrans_cli($1)
+	roleattribute $2 monit_cli_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `monit_run_cli'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Reload the monit daemon.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`monit_reload',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `monit_reload'($*)) dnl
+	
+	gen_require(`
+		class service { reload status };
+		type monit_initrc_exec_t, monit_unit_t;
+	')
+
+	allow $1 { monit_initrc_exec_t monit_unit_t }:service { reload status };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `monit_reload'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Start and stop the monit daemon.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`monit_startstop_service',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `monit_startstop_service'($*)) dnl
+	
+	gen_require(`
+		class service { start status stop };
+		type monit_initrc_exec_t, monit_unit_t;
+	')
+
+	allow $1 { monit_initrc_exec_t monit_unit_t }:service { start status stop };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `monit_startstop_service'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an monit environment.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <param name="role">
+##      <summary>
+##      Role allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`monit_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `monit_admin'($*)) dnl
+	
+	gen_require(`
+		type monit_t, monit_conf_t, monit_initrc_exec_t;
+		type monit_log_t, monit_runtime_t;
+		type monit_unit_t, monit_var_lib_t;
+	')
+
+	admin_process_pattern($1, monit_t)
+
+	init_startstop_service($1, $2, monit_t, monit_initrc_exec_t, monit_unit_t)
+
+	files_search_etc($1)
+	admin_pattern($1, monit_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, monit_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, monit_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, monit_var_lib_t)
+
+	monit_run_cli($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `monit_admin'($*)) dnl
+	')
+
+## <summary>Advanced key-value store.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an redis environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`redis_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `redis_admin'($*)) dnl
+	
+	gen_require(`
+		type redis_t, redis_initrc_exec_t, redis_var_lib_t;
+		type redis_log_t, redis_runtime_t, redis_conf_t;
+	')
+
+	allow $1 redis_t:process { ptrace signal_perms };
+	ps_process_pattern($1, redis_t)
+
+	init_startstop_service($1, $2, redis_t, redis_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, redis_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, redis_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, redis_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, redis_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `redis_admin'($*)) dnl
+	')
+
+## <summary>Remote certificate distribution framework.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run certmaster.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`certmaster_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmaster_domtrans'($*)) dnl
+	
+	gen_require(`
+		type certmaster_t, certmaster_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, certmaster_exec_t, certmaster_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmaster_domtrans'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Execute certmaster in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmaster_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmaster_exec'($*)) dnl
+	
+	gen_require(`
+		type certmaster_exec_t;
+	')
+
+	can_exec($1, certmaster_exec_t)
+	corecmd_search_bin($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmaster_exec'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	read certmaster logs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmaster_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmaster_read_log'($*)) dnl
+	
+	gen_require(`
+		type certmaster_var_log_t;
+	')
+
+	read_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmaster_read_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Append certmaster log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmaster_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmaster_append_log'($*)) dnl
+	
+	gen_require(`
+		type certmaster_var_log_t;
+	')
+
+	append_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmaster_append_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	certmaster log content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmaster_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmaster_manage_log'($*)) dnl
+	
+	gen_require(`
+		type certmaster_var_log_t;
+	')
+
+	manage_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
+	manage_lnk_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmaster_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an certmaster environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`certmaster_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmaster_admin'($*)) dnl
+	
+	gen_require(`
+		type certmaster_t, certmaster_runtime_t, certmaster_var_lib_t;
+		type certmaster_etc_rw_t, certmaster_var_log_t;
+		type certmaster_initrc_exec_t;
+	')
+
+	allow $1 certmaster_t:process { ptrace signal_perms };
+	ps_process_pattern($1, certmaster_t)
+
+	init_startstop_service($1, $2, certmaster_t, certmaster_initrc_exec_t)
+
+	files_list_etc($1)
+	miscfiles_manage_generic_cert_dirs($1)
+	miscfiles_manage_generic_cert_files($1)
+
+	admin_pattern($1, certmaster_etc_rw_t)
+
+	files_list_pids($1)
+	admin_pattern($1, certmaster_runtime_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, certmaster_var_log_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, certmaster_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmaster_admin'($*)) dnl
+	')
+
+## <summary>Who is logged in on other machines?</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run rwho.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`rwho_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rwho_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rwho_t, rwho_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rwho_exec_t, rwho_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rwho_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search rwho log directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rwho_search_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rwho_search_log'($*)) dnl
+	
+	gen_require(`
+		type rwho_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 rwho_log_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rwho_search_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rwho log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rwho_read_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rwho_read_log_files'($*)) dnl
+	
+	gen_require(`
+		type rwho_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 rwho_log_t:dir list_dir_perms;
+	allow $1 rwho_log_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rwho_read_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search rwho spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rwho_search_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rwho_search_spool'($*)) dnl
+	
+	gen_require(`
+		type rwho_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 rwho_spool_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rwho_search_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rwho spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rwho_read_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rwho_read_spool_files'($*)) dnl
+	
+	gen_require(`
+		type rwho_spool_t;
+	')
+
+	files_search_spool($1)
+	read_files_pattern($1, rwho_spool_t, rwho_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rwho_read_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rwho spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rwho_manage_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rwho_manage_spool_files'($*)) dnl
+	
+	gen_require(`
+		type rwho_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_files_pattern($1, rwho_spool_t, rwho_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rwho_manage_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rwho environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rwho_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rwho_admin'($*)) dnl
+	
+	gen_require(`
+		type rwho_t, rwho_log_t, rwho_spool_t;
+		type rwho_initrc_exec_t;
+	')
+
+	allow $1 rwho_t:process { ptrace signal_perms };
+	ps_process_pattern($1, rwho_t)
+
+	init_startstop_service($1, $2, rwho_t, rwho_initrc_exec_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, rwho_log_t)
+
+	files_list_spool($1)
+	admin_pattern($1, rwho_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rwho_admin'($*)) dnl
+	')
+
+## <summary>DNS forwarder and DHCP server.</summary>
+
+########################################
+## <summary>
+##	Execute dnsmasq server in the dnsmasq domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`dnsmasq_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_exec_t, dnsmasq_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dnsmasq_exec_t, dnsmasq_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the dnsmasq init script in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`dnsmasq_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to dnsmasq.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`dnsmasq_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_signal'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_t;
+	')
+
+	allow $1 dnsmasq_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to dnsmasq.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`dnsmasq_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_signull'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_t;
+	')
+
+	allow $1 dnsmasq_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to dnsmasq.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`dnsmasq_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_kill'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_t;
+	')
+
+	allow $1 dnsmasq_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read dnsmasq config files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`dnsmasq_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_read_config'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_etc_t;
+	')
+
+	read_files_pattern($1, dnsmasq_etc_t, dnsmasq_etc_t)
+	files_search_etc($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write dnsmasq config files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`dnsmasq_write_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_write_config'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_etc_t;
+	')
+
+	write_files_pattern($1, dnsmasq_etc_t, dnsmasq_etc_t)
+	files_search_etc($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_write_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete dnsmasq pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`dnsmasq_delete_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_delete_pid_files'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_runtime_t;
+	')
+
+	delete_files_pattern($1, dnsmasq_runtime_t, dnsmasq_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_delete_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	dnsmasq pid files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dnsmasq_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, dnsmasq_runtime_t, dnsmasq_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read dnsmasq pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`dnsmasq_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_runtime_t;
+	')
+
+	read_files_pattern($1, dnsmasq_runtime_t, dnsmasq_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create dnsmasq pid directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dnsmasq_create_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_create_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 dnsmasq_runtime_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_create_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in specified
+##	directories with a type transition to
+##	the dnsmasq pid file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	Directory to transition on.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`dnsmasq_spec_filetrans_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_spec_filetrans_pid'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_runtime_t;
+	')
+
+	filetrans_pattern($1, $2, dnsmasq_runtime_t, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_spec_filetrans_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dnsmasq environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dnsmasq_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dnsmasq_admin'($*)) dnl
+	
+	gen_require(`
+		type dnsmasq_t, dnsmasq_lease_t, dnsmasq_runtime_t;
+		type dnsmasq_initrc_exec_t, dnsmasq_var_log_t;
+	')
+
+	allow $1 dnsmasq_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dnsmasq_t)
+
+	init_startstop_service($1, $2, dnsmasq_t, dnsmasq_initrc_exec_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, dnsmasq_lease_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, dnsmasq_var_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, dnsmasq_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dnsmasq_admin'($*)) dnl
+	')
+
+## <summary>Clustered Mirror Log Server.</summary>
+
+######################################
+## <summary>
+##	Execute a domain transition to run clogd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`clogd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clogd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type clogd_t, clogd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, clogd_exec_t, clogd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clogd_domtrans'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read and write clogd semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clogd_rw_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clogd_rw_semaphores'($*)) dnl
+	
+	gen_require(`
+		type clogd_t;
+	')
+
+	allow $1 clogd_t:sem rw_sem_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clogd_rw_semaphores'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write clogd shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clogd_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clogd_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type clogd_t, clogd_tmpfs_t;
+	')
+
+	allow $1 clogd_t:shm rw_shm_perms;
+	allow $1 clogd_tmpfs_t:dir list_dir_perms;
+	rw_files_pattern($1, clogd_tmpfs_t, clogd_tmpfs_t)
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clogd_rw_shm'($*)) dnl
+	')
+
+## <summary>Clock speed measurement and manipulation.</summary>
+
+########################################
+## <summary>
+##	Execute clockspeed utilities in
+##	the clockspeed_cli domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`clockspeed_domtrans_cli',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clockspeed_domtrans_cli'($*)) dnl
+	
+	gen_require(`
+		type clockspeed_cli_t, clockspeed_cli_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, clockspeed_cli_exec_t, clockspeed_cli_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clockspeed_domtrans_cli'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute clockspeed utilities in the
+##	clockspeed cli domain, and allow the
+##	specified role the clockspeed cli domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`clockspeed_run_cli',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clockspeed_run_cli'($*)) dnl
+	
+	gen_require(`
+		attribute_role clockspeed_cli_roles;
+	')
+
+	clockspeed_domtrans_cli($1)
+	roleattribute $2 clockspeed_cli_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clockspeed_run_cli'($*)) dnl
+	')
+
+## <summary>Filesystem automounter service.</summary>
+
+########################################
+## <summary>
+##	Execute automount in the automount domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`automount_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `automount_domtrans'($*)) dnl
+	
+	gen_require(`
+		type automount_t, automount_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, automount_exec_t, automount_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `automount_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to automount.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`automount_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `automount_signal'($*)) dnl
+	
+	gen_require(`
+		type automount_t;
+	')
+
+	allow $1 automount_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `automount_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read automount process state.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to allow access.
+##	</summary>
+## </param>
+#
+ 	 	define(`automount_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `automount_read_state'($*)) dnl
+	
+	gen_require(`
+		type automount_t;
+	')
+
+	kernel_search_proc($1)
+	allow $1 automount_t:dir list_dir_perms;
+	read_files_pattern($1, automount_t, automount_t)
+	read_lnk_files_pattern($1, automount_t, automount_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `automount_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use
+##	automount file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`automount_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `automount_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type automount_t;
+	')
+
+	dontaudit $1 automount_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `automount_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write
+##	automount unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`automount_dontaudit_write_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `automount_dontaudit_write_pipes'($*)) dnl
+	
+	gen_require(`
+		type automount_t;
+	')
+
+	dontaudit $1 automount_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `automount_dontaudit_write_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get
+##	attributes of automount temporary
+##	directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`automount_dontaudit_getattr_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `automount_dontaudit_getattr_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type automount_tmp_t;
+	')
+
+	dontaudit $1 automount_tmp_t:dir getattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `automount_dontaudit_getattr_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an automount environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`automount_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `automount_admin'($*)) dnl
+	
+	gen_require(`
+		type automount_t, automount_lock_t, automount_tmp_t;
+		type automount_runtime_t, automount_initrc_exec_t;
+		type automount_keytab_t;
+	')
+
+	allow $1 automount_t:process { ptrace signal_perms };
+	ps_process_pattern($1, automount_t)
+
+	init_startstop_service($1, $2, automount_t, automount_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, automount_keytab_t)
+
+	files_list_var($1)
+	admin_pattern($1, automount_lock_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, automount_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, automount_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `automount_admin'($*)) dnl
+	')
+
+## <summary>Distributed checksum clearinghouse spam filtering.</summary>
+
+########################################
+## <summary>
+##	Execute cdcc in the cdcc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dcc_domtrans_cdcc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dcc_domtrans_cdcc'($*)) dnl
+	
+	gen_require(`
+		type cdcc_t, cdcc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cdcc_exec_t, cdcc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dcc_domtrans_cdcc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cdcc in the cdcc domain, and
+##	allow the specified role the
+##	cdcc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dcc_run_cdcc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dcc_run_cdcc'($*)) dnl
+	
+	gen_require(`
+		attribute_role cdcc_roles;
+	')
+
+	dcc_domtrans_cdcc($1)
+	roleattribute $2 cdcc_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dcc_run_cdcc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dcc client in the dcc
+##	client domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dcc_domtrans_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dcc_domtrans_client'($*)) dnl
+	
+	gen_require(`
+		type dcc_client_t, dcc_client_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dcc_client_exec_t, dcc_client_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dcc_domtrans_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to dcc client.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dcc_signal_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dcc_signal_client'($*)) dnl
+	
+	gen_require(`
+		type dcc_client_t;
+	')
+
+	allow $1 dcc_client_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dcc_signal_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dcc client in the dcc
+##	client domain, and allow the
+##	specified role the dcc client domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dcc_run_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dcc_run_client'($*)) dnl
+	
+	gen_require(`
+		attribute_role dcc_client_roles;
+	')
+
+	dcc_domtrans_client($1)
+	roleattribute $2 dcc_client_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dcc_run_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dbclean in the dcc dbclean domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dcc_domtrans_dbclean',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dcc_domtrans_dbclean'($*)) dnl
+	
+	gen_require(`
+		type dcc_dbclean_t, dcc_dbclean_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dcc_dbclean_exec_t, dcc_dbclean_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dcc_domtrans_dbclean'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dbclean in the dcc dbclean
+##	domain, and allow the specified
+##	role the dcc dbclean domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dcc_run_dbclean',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dcc_run_dbclean'($*)) dnl
+	
+	gen_require(`
+		attribute_role dcc_dbclean_roles;
+	')
+
+	dcc_domtrans_dbclean($1)
+	roleattribute $2 dcc_dbclean_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dcc_run_dbclean'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to dccifd over a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dcc_stream_connect_dccifd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dcc_stream_connect_dccifd'($*)) dnl
+	
+	gen_require(`
+		type dcc_var_t, dccifd_runtime_t, dccifd_t;
+	')
+
+	files_search_var($1)
+	stream_connect_pattern($1, dcc_var_t, dccifd_runtime_t, dccifd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dcc_stream_connect_dccifd'($*)) dnl
+	')
+
+## <summary>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture.</summary>
+
+########################################
+## <summary>
+##	Execute avahi server in the avahi domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_domtrans'($*)) dnl
+	
+	gen_require(`
+		type avahi_exec_t, avahi_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, avahi_exec_t, avahi_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute avahi init scripts in the
+##	init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type avahi_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, avahi_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to avahi.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_signal'($*)) dnl
+	
+	gen_require(`
+		type avahi_t;
+	')
+
+	allow $1 avahi_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to avahi.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_kill'($*)) dnl
+	
+	gen_require(`
+		type avahi_t;
+	')
+
+	allow $1 avahi_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to avahi.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_signull'($*)) dnl
+	
+	gen_require(`
+		type avahi_t;
+	')
+
+	allow $1 avahi_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	avahi over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type avahi_t;
+		class dbus send_msg;
+	')
+
+	allow $1 avahi_t:dbus send_msg;
+	allow avahi_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to avahi using a unix
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type avahi_t, avahi_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, avahi_runtime_t, avahi_runtime_t, avahi_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create avahi pid directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_create_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_create_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type avahi_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 avahi_runtime_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_create_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of avahi pid directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_setattr_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_setattr_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type avahi_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 avahi_runtime_t:dir setattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_setattr_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, and write avahi pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type avahi_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, avahi_runtime_t, avahi_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search
+##	avahi pid directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_dontaudit_search_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_dontaudit_search_pid'($*)) dnl
+	
+	gen_require(`
+		type avahi_runtime_t;
+	')
+
+	dontaudit $1 avahi_runtime_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_dontaudit_search_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	pid directories with the avahi pid file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`avahi_filetrans_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_filetrans_pid'($*)) dnl
+	
+	gen_require(`
+		type avahi_runtime_t;
+	')
+
+	files_pid_filetrans($1, avahi_runtime_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_filetrans_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an avahi environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`avahi_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `avahi_admin'($*)) dnl
+	
+	gen_require(`
+		type avahi_t, avahi_runtime_t, avahi_initrc_exec_t;
+		type avahi_var_lib_t;
+	')
+
+	allow $1 avahi_t:process { ptrace signal_perms };
+	ps_process_pattern($1, avahi_t)
+
+	init_startstop_service($1, $2, avahi_t, avahi_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, avahi_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, avahi_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `avahi_admin'($*)) dnl
+	')
+
+## <summary>Alcatel speedtouch USB ADSL modem</summary>
+## <summary>Control Group manager daemon.</summary>
+
+########################################
+## <summary>
+##	Connect to cgmanager with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cgmanager_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cgmanager_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type cgmanager_t, cgmanager_cgroup_t;
+	')
+
+	fs_search_cgroup_dirs($1)
+	list_dirs_pattern($1, cgmanager_cgroup_t, cgmanager_cgroup_t)
+	stream_connect_pattern($1, cgmanager_cgroup_t, cgmanager_cgroup_t, cgmanager_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cgmanager_stream_connect'($*)) dnl
+	')
+
+## <summary>Dante msproxy and socks4/5 proxy server.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dante environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dante_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dante_admin'($*)) dnl
+	
+	gen_require(`
+		type dante_t, dante_conf_t, dante_runtime_t;
+		type dante_initrc_exec_t;
+	')
+
+	allow $1 dante_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dante_t)
+
+	init_startstop_service($1, $2, dante_t, dante_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, dante_conf_t)
+
+	files_search_pids($1)
+	admin_pattern($1, dante_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dante_admin'($*)) dnl
+	')
+
+## <summary>Name service cache daemon.</summary>
+
+########################################
+## <summary>
+##	Send generic signals to nscd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_signal'($*)) dnl
+	
+	gen_require(`
+		type nscd_t;
+	')
+
+	allow $1 nscd_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to nscd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_kill'($*)) dnl
+	
+	gen_require(`
+		type nscd_t;
+	')
+
+	allow $1 nscd_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to nscd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_signull'($*)) dnl
+	
+	gen_require(`
+		type nscd_t;
+	')
+
+	allow $1 nscd_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute nscd in the nscd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type nscd_t, nscd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, nscd_exec_t, nscd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute nscd in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_exec'($*)) dnl
+	
+	gen_require(`
+		type nscd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, nscd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use nscd services by connecting using
+##	a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_socket_use',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_socket_use'($*)) dnl
+	
+	gen_require(`
+		type nscd_t, nscd_runtime_t;
+		class nscd { getserv getpwd getgrp gethost shmempwd shmemgrp shmemhost shmemserv };
+	')
+
+	allow $1 self:unix_stream_socket create_socket_perms;
+
+	allow $1 nscd_t:nscd { getpwd getgrp gethost };
+
+	dontaudit $1 nscd_t:fd use;
+	dontaudit $1 nscd_t:nscd { getserv shmempwd shmemgrp shmemhost shmemserv };
+
+	files_search_pids($1)
+	stream_connect_pattern($1, nscd_runtime_t, nscd_runtime_t, nscd_t)
+	dontaudit $1 nscd_runtime_t:file read_file_perms;
+
+	ps_process_pattern(nscd_t, $1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_socket_use'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use nscd services by mapping the
+##	database from an inherited nscd
+##	file descriptor.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_shm_use',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_shm_use'($*)) dnl
+	
+	gen_require(`
+		type nscd_t, nscd_runtime_t;
+		class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
+	')
+
+	allow $1 self:unix_stream_socket create_stream_socket_perms;
+
+	allow $1 nscd_t:nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost };
+	allow $1 nscd_t:fd use;
+
+	files_search_pids($1)
+	stream_connect_pattern($1, nscd_runtime_t, nscd_runtime_t, nscd_t)
+	dontaudit $1 nscd_runtime_t:file read_file_perms;
+
+	allow $1 nscd_runtime_t:dir list_dir_perms;
+	allow $1 nscd_runtime_t:sock_file read_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_shm_use'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use nscd services.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_use',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_use'($*)) dnl
+	
+	tunable_policy(`nscd_use_shm',`
+		nscd_shm_use($1)
+	',`
+		nscd_socket_use($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_use'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search
+##	nscd pid directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_dontaudit_search_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_dontaudit_search_pid'($*)) dnl
+	
+	gen_require(`
+		type nscd_runtime_t;
+	')
+
+	dontaudit $1 nscd_runtime_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_dontaudit_search_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read nscd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_read_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_read_pid'($*)) dnl
+	
+	gen_require(`
+		type nscd_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, nscd_runtime_t, nscd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_read_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to nscd services.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_unconfined'($*)) dnl
+	
+	gen_require(`
+		type nscd_t;
+		class nscd all_nscd_perms;
+	')
+
+	allow $1 nscd_t:nscd { getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost getserv shmemserv };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute nscd in the nscd domain, and
+##	allow the specified role the nscd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role nscd_roles;
+	')
+
+	nscd_domtrans($1)
+	roleattribute $2 nscd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the nscd server init
+##	script in the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`nscd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type nscd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, nscd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an nscd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nscd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nscd_admin'($*)) dnl
+	
+	gen_require(`
+		type nscd_t, nscd_log_t, nscd_runtime_t;
+		type nscd_initrc_exec_t;
+	')
+
+	allow $1 nscd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, nscd_t)
+
+	init_startstop_service($1, $2, nscd_t, nscd_initrc_exec_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, nscd_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, nscd_runtime_t)
+
+	nscd_run($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nscd_admin'($*)) dnl
+	')
+
+## <summary>AccountsService and daemon for manipulating user account information via D-Bus.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run accountsd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`accountsd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `accountsd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type accountsd_t, accountsd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, accountsd_exec_t, accountsd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `accountsd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write Accounts Daemon fifo files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`accountsd_dontaudit_rw_fifo_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `accountsd_dontaudit_rw_fifo_file'($*)) dnl
+	
+	gen_require(`
+		type accountsd_t;
+	')
+
+	dontaudit $1 accountsd_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `accountsd_dontaudit_rw_fifo_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	accountsd over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`accountsd_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `accountsd_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type accountsd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 accountsd_t:dbus send_msg;
+	allow accountsd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `accountsd_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search accountsd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`accountsd_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `accountsd_search_lib'($*)) dnl
+	
+	gen_require(`
+		type accountsd_var_lib_t;
+	')
+
+	allow $1 accountsd_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `accountsd_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read accountsd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`accountsd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `accountsd_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type accountsd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 accountsd_var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `accountsd_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	accountsd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`accountsd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `accountsd_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type accountsd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, accountsd_var_lib_t, accountsd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `accountsd_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an accountsd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`accountsd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `accountsd_admin'($*)) dnl
+	
+	gen_require(`
+		type accountsd_t;
+	')
+
+	allow $1 accountsd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, accountsd_t)
+
+	accountsd_manage_lib_files($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `accountsd_admin'($*)) dnl
+	')
+
+## <summary>Jabber instant messaging servers.</summary>
+
+#######################################
+## <summary>
+##	The template to define a jabber domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`jabber_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `jabber_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute jabberd_domain;
+	')
+
+	type $1_t, jabberd_domain;
+	type $1_exec_t;
+	init_daemon_domain($1_t, $1_exec_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `jabber_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	jabber lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`jabber_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `jabber_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type jabberd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `jabber_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an jabber environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`jabber_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `jabber_admin'($*)) dnl
+	
+	gen_require(`
+		attribute jabberd_domain;
+		type jabberd_lock_t, jabberd_log_t, jabberd_spool_t;
+		type jabberd_var_lib_t, jabberd_runtime_t, jabberd_initrc_exec_t;
+	')
+
+	allow $1 jabberd_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, jabberd_domain)
+
+	init_startstop_service($1, $2, jabberd_domain, jabberd_initrc_exec_t)
+
+	files_search_locks($1)
+	admin_pattern($1, jabberd_lock_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, jabberd_log_t)
+
+	files_search_spool($1)
+	admin_pattern($1, jabberd_spool_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, jabberd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, jabberd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `jabber_admin'($*)) dnl
+	')
+
+## <summary>Comsat, a biff server.</summary>
+## <summary>Service for downloading news feeds the slrn newsreader.</summary>
+
+########################################
+## <summary>
+##	Search slrnpull spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`slrnpull_search_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `slrnpull_search_spool'($*)) dnl
+	
+	gen_require(`
+		type slrnpull_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 slrnpull_spool_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `slrnpull_search_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	slrnpull spool content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`slrnpull_manage_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `slrnpull_manage_spool'($*)) dnl
+	
+	gen_require(`
+		type slrnpull_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_dirs_pattern($1, slrnpull_spool_t, slrnpull_spool_t)
+	manage_files_pattern($1, slrnpull_spool_t, slrnpull_spool_t)
+	manage_lnk_files_pattern($1, slrnpull_spool_t, slrnpull_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `slrnpull_manage_spool'($*)) dnl
+	')
+
+## <summary>Cluster File System binary, daemon and command line.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an glusterfs environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`glusterfs_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `glusterfs_admin'($*)) dnl
+	
+	gen_require(`
+		type glusterd_t, glusterd_initrc_exec_t, glusterd_log_t;
+		type glusterd_tmp_t, glusterd_conf_t, glusterd_var_lib_t;
+		type glusterd_runtime_t;
+	')
+
+	init_startstop_service($1, $2, glusterd_t, glusterd_initrc_exec_t)
+
+	allow $1 glusterd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, glusterd_t)
+
+	files_search_etc($1)
+	admin_pattern($1, glusterd_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, glusterd_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, glusterd_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, glusterd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, glusterd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `glusterfs_admin'($*)) dnl
+	')
+
+## <summary>Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run modemmanager.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`modemmanager_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modemmanager_domtrans'($*)) dnl
+	
+	gen_require(`
+		type modemmanager_t, modemmanager_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, modemmanager_exec_t, modemmanager_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modemmanager_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	modemmanager over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modemmanager_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modemmanager_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type modemmanager_t;
+		class dbus send_msg;
+	')
+
+	allow $1 modemmanager_t:dbus send_msg;
+	allow modemmanager_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modemmanager_dbus_chat'($*)) dnl
+	')
+
+## <summary>Statistics collection daemon for filling RRD files.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an collectd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`collectd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `collectd_admin'($*)) dnl
+	
+	gen_require(`
+		type collectd_t, collectd_initrc_exec_t, collectd_runtime_t;
+		type collectd_var_lib_t;
+	')
+
+	allow $1 collectd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, collectd_t)
+
+	init_startstop_service($1, $2, collectd_t, collectd_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, collectd_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, collectd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `collectd_admin'($*)) dnl
+	')
+
+## <summary>RPC port mapping service.</summary>
+
+########################################
+## <summary>
+##	Execute portmap helper in the helper domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`portmap_domtrans_helper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portmap_domtrans_helper'($*)) dnl
+	
+	gen_require(`
+		type portmap_helper_t, portmap_helper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, portmap_helper_exec_t, portmap_helper_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portmap_domtrans_helper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute portmap helper in the helper
+##	domain, and allow the specified role
+##	the helper domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`portmap_run_helper',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portmap_run_helper'($*)) dnl
+	
+	gen_require(`
+		attribute_role portmap_helper_roles;
+	')
+
+	portmap_domtrans_helper($1)
+	roleattribute $2 portmap_helper_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portmap_run_helper'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an portmap environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`portmap_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portmap_admin'($*)) dnl
+	
+	gen_require(`
+		type portmap_t, portmap_initrc_exec_t, portmap_helper_t;
+		type portmap_runtime_t, portmap_tmp_t;
+	')
+
+	allow $1 { portmap_t portmap_helper_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { portmap_t portmap_helper_t })
+
+	init_startstop_service($1, $2, portmap_t, portmap_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, portmap_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, portmap_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portmap_admin'($*)) dnl
+	')
+
+## <summary>A scalable high-availability cluster resource manager.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an pacemaker environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pacemaker_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pacemaker_admin'($*)) dnl
+	
+	gen_require(`
+		type pacemaker_t, pacemaker_initrc_exec_t, pacemaker_var_lib_t;
+		type pacemaker_runtime_t;
+	')
+
+	allow $1 pacemaker_t:process { ptrace signal_perms };
+	ps_process_pattern($1, pacemaker_t)
+
+	init_startstop_service($1, $2, pacemaker_t, pacemaker_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, pacemaker_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, pacemaker_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pacemaker_admin'($*)) dnl
+	')
+
+## <summary>MIDI to WAV converter and player configured as a service.</summary>
+## <summary>Intel LLDP Agent.</summary>
+
+#######################################
+## <summary>
+##	Send to lldpad with a unix dgram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lldpad_dgram_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lldpad_dgram_send'($*)) dnl
+	
+	gen_require(`
+		type lldpad_t, lldpad_runtime_t;
+	')
+
+	files_search_pids($1)
+	dgram_send_pattern($1, lldpad_runtime_t, lldpad_runtime_t, lldpad_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lldpad_dgram_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an lldpad environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lldpad_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lldpad_admin'($*)) dnl
+	
+	gen_require(`
+		type lldpad_t, lldpad_initrc_exec_t, lldpad_var_lib_t;
+		type lldpad_runtime_t;
+	')
+
+	allow $1 lldpad_t:process { ptrace signal_perms };
+	ps_process_pattern($1, lldpad_t)
+
+	init_startstop_service($1, $2, lldpad_t, lldpad_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, lldpad_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, lldpad_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lldpad_admin'($*)) dnl
+	')
+
+## <summary>Spice agent for Linux.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run vdagent.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vdagent_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vdagent_domtrans'($*)) dnl
+	
+	gen_require(`
+		type vdagent_t, vdagent_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, vdagent_exec_t, vdagent_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vdagent_domtrans'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Get attributes of vdagent executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vdagent_getattr_exec_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vdagent_getattr_exec_files'($*)) dnl
+	
+	gen_require(`
+		type vdagent_exec_t;
+	')
+
+	allow $1 vdagent_exec_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vdagent_getattr_exec_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Get attributes of vdagent log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vdagent_getattr_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vdagent_getattr_log'($*)) dnl
+	
+	gen_require(`
+		type vdagent_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 vdagent_log_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vdagent_getattr_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read vdagent pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vdagent_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vdagent_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type vdagent_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 vdagent_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vdagent_read_pid_files'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to vdagent with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`vdagent_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vdagent_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type vdagent_runtime_t, vdagent_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, vdagent_runtime_t, vdagent_runtime_t, vdagent_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vdagent_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an vdagent environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`vdagent_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `vdagent_admin'($*)) dnl
+	
+	gen_require(`
+		type vdagent_t, vdagent_runtime_t, vdagentd_initrc_exec_t;
+		type vdagent_log_t;
+	')
+
+	allow $1 vdagent_t:process signal_perms;
+	ps_process_pattern($1, vdagent_t)
+
+	init_startstop_service($1, $2, vdagentd_t, vdagentd_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, vdagent_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, vdagent_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `vdagent_admin'($*)) dnl
+	')
+
+## <summary>Service daemon with a D-BUS interface that provides a dynamic managed firewall.</summary>
+
+########################################
+## <summary>
+##	Read firewalld configuration files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`firewalld_read_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firewalld_read_config_files'($*)) dnl
+	
+	gen_require(`
+		type firewalld_etc_rw_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, firewalld_etc_rw_t, firewalld_etc_rw_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firewalld_read_config_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	firewalld over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`firewalld_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firewalld_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type firewalld_t;
+		class dbus send_msg;
+	')
+
+	allow $1 firewalld_t:dbus send_msg;
+	allow firewalld_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firewalld_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read, snd
+##	write firewalld temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`firewalld_dontaudit_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firewalld_dontaudit_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type firewalld_tmp_t;
+	')
+
+	dontaudit $1 firewalld_tmp_t:file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firewalld_dontaudit_rw_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read firewalld runtime files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`firewalld_read_var_run_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firewalld_read_var_run_files'($*)) dnl
+	
+	gen_require(`
+		type firewalld_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, firewalld_runtime_t, firewalld_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firewalld_read_var_run_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an firewalld environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`firewalld_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `firewalld_admin'($*)) dnl
+	
+	gen_require(`
+		type firewalld_t, firewalld_initrc_exec_t;
+		type firewalld_etc_rw_t, firewalld_runtime_t;
+		type firewalld_var_log_t;
+	')
+
+	allow $1 firewalld_t:process { ptrace signal_perms };
+	ps_process_pattern($1, firewalld_t)
+
+	init_startstop_service($1, $2, firewalld_t, firewalld_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, firewalld_runtime_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, firewalld_var_log_t)
+
+	files_search_etc($1)
+	admin_pattern($1, firewalld_etc_rw_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `firewalld_admin'($*)) dnl
+	')
+
+## <summary>ICQ transport for XMPP server.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an pyicqt environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pyicqt_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pyicqt_admin'($*)) dnl
+	
+	gen_require(`
+		type pyicqt_t, pyicqt_log_t, pyicqt_spool_t;
+		type pyicqt_runtime_t, pyicqt_initrc_exec_t, pyicqt_conf_t;
+	')
+
+	allow $1 pyicqt_t:process { ptrace signal_perms };
+	ps_process_pattern($1, pyicqt_t)
+
+	init_startstop_service($1, $2, pyicqt_t, pyicqt_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, pyicqt_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, pyicqt_log_t)
+
+	files_search_spool($1)
+	admin_pattern($1, pyicqt_spool_t)
+
+	files_search_pids($1)
+	admin_pattern($1, pyicqt_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pyicqt_admin'($*)) dnl
+	')
+
+## <summary>Passive Asset Detection System.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an pads environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pads_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pads_admin'($*)) dnl
+	
+	gen_require(`
+		type pads_t, pads_config_t, pads_runtime_t;
+		type pads_initrc_exec_t;
+	')
+
+	allow $1 pads_t:process { ptrace signal_perms };
+	ps_process_pattern($1, pads_t)
+
+	init_startstop_service($1, $2, pads_t, pads_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, pads_runtime_t)
+
+	files_search_etc($1)
+	admin_pattern($1, pads_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pads_admin'($*)) dnl
+	')
+
+## <summary>Service for handling smart card readers.</summary>
+
+########################################
+## <summary>
+##	Send null signals to openct.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openct_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openct_signull'($*)) dnl
+	
+	gen_require(`
+		type openct_t;
+	')
+
+	allow $1 openct_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openct_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute openct in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`openct_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openct_exec'($*)) dnl
+	
+	gen_require(`
+		type openct_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, openct_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openct_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run openct.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`openct_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openct_domtrans'($*)) dnl
+	
+	gen_require(`
+		type openct_t, openct_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, openct_exec_t, openct_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openct_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read openct pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openct_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openct_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type openct_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, openct_runtime_t, openct_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openct_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to openct over an unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openct_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openct_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type openct_t, openct_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, openct_runtime_t, openct_runtime_t, openct_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openct_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an openct environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`openct_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openct_admin'($*)) dnl
+	
+	gen_require(`
+		type openct_t, openct_initrc_exec_t, openct_runtime_t;
+	')
+
+	allow $1 openct_t:process { ptrace signal_perms };
+	ps_process_pattern($1, openct_t)
+
+	init_startstop_service($1, $2, openct_t, openct_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, openct_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openct_admin'($*)) dnl
+	')
+
+## <summary>OpenSLP server daemon to dynamically register services.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an slpd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`slpd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `slpd_admin'($*)) dnl
+	
+	gen_require(`
+		type slpd_t, slpd_initrc_exec_t, slpd_log_t;
+		type slpd_runtime_t;
+	')
+
+	allow $1 slpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, slpd_t)
+
+	init_startstop_service($1, $2, slpd_t, slpd_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, slpd_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, slpd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `slpd_admin'($*)) dnl
+	')
+
+## <summary>Cluster Configuration System.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run ccs.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`ccs_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ccs_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ccs_t, ccs_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ccs_exec_t, ccs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ccs_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to ccs over an unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ccs_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ccs_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type ccs_t, ccs_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, ccs_runtime_t, ccs_runtime_t, ccs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ccs_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cluster configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ccs_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ccs_read_config'($*)) dnl
+	
+	gen_require(`
+		type cluster_conf_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, cluster_conf_t, cluster_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ccs_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	cluster configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ccs_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ccs_manage_config'($*)) dnl
+	
+	gen_require(`
+		type cluster_conf_t;
+	')
+
+	files_search_etc($1)
+	manage_dirs_pattern($1, cluster_conf_t, cluster_conf_t)
+	manage_files_pattern($1, cluster_conf_t, cluster_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ccs_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ccs environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ccs_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ccs_admin'($*)) dnl
+	
+	gen_require(`
+		type ccs_t, ccs_initrc_exec_t, cluster_conf_t;
+		type ccs_var_lib_t, ccs_var_log_t;
+		type ccs_runtime_t, ccs_tmp_t;
+	')
+
+	allow $1 ccs_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ccs_t)
+
+	init_startstop_service($1, $2, ccs_t, ccs_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, cluster_conf_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, ccs_var_lib_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, ccs_var_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, ccs_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, ccs_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ccs_admin'($*)) dnl
+	')
+
+## <summary>Update firewall filtering to ban IP addresses with too many password failures.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run fail2ban.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`fail2ban_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_domtrans'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_t, fail2ban_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, fail2ban_exec_t, fail2ban_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the fail2ban client in
+##	the fail2ban client domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_domtrans_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_domtrans_client'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_client_t, fail2ban_client_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, fail2ban_client_exec_t, fail2ban_client_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_domtrans_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute fail2ban client in the
+##	fail2ban client domain, and allow
+##	the specified role the fail2ban
+##	client domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_run_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_run_client'($*)) dnl
+	
+	gen_require(`
+		attribute_role fail2ban_client_roles;
+	')
+
+	fail2ban_domtrans_client($1)
+	roleattribute $2 fail2ban_client_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_run_client'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to fail2ban over a
+##	unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_t, fail2ban_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, fail2ban_runtime_t, fail2ban_runtime_t, fail2ban_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write inherited temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_rw_inherited_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_rw_inherited_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 fail2ban_tmp_t:file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_rw_inherited_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use
+##	fail2ban file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_t;
+	')
+
+	dontaudit $1 fail2ban_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write fail2ban unix stream sockets
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_dontaudit_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_dontaudit_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_t;
+	')
+
+	dontaudit $1 fail2ban_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_dontaudit_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write fail2ban unix
+##	stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_t;
+	')
+
+	allow $1 fail2ban_t:unix_stream_socket rw_stream_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read fail2ban lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 fail2ban_var_lib_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read fail2ban log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fail2ban_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_read_log'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 fail2ban_log_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append fail2ban log files.
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_append_log'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 fail2ban_log_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read fail2ban pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fail2ban_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 fail2ban_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an fail2ban environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fail2ban_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fail2ban_admin'($*)) dnl
+	
+	gen_require(`
+		type fail2ban_t, fail2ban_log_t, fail2ban_tmp_t;
+		type fail2ban_runtime_t, fail2ban_initrc_exec_t;
+		type fail2ban_var_lib_t, fail2ban_client_t;
+	')
+
+	allow $1 { fail2ban_t fail2ban_client_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { fail2ban_t fail2ban_client_t })
+
+	init_startstop_service($1, $2, fail2ban_t, fail2ban_initrc_exec_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, fail2ban_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, fail2ban_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, fail2ban_var_lib_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, fail2ban_tmp_t)
+
+	fail2ban_run_client($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fail2ban_admin'($*)) dnl
+	')
+
+## <summary>policy for gssproxy - daemon to proxy GSSAPI context establishment and channel handling</summary>
+
+########################################
+## <summary>
+##	Execute gssproxy in the gssproxy domin.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`gssproxy_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gssproxy_domtrans'($*)) dnl
+	
+	gen_require(`
+		type gssproxy_t, gssproxy_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, gssproxy_exec_t, gssproxy_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gssproxy_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search gssproxy lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gssproxy_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gssproxy_search_lib'($*)) dnl
+	
+	gen_require(`
+		type gssproxy_var_lib_t;
+	')
+
+	allow $1 gssproxy_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gssproxy_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read gssproxy lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gssproxy_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gssproxy_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type gssproxy_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, gssproxy_var_lib_t, gssproxy_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gssproxy_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage gssproxy lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gssproxy_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gssproxy_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type gssproxy_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, gssproxy_var_lib_t, gssproxy_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gssproxy_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage gssproxy lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gssproxy_manage_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gssproxy_manage_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type gssproxy_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, gssproxy_var_lib_t, gssproxy_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gssproxy_manage_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read gssproxy PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gssproxy_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gssproxy_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type gssproxy_run_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, gssproxy_run_t, gssproxy_run_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gssproxy_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to gssproxy over an unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gssproxy_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gssproxy_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type gssproxy_t, gssproxy_run_t, gssproxy_var_lib_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, gssproxy_run_t, gssproxy_run_t, gssproxy_t)
+	stream_connect_pattern($1, gssproxy_var_lib_t, gssproxy_var_lib_t, gssproxy_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gssproxy_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an gssproxy environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`gssproxy_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gssproxy_admin'($*)) dnl
+	
+	gen_require(`
+		type gssproxy_t;
+		type gssproxy_var_lib_t;
+		type gssproxy_run_t;
+		type gssproxy_unit_t;
+	')
+
+	allow $1 gssproxy_t:process { ptrace signal_perms };
+	ps_process_pattern($1, gssproxy_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, gssproxy_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, gssproxy_run_t)
+
+	admin_pattern($1, gssproxy_unit_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gssproxy_admin'($*)) dnl
+	')
+
+## <summary>IPv6 router advertisement daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an radvd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`radvd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `radvd_admin'($*)) dnl
+	
+	gen_require(`
+		type radvd_t, radvd_etc_t, radvd_initrc_exec_t;
+		type radvd_runtime_t;
+	')
+
+	allow $1 radvd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, radvd_t)
+
+	init_startstop_service($1, $2, radvd_t, radvd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, radvd_etc_t)
+
+	files_list_pids($1)
+	admin_pattern($1, radvd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `radvd_admin'($*)) dnl
+	')
+
+## <summary>An ident daemon with IP masq/NAT support and the ability to specify responses.</summary>
+
+########################################
+## <summary>
+##	Read oidentd user home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`oident_read_user_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oident_read_user_content'($*)) dnl
+	
+	gen_require(`
+		type oidentd_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 oidentd_home_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oident_read_user_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	oidentd user home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`oident_manage_user_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oident_manage_user_content'($*)) dnl
+	
+	gen_require(`
+		type oidentd_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 oidentd_home_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oident_manage_user_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel oidentd user home content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`oident_relabel_user_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oident_relabel_user_content'($*)) dnl
+	
+	gen_require(`
+		type oidentd_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 oidentd_home_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oident_relabel_user_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the oidentd home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`oident_home_filetrans_oidentd_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oident_home_filetrans_oidentd_home'($*)) dnl
+	
+	gen_require(`
+		type oidentd_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, oidentd_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oident_home_filetrans_oidentd_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an oident environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`oident_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oident_admin'($*)) dnl
+	
+	gen_require(`
+		type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t;
+	')
+
+	allow $1 oidentd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, oidentd_t)
+
+	init_startstop_service($1, $2, oidentd_t, oidentd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, oidentd_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oident_admin'($*)) dnl
+	')
+
+## <summary>NX remote desktop.</summary>
+
+########################################
+## <summary>
+##	Transition to nx server.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`nx_spec_domtrans_server',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nx_spec_domtrans_server'($*)) dnl
+	
+	gen_require(`
+		type nx_server_t, nx_server_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nx_spec_domtrans_server'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read nx home directory content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nx_read_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nx_read_home_files'($*)) dnl
+	
+	gen_require(`
+		type nx_server_ssh_home_t, nx_server_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, { nx_server_var_lib_t nx_server_ssh_home_t }, nx_server_ssh_home_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nx_read_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search nx lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nx_search_var_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nx_search_var_lib'($*)) dnl
+	
+	gen_require(`
+		type nx_server_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 nx_server_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nx_search_var_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in nx lib
+##	directories with a private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`nx_var_lib_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nx_var_lib_filetrans'($*)) dnl
+	
+	gen_require(`
+		type nx_server_var_lib_t;
+	')
+
+	filetrans_pattern($1, nx_server_var_lib_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nx_var_lib_filetrans'($*)) dnl
+	')
+
+## <summary>Shibboleth authentication deamon</summary>
+
+########################################
+## <summary>
+##	Allow your application domain to access
+##	config files from shibboleth
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain which should be enabled.
+##	</summary>
+## </param>
+#
+ 	 	define(`shibboleth_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shibboleth_read_config'($*)) dnl
+	
+	gen_require(`
+		type shibboleth_etc_t;
+	')
+
+	read_files_pattern($1, shibboleth_etc_t, shibboleth_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shibboleth_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to connect to shibboleth with a unix socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`shibboleth_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `shibboleth_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type shibboleth_t;
+		type shibboleth_runtime_t;
+	')
+
+	stream_connect_pattern($1, shibboleth_runtime_t, shibboleth_runtime_t, shibboleth_t)
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `shibboleth_stream_connect'($*)) dnl
+	')
+
+## <summary>Postfix policy server.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an postfixpolicyd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`postfixpolicyd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `postfixpolicyd_admin'($*)) dnl
+	
+	gen_require(`
+		type postfix_policyd_t, postfix_policyd_conf_t;
+		type postfix_policyd_runtime_t, postfix_policyd_initrc_exec_t;
+	')
+
+	allow $1 postfix_policyd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_policyd_t)
+
+	init_startstop_service($1, $2, postfix_policyd_t, postfix_policyd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, postfix_policyd_conf_t)
+
+	files_list_pids($1)
+	admin_pattern($1, postfix_policyd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `postfixpolicyd_admin'($*)) dnl
+	')
+
+## <summary>Internet Storage Name Service.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an isnsd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`isnsd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `isnsd_admin'($*)) dnl
+	
+	gen_require(`
+		type isnsd_t, isnsd_initrc_exec_t, isnsd_var_lib_t;
+		type isnsd_runtime_t;
+	')
+
+	allow $1 isnsd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, isnsd_t)
+
+	init_startstop_service($1, $2, isnsd_t, isnsd_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, isnsd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, isnsd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `isnsd_admin'($*)) dnl
+	')
+
+## <summary>ClamAV Virus Scanner.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run clamd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_domtrans'($*)) dnl
+	
+	gen_require(`
+		type clamd_t, clamd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, clamd_exec_t, clamd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute clamd programs in the clamd
+##	domain and allow the specified role
+##	the clamd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_run'($*)) dnl
+	
+	gen_require(`
+		type clamd_t;
+	')
+
+	clamav_domtrans($1)
+	role $2 types clamd_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to clamd using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type clamd_t, clamd_runtime_t;
+	')
+
+	allow clamd_t $1:fd use;
+
+	files_search_pids($1)
+	stream_connect_pattern($1, clamd_runtime_t, clamd_runtime_t, clamd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append clamav log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_append_log'($*)) dnl
+	
+	gen_require(`
+		type clamd_var_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 clamd_var_log_t:dir list_dir_perms;
+	append_files_pattern($1, clamd_var_log_t, clamd_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	clamav pid content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_manage_pid_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_manage_pid_content'($*)) dnl
+	
+	gen_require(`
+		type clamd_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_dirs_pattern($1, clamd_runtime_t, clamd_runtime_t)
+	manage_files_pattern($1, clamd_runtime_t, clamd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_manage_pid_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read clamav configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_read_config'($*)) dnl
+	
+	gen_require(`
+		type clamd_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 clamd_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search clamav library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_search_lib'($*)) dnl
+	
+	gen_require(`
+		type clamd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 clamd_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run clamscan.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_domtrans_clamscan',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_domtrans_clamscan'($*)) dnl
+	
+	gen_require(`
+		type clamscan_t, clamscan_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, clamscan_exec_t, clamscan_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_domtrans_clamscan'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute clamscan in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_exec_clamscan',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_exec_clamscan'($*)) dnl
+	
+	gen_require(`
+		type clamscan_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, clamscan_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_exec_clamscan'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read clamd process state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_read_state_clamd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_read_state_clamd'($*)) dnl
+	
+	gen_require(`
+		type clamd_t;
+	')
+
+	kernel_search_proc($1)
+	allow $1 clamd_t:dir list_dir_perms;
+	read_files_pattern($1, clamd_t, clamd_t)
+	read_lnk_files_pattern($1, clamd_t, clamd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_read_state_clamd'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read clam virus signature files
+## </summary>
+## <desc>
+##	<p>
+##	Useful for when using things like 'sigtool'
+##	which provides useful information about
+##	ClamAV signature files.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_read_signatures',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_read_signatures'($*)) dnl
+	
+	gen_require(`
+		type clamd_var_lib_t;
+	')
+
+	clamav_search_lib($1)
+	allow $1 clamd_var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
+	read_lnk_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_read_signatures'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Denote a particular type to be scanned by ClamAV
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type that clamd_t and clamscan_t can read.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_scannable_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_scannable_files'($*)) dnl
+	
+	gen_require(`
+		attribute clam_scannable_type;
+	')
+
+	typeattribute $1 clam_scannable_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_scannable_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run freshclam.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_domtrans_freshclam',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_domtrans_freshclam'($*)) dnl
+	
+	gen_require(`
+		type freshclam_t, freshclam_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, freshclam_exec_t, freshclam_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_domtrans_freshclam'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute freshclam in the freshclam domain, and
+##	allow the specified role the freshclam domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`clamav_run_freshclam',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_run_freshclam'($*)) dnl
+	
+	gen_require(`
+		type freshclam_t;
+	')
+
+	clamav_domtrans_freshclam($1)
+	role $2 types freshclam_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_run_freshclam'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute freshclam in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_exec_freshclam',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_exec_freshclam'($*)) dnl
+	
+	gen_require(`
+		type freshclam_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, freshclam_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_exec_freshclam'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to enable clamd units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_enabledisable_clamd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_enabledisable_clamd'($*)) dnl
+	
+	gen_require(`
+		type clamd_unit_t;
+		class service { enable disable };
+	')
+
+	allow $1 clamd_unit_t:service { enable disable };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_enabledisable_clamd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to start clamd units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_startstop_clamd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_startstop_clamd'($*)) dnl
+	
+	gen_require(`
+		type clamd_unit_t;
+		class service { start stop };
+	')
+
+	allow $1 clamd_unit_t:service { start stop };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_startstop_clamd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to get status of clamd
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_status_clamd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_status_clamd'($*)) dnl
+	
+	gen_require(`
+		type clamd_unit_t;
+		class service status;
+	')
+
+	allow $1 clamd_unit_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_status_clamd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain reload of clamd
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clamav_reload_clamd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_reload_clamd'($*)) dnl
+	
+	gen_require(`
+		type clamd_unit_t;
+		class service reload;
+	')
+
+	allow $1 clamd_unit_t:service reload;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_reload_clamd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an clamav environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`clamav_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clamav_admin'($*)) dnl
+	
+	gen_require(`
+		type clamd_t, clamd_etc_t, clamd_tmp_t;
+		type clamd_var_log_t, clamd_var_lib_t, clamd_initrc_exec_t;
+		type clamd_runtime_t, clamscan_t, clamscan_tmp_t;
+		type freshclam_t, freshclam_var_log_t;
+	')
+
+	allow $1 { clamd_t clamscan_t freshclam_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { clamd_t clamscan_t freshclam_t })
+
+	init_startstop_service($1, $2, clamd_t, clamd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, clamd_etc_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, clamd_var_lib_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, { clamd_var_log_t freshclam_var_log_t })
+
+	files_list_pids($1)
+	admin_pattern($1, clamd_runtime_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, { clamd_tmp_t clamscan_tmp_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clamav_admin'($*)) dnl
+	')
+
+## <summary>GIT revision control system.</summary>
+
+########################################
+## <summary>
+##	Role access for Git session.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`git_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `git_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role git_session_roles;
+		type git_session_t, gitd_exec_t, git_user_content_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $1 git_session_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	allow $2 git_user_content_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 git_user_content_t:file { exec_file_perms manage_file_perms relabel_file_perms };
+	userdom_user_home_dir_filetrans($2, git_user_content_t, dir, "public_git")
+
+	allow $2 git_session_t:process { ptrace signal_perms };
+	ps_process_pattern($2, git_session_t)
+
+	tunable_policy(`git_session_users',`
+		domtrans_pattern($2, gitd_exec_t, git_session_t)
+	',`
+		can_exec($2, gitd_exec_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `git_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic system content files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`git_read_generic_sys_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `git_read_generic_sys_content_files'($*)) dnl
+	
+	gen_require(`
+		type git_sys_content_t;
+	')
+
+	list_dirs_pattern($1, git_sys_content_t, git_sys_content_t)
+	read_files_pattern($1, git_sys_content_t, git_sys_content_t)
+
+	files_search_var_lib($1)
+
+	tunable_policy(`git_system_use_cifs',`
+		fs_getattr_cifs($1)
+		fs_list_cifs($1)
+		fs_read_cifs_files($1)
+	')
+
+	tunable_policy(`git_system_use_nfs',`
+		fs_getattr_nfs($1)
+		fs_list_nfs($1)
+		fs_read_nfs_files($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `git_read_generic_sys_content_files'($*)) dnl
+	')
+
+## <summary>Iptables/netfilter userspace logging daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run ulogd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ulogd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ulogd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ulogd_t, ulogd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ulogd_exec_t, ulogd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ulogd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ulogd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ulogd_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ulogd_read_config'($*)) dnl
+	
+	gen_require(`
+		type ulogd_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, ulogd_etc_t, ulogd_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ulogd_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ulogd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ulogd_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ulogd_read_log'($*)) dnl
+	
+	gen_require(`
+		type ulogd_var_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 ulogd_var_log_t:dir list_dir_perms;
+	read_files_pattern($1, ulogd_var_log_t, ulogd_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ulogd_read_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Search ulogd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ulogd_search_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ulogd_search_log'($*)) dnl
+	
+	gen_require(`
+		type ulogd_var_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 ulogd_var_log_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ulogd_search_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append to ulogd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ulogd_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ulogd_append_log'($*)) dnl
+	
+	gen_require(`
+		type ulogd_var_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 ulogd_var_log_t:dir list_dir_perms;
+	allow $1 ulogd_var_log_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ulogd_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ulogd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ulogd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ulogd_admin'($*)) dnl
+	
+	gen_require(`
+		type ulogd_t, ulogd_etc_t, ulogd_modules_t;
+		type ulogd_var_log_t, ulogd_initrc_exec_t;
+	')
+
+	allow $1 ulogd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ulogd_t)
+
+	init_startstop_service($1, $2, ulogd_t, ulogd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, ulogd_etc_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, ulogd_var_log_t)
+
+	files_list_usr($1)
+	admin_pattern($1, ulogd_modules_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ulogd_admin'($*)) dnl
+	')
+
+## <summary>X Windows Font Server.</summary>
+
+########################################
+## <summary>
+##	Read xfs temporary sock files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xfs_read_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xfs_read_sockets'($*)) dnl
+	
+	gen_require(`
+		type xfs_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_sock_files_pattern($1, xfs_tmp_t, xfs_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xfs_read_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to xfs with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xfs_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xfs_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type xfs_tmp_t, xfs_t;
+	')
+
+	files_search_tmp($1)
+	stream_connect_pattern($1, xfs_tmp_t, xfs_tmp_t, xfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xfs_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute xfs in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xfs_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xfs_exec'($*)) dnl
+	
+	gen_require(`
+		type xfs_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, xfs_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xfs_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create xfs temporary dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xfs_create_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xfs_create_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type xfs_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 xfs_tmp_t:dir create;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xfs_create_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an xfs environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`xfs_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xfs_admin'($*)) dnl
+	
+	gen_require(`
+		type xfs_t, xfs_initrc_exec_t, xfs_runtime_t;
+		type xfs_tmp_t;
+	')
+
+	allow $1 xfs_t:process { ptrace signal_perms };
+	ps_process_pattern($1, xfs_t)
+
+	init_startstop_service($1, $2, xfs_t, xfs_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, xfs_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, xfs_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xfs_admin'($*)) dnl
+	')
+
+## <summary>SASL authentication server.</summary>
+
+########################################
+## <summary>
+##	Connect to SASL.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sasl_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sasl_connect'($*)) dnl
+	
+	gen_require(`
+		type saslauthd_t, saslauthd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, saslauthd_runtime_t, saslauthd_runtime_t, saslauthd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sasl_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an sasl environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sasl_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sasl_admin'($*)) dnl
+	
+	gen_require(`
+		type saslauthd_t, saslauthd_runtime_t, saslauthd_initrc_exec_t;
+		type saslauthd_keytab_t;
+	')
+
+	allow $1 saslauthd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, saslauthd_t)
+
+	init_startstop_service($1, $2, saslauthd_t, saslauthd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, saslauthd_keytab_t)
+
+	files_list_pids($1)
+	admin_pattern($1, saslauthd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sasl_admin'($*)) dnl
+	')
+
+## <summary>Hard disk temperature tool running as a daemon.</summary>
+
+#######################################
+## <summary>
+##	Execute a domain transition to run hddtemp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hddtemp_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hddtemp_domtrans'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_t, hddtemp_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, hddtemp_exec_t, hddtemp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hddtemp_domtrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute hddtemp in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hddtemp_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hddtemp_exec'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, hddtemp_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hddtemp_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an hddtemp environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`hddtemp_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hddtemp_admin'($*)) dnl
+	
+	gen_require(`
+		type hddtemp_t, hddtemp_etc_t, hddtemp_initrc_exec_t;
+	')
+
+	allow $1 hddtemp_t:process { ptrace signal_perms };
+	ps_process_pattern($1, hddtemp_t)
+
+	init_startstop_service($1, $2, hddtemp_t, hddtemp_initrc_exec_t)
+
+	admin_pattern($1, hddtemp_etc_t)
+	files_search_etc($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hddtemp_admin'($*)) dnl
+	')
+
+## <summary>E-mail security and anti-spam package for e-mail gateway systems.</summary>
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mscan spool content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mscan_manage_spool_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mscan_manage_spool_content'($*)) dnl
+	
+	gen_require(`
+		type mscan_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_dirs_pattern($1, mscan_spool_t, mscan_spool_t)
+	manage_files_pattern($1, mscan_spool_t, mscan_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mscan_manage_spool_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an mscan environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mscan_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mscan_admin'($*)) dnl
+	
+	gen_require(`
+		type mscan_t, mscan_etc_t, mscan_initrc_exec_t;
+		type mscan_runtime_t, mscan_spool_t;
+	')
+
+	allow $1 mscan_t:process { ptrace signal_perms };
+	ps_process_pattern($1, mscan_t)
+
+	init_startstop_service($1, $2, mscan_t, mscan_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, mscan_etc_t)
+
+	files_search_pids($1)
+	admin_pattern($1, mscan_runtime_t)
+
+	files_search_spool($1)
+	admin_pattern($1, mscan_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mscan_admin'($*)) dnl
+	')
+
+## <summary>OpenLDAP directory server.</summary>
+
+########################################
+## <summary>
+##	List ldap database directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ldap_list_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ldap_list_db'($*)) dnl
+	
+	gen_require(`
+		type slapd_db_t;
+	')
+
+	files_search_etc($1)
+	allow $1 slapd_db_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ldap_list_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ldap configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ldap_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ldap_read_config'($*)) dnl
+	
+	gen_require(`
+		type slapd_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 slapd_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ldap_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to slapd over an unix
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ldap_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ldap_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type slapd_t, slapd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, slapd_runtime_t, slapd_runtime_t, slapd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ldap_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Connect to ldap over the network.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ldap_tcp_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ldap_tcp_connect'($*)) dnl
+	
+	gen_require(`
+		type slapd_t;
+	')
+
+	corenet_sendrecv_ldap_client_packets($1)
+	corenet_tcp_connect_ldap_port($1)
+	corenet_tcp_recvfrom_labeled($1, slapd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ldap_tcp_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ldap environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ldap_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ldap_admin'($*)) dnl
+	
+	gen_require(`
+		type slapd_t, slapd_tmp_t, slapd_replog_t;
+		type slapd_lock_t, slapd_etc_t, slapd_runtime_t;
+		type slapd_initrc_exec_t, slapd_log_t, slapd_cert_t;
+		type slapd_db_t, slapd_keytab_t;
+	')
+
+	allow $1 slapd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, slapd_t)
+
+	init_startstop_service($1, $2, slapd_t, slapd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { slapd_etc_t slapd_db_t slapd_cert_t slapd_keytab_t })
+
+	files_list_locks($1)
+	admin_pattern($1, slapd_lock_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, slapd_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, slapd_replog_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, slapd_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, slapd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ldap_admin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute slapd in the slapd domain, and
+##	allow the given role the slapd_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ldap_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ldap_run'($*)) dnl
+	
+	gen_require(`
+		type slapd_t;
+		type slapd_exec_t;
+	')
+
+	role $2 types slapd_t;
+	domtrans_pattern($1, slapd_exec_t, slapd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ldap_run'($*)) dnl
+	')
+
+## <summary>TSS Core Services daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run tcsd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tcsd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tcsd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type tcsd_t, tcsd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, tcsd_exec_t, tcsd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tcsd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute tcsd init scripts in the
+##	initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tcsd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tcsd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type tcsd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, tcsd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tcsd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search tcsd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tcsd_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tcsd_search_lib'($*)) dnl
+	
+	gen_require(`
+		type tcsd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 tcsd_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tcsd_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	tcsd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tcsd_manage_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tcsd_manage_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type tcsd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, tcsd_var_lib_t, tcsd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tcsd_manage_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read tcsd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tcsd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tcsd_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type tcsd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, tcsd_var_lib_t, tcsd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tcsd_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	tcsd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tcsd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tcsd_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type tcsd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, tcsd_var_lib_t, tcsd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tcsd_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an tcsd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`tcsd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tcsd_admin'($*)) dnl
+	
+	gen_require(`
+		type tcsd_t, tcsd_initrc_exec_t, tcsd_var_lib_t;
+	')
+
+	allow $1 tcsd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, tcsd_t)
+
+	init_startstop_service($1, $2, tcsd_t, tcsd_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, tcsd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tcsd_admin'($*)) dnl
+	')
+
+## <summary>IEEE 802.11 wireless LAN Host AP daemon.</summary>
+## <summary>Fibre Channel over Ethernet utilities.</summary>
+
+#######################################
+## <summary>
+##	Send to fcoemon with a unix dgram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fcoe_dgram_send_fcoemon',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fcoe_dgram_send_fcoemon'($*)) dnl
+	
+	gen_require(`
+		type fcoemon_t, fcoemon_runtime_t;
+	')
+
+	files_search_pids($1)
+	dgram_send_pattern($1, fcoemon_runtime_t, fcoemon_runtime_t, fcoemon_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fcoe_dgram_send_fcoemon'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an fcoemon environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fcoe_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fcoe_admin'($*)) dnl
+	
+	gen_require(`
+		type fcoemon_t, fcoemon_initrc_exec_t, fcoemon_runtime_t;
+	')
+
+	allow $1 fcoemon_t:process { ptrace signal_perms };
+	ps_process_pattern($1, fcoemon_t)
+
+	init_startstop_service($1, $2, fcoemon_t, fcoemon_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, fcoemon_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fcoe_admin'($*)) dnl
+	')
+
+## <summary>Dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA.</summary>
+
+########################################
+## <summary>
+##	Execute realmd in the realmd domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`realmd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `realmd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type realmd_t, realmd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, realmd_exec_t, realmd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `realmd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	realmd over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`realmd_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `realmd_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type realmd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 realmd_t:dbus send_msg;
+	allow realmd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `realmd_dbus_chat'($*)) dnl
+	')
+
+## <summary>Realtime scheduling for user processes.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run rtkit_daemon.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`rtkit_daemon_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rtkit_daemon_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rtkit_daemon_t, rtkit_daemon_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rtkit_daemon_exec_t, rtkit_daemon_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rtkit_daemon_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	rtkit_daemon over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rtkit_daemon_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rtkit_daemon_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type rtkit_daemon_t;
+		class dbus send_msg;
+	')
+
+	allow $1 rtkit_daemon_t:dbus send_msg;
+	allow rtkit_daemon_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rtkit_daemon_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow rtkit to control scheduling for your process.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rtkit_scheduled',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rtkit_scheduled'($*)) dnl
+	
+	gen_require(`
+		type rtkit_daemon_t;
+	')
+
+	allow rtkit_daemon_t $1:process { getsched setsched };
+
+	kernel_search_proc($1)
+	ps_process_pattern(rtkit_daemon_t, $1)
+
+	optional_policy(`
+		rtkit_daemon_dbus_chat($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rtkit_scheduled'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rtkit environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rtkit_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rtkit_admin'($*)) dnl
+	
+	gen_require(`
+		type rtkit_daemon_t, rtkit_daemon_initrc_exec_t;
+	')
+
+	allow $1 rtkit_daemon_t:process { ptrace signal_perms };
+	ps_process_pattern($1, rtkit_daemon_t)
+
+	init_startstop_service($1, $2, rtkit_daemon_t, rtkit_daemon_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rtkit_admin'($*)) dnl
+	')
+
+## <summary>Policy framework for controlling privileges for system-wide services.</summary>
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	policykit over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`policykit_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type policykit_t;
+		class dbus send_msg;
+	')
+
+	allow $1 policykit_t:dbus send_msg;
+	allow policykit_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	policykit auth over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`policykit_dbus_chat_auth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_dbus_chat_auth'($*)) dnl
+	
+	gen_require(`
+		type policykit_auth_t;
+		class dbus send_msg;
+	')
+
+	allow $1 policykit_auth_t:dbus send_msg;
+	allow policykit_auth_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_dbus_chat_auth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run polkit_auth.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`policykit_domtrans_auth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_domtrans_auth'($*)) dnl
+	
+	gen_require(`
+		type policykit_auth_t, policykit_auth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, policykit_auth_exec_t, policykit_auth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_domtrans_auth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a policy_auth in the policy
+##	auth domain, and allow the specified
+##	role the policy auth domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`policykit_run_auth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_run_auth'($*)) dnl
+	
+	gen_require(`
+		attribute_role policykit_auth_roles;
+	')
+
+	policykit_domtrans_auth($1)
+	roleattribute $2 policykit_auth_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_run_auth'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send generic signals to
+##	policykit auth.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`policykit_signal_auth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_signal_auth'($*)) dnl
+	
+	gen_require(`
+		type policykit_auth_t;
+	')
+
+	allow $1 policykit_auth_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_signal_auth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run polkit grant.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`policykit_domtrans_grant',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_domtrans_grant'($*)) dnl
+	
+	gen_require(`
+		type policykit_grant_t, policykit_grant_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, policykit_grant_exec_t, policykit_grant_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_domtrans_grant'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a policy_grant in the policy
+##	grant domain, and allow the specified
+##	role the policy grant domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`policykit_run_grant',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_run_grant'($*)) dnl
+	
+	gen_require(`
+		attribute_role policykit_grant_roles;
+	')
+
+	policykit_domtrans_grant($1)
+	roleattribute $2 policykit_grant_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_run_grant'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read policykit reload files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`policykit_read_reload',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_read_reload'($*)) dnl
+	
+	gen_require(`
+		type policykit_reload_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, policykit_reload_t, policykit_reload_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_read_reload'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write policykit reload files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`policykit_rw_reload',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_rw_reload'($*)) dnl
+	
+	gen_require(`
+		type policykit_reload_t;
+	')
+
+	files_search_var_lib($1)
+	rw_files_pattern($1, policykit_reload_t, policykit_reload_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_rw_reload'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run polkit resolve.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`policykit_domtrans_resolve',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_domtrans_resolve'($*)) dnl
+	
+	gen_require(`
+		type policykit_resolve_t, policykit_resolve_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_domtrans_resolve'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search policykit lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`policykit_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_search_lib'($*)) dnl
+	
+	gen_require(`
+		type policykit_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 policykit_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read policykit lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`policykit_read_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `policykit_read_lib'($*)) dnl
+	
+	gen_require(`
+		type policykit_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, policykit_var_lib_t, policykit_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `policykit_read_lib'($*)) dnl
+	')
+
+## <summary>DomainKeys Identified Mail milter.</summary>
+
+########################################
+## <summary>
+##	Allow a domain to talk to dkim via Unix domain socket
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dkim_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dkim_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type dkim_milter_data_t, dkim_milter_t;
+	')
+
+	stream_connect_pattern($1, dkim_milter_data_t, dkim_milter_data_t, dkim_milter_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dkim_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dkim environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dkim_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dkim_admin'($*)) dnl
+	
+	gen_require(`
+		type dkim_milter_t, dkim_milter_initrc_exec_t, dkim_milter_private_key_t;
+		type dkim_milter_data_t;
+	')
+
+	allow $1 dkim_milter_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dkim_milter_t)
+
+	init_startstop_service($1, $2, dkim_milter_t, dkim_milter_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, dkim_milter_private_key_t)
+
+	files_search_pids($1)
+	admin_pattern($1, dkim_milter_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dkim_admin'($*)) dnl
+	')
+
+## <summary>Service for reporting kernel oopses to kerneloops.org.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run kerneloops.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`kerneloops_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerneloops_domtrans'($*)) dnl
+	
+	gen_require(`
+		type kerneloops_t, kerneloops_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, kerneloops_exec_t, kerneloops_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerneloops_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	kerneloops over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerneloops_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerneloops_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type kerneloops_t;
+		class dbus send_msg;
+	')
+
+	allow $1 kerneloops_t:dbus send_msg;
+	allow kerneloops_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerneloops_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to Send and
+##	receive messages from kerneloops
+##	over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerneloops_dontaudit_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerneloops_dontaudit_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type kerneloops_t;
+		class dbus send_msg;
+	')
+
+	dontaudit $1 kerneloops_t:dbus send_msg;
+	dontaudit kerneloops_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerneloops_dontaudit_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	kerneloops temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerneloops_manage_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerneloops_manage_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type kerneloops_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 kerneloops_tmp_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerneloops_manage_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an kerneloops environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kerneloops_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerneloops_admin'($*)) dnl
+	
+	gen_require(`
+		type kerneloops_t, kerneloops_initrc_exec_t;
+		type kerneloops_tmp_t;
+	')
+
+	allow $1 kerneloops_t:process { ptrace signal_perms };
+	ps_process_pattern($1, kerneloops_t)
+
+	init_startstop_service($1, $2, kerneloops_t, kerneloops_initrc_exec_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, kerneloops_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerneloops_admin'($*)) dnl
+	')
+
+## <summary>OpenH.323 Voice-Over-IP Gatekeeper.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an gatekeeper environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`gatekeeper_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gatekeeper_admin'($*)) dnl
+	
+	gen_require(`
+		type gatekeeper_t, gatekeeper_etc_t, gatekeeper_log_t;
+		type gatekeeper_runtime_t, gatekeeper_tmp_t, gatekeeper_initrc_exec_t;
+	')
+
+	allow $1 gatekeeper_t:process { ptrace signal_perms };
+	ps_process_pattern($1, gatekeeper_t)
+
+	init_startstop_service($1, $2, gatekeeper_t, gatekeeper_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, gatekeeper_etc_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, gatekeeper_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, gatekeeper_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, gatekeeper_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gatekeeper_admin'($*)) dnl
+	')
+
+## <summary>Courier IMAP and POP3 email servers.</summary>
+
+#######################################
+## <summary>
+##	The template to define a courier domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`courier_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `courier_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute courier_domain;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type courier_$1_t, courier_domain;
+	type courier_$1_exec_t;
+	init_daemon_domain(courier_$1_t, courier_$1_exec_t)
+
+	########################################
+	#
+	# Policy
+	#
+
+	can_exec(courier_$1_t, courier_$1_exec_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `courier_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the courier authentication
+##	daemon with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`courier_domtrans_authdaemon',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `courier_domtrans_authdaemon'($*)) dnl
+	
+	gen_require(`
+		type courier_authdaemon_t, courier_authdaemon_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, courier_authdaemon_exec_t, courier_authdaemon_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `courier_domtrans_authdaemon'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Connect to courier-authdaemon over
+##	a unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`courier_stream_connect_authdaemon',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `courier_stream_connect_authdaemon'($*)) dnl
+	
+	gen_require(`
+		type courier_authdaemon_t, courier_runtime_t;
+	')
+
+	files_search_spool($1)
+	stream_connect_pattern($1, courier_runtime_t, courier_runtime_t, courier_authdaemon_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `courier_stream_connect_authdaemon'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the courier POP3 and IMAP
+##	server with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`courier_domtrans_pop',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `courier_domtrans_pop'($*)) dnl
+	
+	gen_require(`
+		type courier_pop_t, courier_pop_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `courier_domtrans_pop'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read courier config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`courier_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `courier_read_config'($*)) dnl
+	
+	gen_require(`
+		type courier_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, courier_etc_t, courier_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `courier_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete courier
+##	spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`courier_manage_spool_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `courier_manage_spool_dirs'($*)) dnl
+	
+	gen_require(`
+		type courier_spool_t;
+	')
+
+	files_search_var($1)
+	manage_dirs_pattern($1, courier_spool_t, courier_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `courier_manage_spool_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete courier
+##	spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`courier_manage_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `courier_manage_spool_files'($*)) dnl
+	
+	gen_require(`
+		type courier_spool_t;
+	')
+
+	files_search_var($1)
+	manage_files_pattern($1, courier_spool_t, courier_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `courier_manage_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read courier spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`courier_read_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `courier_read_spool'($*)) dnl
+	
+	gen_require(`
+		type courier_spool_t;
+	')
+
+	files_search_var($1)
+	read_files_pattern($1, courier_spool_t, courier_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `courier_read_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write courier spool pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`courier_rw_spool_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `courier_rw_spool_pipes'($*)) dnl
+	
+	gen_require(`
+		type courier_spool_t;
+	')
+
+	files_search_var($1)
+	allow $1 courier_spool_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `courier_rw_spool_pipes'($*)) dnl
+	')
+
+## <summary>Network time protocol daemon.</summary>
+
+########################################
+## <summary>
+##	NTP stub interface.  No access allowed.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_stub',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_stub'($*)) dnl
+	
+	gen_require(`
+		type ntpd_t;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_stub'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ntp.conf
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_read_config'($*)) dnl
+	
+	gen_require(`
+		type ntp_conf_t;
+	')
+
+	allow $1 ntp_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ntp server in the ntpd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ntpd_t, ntpd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ntpd_exec_t, ntpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ntp in the ntp domain, and
+##	allow the specified role the ntp domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ntp_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role ntpd_roles;
+	')
+
+	ntp_domtrans($1)
+	roleattribute $2 ntpd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	ntpd over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type ntpd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 ntpd_t:dbus send_msg;
+	allow ntpd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ntpdate server in the ntpd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_domtrans_ntpdate',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_domtrans_ntpdate'($*)) dnl
+	
+	gen_require(`
+		type ntpd_t, ntpdate_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ntpdate_exec_t, ntpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_domtrans_ntpdate'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ntpd init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ntpd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Read ntp conf files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`ntp_read_conf_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_read_conf_files'($*)) dnl
+	
+	gen_require(`
+		type ntp_conf_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, ntp_conf_t, ntp_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_read_conf_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ntp drift files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_read_drift_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_read_drift_files'($*)) dnl
+	
+	gen_require(`
+		type ntp_drift_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, ntp_drift_t, ntp_drift_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_read_drift_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write ntpd shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type ntpd_t, ntpd_tmpfs_t;
+	')
+
+	allow $1 ntpd_t:shm rw_shm_perms;
+	list_dirs_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
+	rw_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
+	read_lnk_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_rw_shm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to enable/disable ntpd unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_enabledisable',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_enabledisable'($*)) dnl
+	
+	ifdef(`init_systemd',`
+		gen_require(`
+			type ntpd_unit_t;
+			class service { enable disable };
+		')
+
+		allow $1 ntpd_unit_t:service { enable disable };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_enabledisable'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to start/stop ntpd unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_startstop',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_startstop'($*)) dnl
+	
+	ifdef(`init_systemd',`
+		gen_require(`
+			type ntpd_unit_t;
+			class service { start stop };
+		')
+
+		allow $1 ntpd_unit_t:service { start stop };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_startstop'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to get status of ntpd unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_status'($*)) dnl
+	
+	ifdef(`init_systemd',`
+		gen_require(`
+			type ntpd_unit_t;
+			class service status;
+		')
+
+		allow $1 ntpd_unit_t:service status;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_status'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ntp environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ntp_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_admin'($*)) dnl
+	
+	gen_require(`
+		type ntpd_t, ntpd_tmp_t, ntpd_log_t;
+		type ntpd_key_t, ntpd_pid_t, ntp_conf_t;
+		type ntpd_initrc_exec_t, ntp_drift_t;
+		type ntpd_unit_t;
+	')
+
+	allow $1 ntpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ntpd_t)
+
+	init_startstop_service($1, $2, ntpd_t, ntpd_initrc_exec_t, ntpd_unit_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { ntpd_key_t ntp_conf_t })
+
+	logging_list_logs($1)
+	admin_pattern($1, ntpd_log_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, ntpd_tmp_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, ntp_drift_t)
+
+	files_list_pids($1)
+	admin_pattern($1, ntpd_pid_t)
+
+	ntp_run($1, $2)
+
+	ifdef(`init_systemd',`
+		gen_require(`
+			class dbus send_msg;
+		')
+
+		allow $1 ntpd_t:dbus send_msg;
+		allow ntpd_t $1:dbus send_msg;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_admin'($*)) dnl
+	')
+
+
+# This should be in an ifdef distro_gentoo but that is not allowed in if files
+
+########################################
+## <summary>
+##	Manage ntp(d) configuration.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ntp_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ntp_manage_config'($*)) dnl
+	
+	gen_require(`
+		type ntp_conf_t;
+	')
+
+	manage_files_pattern($1, ntp_conf_t, ntp_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ntp_manage_config'($*)) dnl
+	')
+
+## <summary>Certificate status monitor and PKI enrollment client.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run certmonger.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`certmonger_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmonger_domtrans'($*)) dnl
+	
+	gen_require(`
+		type certmonger_t, certmonger_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, certmonger_exec_t, certmonger_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmonger_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	certmonger over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmonger_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmonger_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type certmonger_t;
+		class dbus send_msg;
+	')
+
+	allow $1 certmonger_t:dbus send_msg;
+	allow certmonger_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmonger_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute certmonger server in
+##	the certmonger domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmonger_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmonger_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type certmonger_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, certmonger_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmonger_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read certmonger PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmonger_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmonger_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type certmonger_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 certmonger_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmonger_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search certmonger lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmonger_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmonger_search_lib'($*)) dnl
+	
+	gen_require(`
+		type certmonger_var_lib_t;
+	')
+
+	allow $1 certmonger_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmonger_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read certmonger lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmonger_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmonger_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type certmonger_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, certmonger_var_lib_t, certmonger_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmonger_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	certmonger lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`certmonger_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmonger_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type certmonger_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, certmonger_var_lib_t, certmonger_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmonger_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an certmonger environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`certmonger_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `certmonger_admin'($*)) dnl
+	
+	gen_require(`
+		type certmonger_t, certmonger_initrc_exec_t;
+		type certmonger_var_lib_t, certmonger_runtime_t;
+	')
+
+	ps_process_pattern($1, certmonger_t)
+	allow $1 certmonger_t:process { ptrace signal_perms };
+
+	init_startstop_service($1, $2, certmonger_t, certmonger_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, certmonger_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, certmonger_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `certmonger_admin'($*)) dnl
+	')
+
+## <summary>W3C Markup Validator.</summary>
+## <summary>Plymouth graphical boot.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run plymouthd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`plymouthd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_t, plymouthd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, plymouthd_exec_t, plymouthd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute plymouthd in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`plymouthd_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_exec'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, plymouthd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to plymouthd using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_t, plymouthd_spool_t;
+	')
+
+	files_search_spool($1)
+	stream_connect_pattern($1, plymouthd_spool_t, plymouthd_spool_t, plymouthd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute plymouth in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`plymouthd_exec_plymouth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_exec_plymouth'($*)) dnl
+	
+	gen_require(`
+		type plymouth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, plymouth_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_exec_plymouth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run plymouth.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`plymouthd_domtrans_plymouth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_domtrans_plymouth'($*)) dnl
+	
+	gen_require(`
+		type plymouth_t, plymouth_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, plymouth_exec_t, plymouth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_domtrans_plymouth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search plymouthd spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_search_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_search_spool'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 plymouthd_spool_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_search_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read plymouthd spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_read_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_read_spool_files'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_spool_t;
+	')
+
+	files_search_spool($1)
+	read_files_pattern($1, plymouthd_spool_t, plymouthd_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_read_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	plymouthd spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_manage_spool_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_manage_spool_files'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_files_pattern($1, plymouthd_spool_t, plymouthd_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_manage_spool_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search plymouthd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_search_lib'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 plymouthd_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read plymouthd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, plymouthd_var_lib_t, plymouthd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write plymouthd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_rw_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_rw_lib_files'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	rw_files_pattern($1, plymouthd_var_lib_t, plymouthd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_rw_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	plymouthd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, plymouthd_var_lib_t, plymouthd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read plymouthd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 plymouthd_runtime_t:dir search_dir_perms; 
+	allow $1 plymouthd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete the plymouthd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`plymouthd_delete_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_delete_pid_files'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_runtime_t;
+	')
+
+	files_search_pids($1)
+	delete_files_pattern($1, plymouthd_runtime_t, plymouthd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_delete_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an plymouthd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`plymouthd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `plymouthd_admin'($*)) dnl
+	
+	gen_require(`
+		type plymouthd_t, plymouthd_spool_t, plymouthd_var_lib_t;
+		type plymouthd_runtime_t;
+	')
+
+	allow $1 plymouthd_t:process { ptrace signal_perms };
+	read_files_pattern($1, plymouthd_t, plymouthd_t)
+
+	files_search_spool($1)
+	admin_pattern($1, plymouthd_spool_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, plymouthd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, plymouthd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `plymouthd_admin'($*)) dnl
+	')
+
+## <summary>Internetwork email routing facility.</summary>
+
+########################################
+## <summary>
+##	Sendmail stub interface.  No access allowed.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_stub',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_stub'($*)) dnl
+	
+	gen_require(`
+		type sendmail_t;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_stub'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write sendmail unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type sendmail_t;
+	')
+
+	allow $1 sendmail_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run sendmail.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sendmail_t;
+	')
+
+	corecmd_search_bin($1)
+	mta_sendmail_domtrans($1, sendmail_t)
+
+	allow sendmail_t $1:fd use;
+	allow sendmail_t $1:fifo_file rw_fifo_file_perms;
+	allow sendmail_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the sendmail program in the
+##	sendmail domain, and allow the
+##	specified role the sendmail domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sendmail_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role sendmail_roles;
+	')
+
+	sendmail_domtrans($1)
+	roleattribute $2 sendmail_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to sendmail.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_signal'($*)) dnl
+	
+	gen_require(`
+		type sendmail_t;
+	')
+
+	allow $1 sendmail_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write sendmail TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type sendmail_t;
+	')
+
+	allow $1 sendmail_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	sendmail TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_dontaudit_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_dontaudit_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type sendmail_t;
+	')
+
+	dontaudit $1 sendmail_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_dontaudit_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write sendmail unix
+##	domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_rw_unix_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_rw_unix_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type sendmail_t;
+	')
+
+	allow $1 sendmail_t:unix_stream_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_rw_unix_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	sendmail unix_stream_sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_dontaudit_rw_unix_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_dontaudit_rw_unix_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type sendmail_t;
+	')
+
+	dontaudit $1 sendmail_t:unix_stream_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_dontaudit_rw_unix_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read sendmail log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sendmail_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_read_log'($*)) dnl
+	
+	gen_require(`
+		type sendmail_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, sendmail_log_t, sendmail_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	sendmail log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sendmail_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_manage_log'($*)) dnl
+	
+	gen_require(`
+		type sendmail_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, sendmail_log_t, sendmail_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	log directories sendmail log file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_log_filetrans_sendmail_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_log_filetrans_sendmail_log'($*)) dnl
+	
+	gen_require(`
+		type sendmail_log_t;
+	')
+
+	logging_log_filetrans($1, sendmail_log_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_log_filetrans_sendmail_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	sendmail tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_manage_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_manage_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type sendmail_tmp_t;
+	')
+
+	files_search_tmp($1)
+	manage_files_pattern($1, sendmail_tmp_t, sendmail_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_manage_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute sendmail in the unconfined sendmail domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`sendmail_domtrans_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_domtrans_unconfined'($*)) dnl
+	
+	gen_require(`
+		type unconfined_sendmail_t;
+	')
+
+	mta_sendmail_domtrans($1, unconfined_sendmail_t)
+
+	allow unconfined_sendmail_t $1:fd use;
+	allow unconfined_sendmail_t $1:fifo_file rw_fifo_file_perms;
+	allow unconfined_sendmail_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_domtrans_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute sendmail in the unconfined
+##	sendmail domain, and allow the
+##	specified role the unconfined
+##	sendmail domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sendmail_run_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_run_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute_role sendmail_unconfined_roles;
+	')
+
+	sendmail_domtrans_unconfined($1)
+	roleattribute $2 sendmail_unconfined_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_run_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an sendmail environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sendmail_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sendmail_admin'($*)) dnl
+	
+	gen_require(`
+		type sendmail_t, sendmail_initrc_exec_t, sendmail_log_t;
+		type sendmail_tmp_t, sendmail_runtime_t, unconfined_sendmail_t;
+		type sendmail_keytab_t;
+	')
+
+	allow $1 { unconfined_sendmail_t sendmail_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { unconfined_sendmail_t sendmail_t })
+
+	init_startstop_service($1, $2, sendmail_t, sendmail_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, sendmail_keytab_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, sendmail_log_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, sendmail_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, sendmail_runtime_t)
+
+	sendmail_run($1, $2)
+	sendmail_run_unconfined($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sendmail_admin'($*)) dnl
+	')
+
+## <summary>Policy for NIS (YP) servers and clients.</summary>
+
+########################################
+## <summary>
+##	Use the ypbind service to access NIS services
+##	unconditionally.
+## </summary>
+## <desc>
+##	<p>
+##	Use the ypbind service to access NIS services
+##	unconditionally.
+##	</p>
+##	<p>
+##	This interface was added because of apache and
+##	spamassassin, to fix a nested conditionals problem.
+##	When that support is added, this should be removed,
+##	and the regular	interface should be used.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_use_ypbind_uncond',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_use_ypbind_uncond'($*)) dnl
+	
+	gen_require(`
+		type var_yp_t;
+	')
+
+	allow $1 self:capability net_bind_service;
+
+	allow $1 self:tcp_socket create_stream_socket_perms;
+	allow $1 self:udp_socket create_socket_perms;
+
+	allow $1 var_yp_t:dir list_dir_perms;
+	allow $1 var_yp_t:file read_file_perms;
+	allow $1 var_yp_t:lnk_file read_lnk_file_perms;
+
+	corenet_all_recvfrom_unlabeled($1)
+	corenet_all_recvfrom_netlabel($1)
+	corenet_tcp_sendrecv_generic_if($1)
+	corenet_udp_sendrecv_generic_if($1)
+	corenet_tcp_sendrecv_generic_node($1)
+	corenet_udp_sendrecv_generic_node($1)
+	corenet_tcp_bind_generic_node($1)
+	corenet_udp_bind_generic_node($1)
+	corenet_tcp_bind_generic_port($1)
+	corenet_udp_bind_generic_port($1)
+	corenet_dontaudit_tcp_bind_all_reserved_ports($1)
+	corenet_dontaudit_udp_bind_all_reserved_ports($1)
+	corenet_dontaudit_tcp_bind_all_ports($1)
+	corenet_dontaudit_udp_bind_all_ports($1)
+	corenet_tcp_connect_portmap_port($1)
+	corenet_tcp_connect_reserved_port($1)
+	corenet_tcp_connect_generic_port($1)
+	corenet_dontaudit_tcp_connect_all_ports($1)
+	corenet_sendrecv_portmap_client_packets($1)
+	corenet_sendrecv_generic_client_packets($1)
+	corenet_sendrecv_generic_server_packets($1)
+
+	sysnet_read_config($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_use_ypbind_uncond'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use the ypbind service to access NIS services.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to use the ypbind service
+##	to access Network Information Service (NIS) services.
+##	Information that can be retreived from NIS includes
+##	usernames, passwords, home directories, and groups.
+##	If the network is configured to have a single sign-on
+##	using NIS, it is likely that any program that does
+##	authentication will need this access.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+## <rolecap/>
+#
+ 	 	define(`nis_use_ypbind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_use_ypbind'($*)) dnl
+	
+	tunable_policy(`allow_ypbind',`
+		nis_use_ypbind_uncond($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_use_ypbind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use nis to authenticate passwords.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nis_authenticate',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_authenticate'($*)) dnl
+	
+	tunable_policy(`allow_ypbind',`
+		nis_use_ypbind_uncond($1)
+		corenet_tcp_bind_all_rpc_ports($1)
+		corenet_udp_bind_all_rpc_ports($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_authenticate'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ypbind in the ypbind domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_domtrans_ypbind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_domtrans_ypbind'($*)) dnl
+	
+	gen_require(`
+		type ypbind_t, ypbind_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ypbind_exec_t, ypbind_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_domtrans_ypbind'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute ypbind in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_exec_ypbind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_exec_ypbind'($*)) dnl
+	
+	gen_require(`
+		type ypbind_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, ypbind_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_exec_ypbind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ypbind in the ypbind domain, and
+##	allow the specified role the ypbind domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nis_run_ypbind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_run_ypbind'($*)) dnl
+	
+	gen_require(`
+		attribute_role ypbind_roles;
+	')
+
+	nis_domtrans_ypbind($1)
+	roleattribute $2 ypbind_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_run_ypbind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to ypbind.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_signal_ypbind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_signal_ypbind'($*)) dnl
+	
+	gen_require(`
+		type ypbind_t;
+	')
+
+	allow $1 ypbind_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_signal_ypbind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List nis data directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_list_var_yp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_list_var_yp'($*)) dnl
+	
+	gen_require(`
+		type var_yp_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_yp_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_list_var_yp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ypbind pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_read_ypbind_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_read_ypbind_pid'($*)) dnl
+	
+	gen_require(`
+		type ypbind_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 ypbind_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_read_ypbind_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete ypbind pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_delete_ypbind_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_delete_ypbind_pid'($*)) dnl
+	
+	gen_require(`
+		type ypbind_runtime_t;
+	')
+
+	allow $1 ypbind_runtime_t:file delete_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_delete_ypbind_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ypserv configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_read_ypserv_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_read_ypserv_config'($*)) dnl
+	
+	gen_require(`
+		type ypserv_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 ypserv_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_read_ypserv_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ypxfr in the ypxfr domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_domtrans_ypxfr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_domtrans_ypxfr'($*)) dnl
+	
+	gen_require(`
+		type ypxfr_t, ypxfr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ypxfr_exec_t, ypxfr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_domtrans_ypxfr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute nis init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`nis_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type nis_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, nis_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ypbind init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`nis_initrc_domtrans_ypbind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_initrc_domtrans_ypbind'($*)) dnl
+	
+	gen_require(`
+		type ypbind_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, ypbind_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_initrc_domtrans_ypbind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an nis environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nis_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nis_admin'($*)) dnl
+	
+	gen_require(`
+		type ypbind_t, yppasswdd_t, ypserv_t, ypxfr_t;
+		type ypbind_tmp_t, ypserv_tmp_t, ypserv_conf_t;
+		type ypbind_runtime_t, yppasswdd_runtime_t, ypserv_runtime_t;
+		type ypbind_initrc_exec_t, nis_initrc_exec_t, var_yp_t;
+	')
+
+	allow $1 { ypbind_t yppasswdd_t ypserv_t ypxfr_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { ypbind_t yppasswdd_t ypserv_t ypxfr_t })
+
+	init_startstop_service($1, $2, ypbind_t, ypbind_initrc_exec_t)
+	init_startstop_service($1, $2, ypserv_t, nis_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, { ypserv_tmp_t ypbind_tmp_t })
+
+	files_list_pids($1)
+	admin_pattern($1, { ypserv_runtime_t ypbind_runtime_t yppasswdd_runtime_t })
+
+	files_list_etc($1)
+	admin_pattern($1, ypserv_conf_t)
+
+	files_search_var($1)
+	admin_pattern($1, var_yp_t)
+
+	nis_run_ypbind($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nis_admin'($*)) dnl
+	')
+
+## <summary>Dictionary server for the SKK Japanese input method system.</summary>
+## <summary>Layer 2 Tunneling Protocol.</summary>
+
+########################################
+## <summary>
+##	Send to l2tpd with a unix
+##	domain dgram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`l2tpd_dgram_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `l2tpd_dgram_send'($*)) dnl
+	
+	gen_require(`
+		type l2tpd_t, l2tpd_tmp_t, l2tpd_runtime_t;
+	')
+
+	files_search_pids($1)
+	files_search_tmp($1)
+	dgram_send_pattern($1, { l2tpd_tmp_t l2tpd_runtime_t }, { l2tpd_tmp_t l2tpd_runtime_t }, l2tpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `l2tpd_dgram_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write l2tpd sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`l2tpd_rw_socket',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `l2tpd_rw_socket'($*)) dnl
+	
+	gen_require(`
+		type l2tpd_t;
+	')
+
+	allow $1 l2tpd_t:socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `l2tpd_rw_socket'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to l2tpd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`l2tpd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `l2tpd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type l2tpd_t, l2tpd_runtime_t, l2tpd_tmp_t;
+	')
+
+	files_search_pids($1)
+	files_search_tmp($1)
+	stream_connect_pattern($1, { l2tpd_tmp_t l2tpd_runtime_t }, { l2tpd_tmp_t l2tpd_runtime_t }, l2tpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `l2tpd_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an l2tp environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`l2tp_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `l2tp_admin'($*)) dnl
+	
+	gen_require(`
+		type l2tpd_t, l2tpd_initrc_exec_t, l2tpd_runtime_t;
+		type l2tp_conf_t, l2tpd_tmp_t;
+	')
+
+	allow $1 l2tpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, l2tpd_t)
+
+	init_startstop_service($1, $2, l2tpd_t, l2tpd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, l2tp_conf_t)
+
+	files_search_pids($1)
+	admin_pattern($1, l2tpd_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, l2tpd_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `l2tp_admin'($*)) dnl
+	')
+
+## <summary>Authoritative only name server.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an nsd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nsd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nsd_admin'($*)) dnl
+	
+	gen_require(`
+		type nsd_t, nsd_conf_t, nsd_runtime_t;
+		type nsd_initrc_exec_t, nsd_db_t, nsd_zone_t;
+	')
+
+	allow $1 nsd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, nsd_t)
+
+	init_startstop_service($1, $2, nsd_t, nsd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, { nsd_conf_t nsd_db_t })
+
+	files_search_var_lib($1)
+	admin_pattern($1, nsd_zone_t)
+
+	files_list_pids($1)
+	admin_pattern($1, nsd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nsd_admin'($*)) dnl
+	')
+
+## <summary>Open source wiki package written in PHP.</summary>
+## <summary>Varnishd http accelerator daemon.</summary>
+
+#######################################
+## <summary>
+##	Execute varnishd in the varnishd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`varnishd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `varnishd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type varnishd_t, varnishd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, varnishd_exec_t, varnishd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `varnishd_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute varnishd in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`varnishd_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `varnishd_exec'($*)) dnl
+	
+	gen_require(`
+		type varnishd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, varnishd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `varnishd_exec'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read varnishd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`varnishd_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `varnishd_read_config'($*)) dnl
+	
+	gen_require(`
+		type varnishd_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, varnishd_etc_t, varnishd_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `varnishd_read_config'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read varnish lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`varnishd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `varnishd_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type varnishd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, varnishd_var_lib_t, varnishd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `varnishd_read_lib_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read varnish log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`varnishd_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `varnishd_read_log'($*)) dnl
+	
+	gen_require(`
+		type varnishlog_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `varnishd_read_log'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Append varnish log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`varnishd_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `varnishd_append_log'($*)) dnl
+	
+	gen_require(`
+		type varnishlog_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `varnishd_append_log'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Create, read, write, and delete
+##	varnish log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`varnishd_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `varnishd_manage_log'($*)) dnl
+	
+	gen_require(`
+		type varnishlog_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `varnishd_manage_log'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	All of the rules required to
+##	administrate an varnishlog environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`varnishd_admin_varnishlog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `varnishd_admin_varnishlog'($*)) dnl
+	
+	gen_require(`
+		type varnishlog_t, varnishlog_initrc_exec_t, varnishlog_log_t;
+		type varnishlog_runtime_t;
+	')
+
+	allow $1 varnishlog_t:process { ptrace signal_perms };
+	ps_process_pattern($1, varnishlog_t)
+
+	init_startstop_service($1, $2, varnishlog_t, varnishlog_initrc_exec_t)
+
+	files_list_pids($1)
+	admin_pattern($1, varnishlog_runtime_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, varnishlog_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `varnishd_admin_varnishlog'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	All of the rules required to
+##	administrate an varnishd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`varnishd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `varnishd_admin'($*)) dnl
+	
+	gen_require(`
+		type varnishd_t, varnishd_var_lib_t, varnishd_etc_t;
+		type varnishd_runtime_t, varnishd_tmp_t;
+		type varnishd_initrc_exec_t;
+	')
+
+	allow $1 varnishd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, varnishd_t)
+
+	init_startstop_service($1, $2, varnishd_t, varnishd_initrc_exec_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, varnishd_var_lib_t)
+
+	files_list_etc($1)
+	admin_pattern($1, varnishd_etc_t)
+
+	files_list_pids($1)
+	admin_pattern($1, varnishd_runtime_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, varnishd_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `varnishd_admin'($*)) dnl
+	')
+
+## <summary>Zebra border gateway protocol network routing service.</summary>
+
+########################################
+## <summary>
+##	Read zebra configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`zebra_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zebra_read_config'($*)) dnl
+	
+	gen_require(`
+		type zebra_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 zebra_conf_t:dir list_dir_perms;
+	allow $1 zebra_conf_t:file read_file_perms;
+	allow $1 zebra_conf_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zebra_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to zebra with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`zebra_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zebra_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type zebra_t, zebra_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, zebra_runtime_t, zebra_runtime_t, zebra_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zebra_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an zebra environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`zebra_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zebra_admin'($*)) dnl
+	
+	gen_require(`
+		type zebra_t, zebra_tmp_t, zebra_log_t;
+		type zebra_conf_t, zebra_runtime_t;
+		type zebra_initrc_exec_t;
+	')
+
+	allow $1 zebra_t:process { ptrace signal_perms };
+	ps_process_pattern($1, zebra_t)
+
+	init_startstop_service($1, $2, zebra_t, zebra_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, zebra_conf_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, zebra_log_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, zebra_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, zebra_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zebra_admin'($*)) dnl
+	')
+
+## <summary>Cyphesis WorldForge game server.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run cyphesis.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`cyphesis_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cyphesis_domtrans'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_t, cyphesis_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cyphesis_exec_t, cyphesis_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cyphesis_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cyphesis environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cyphesis_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cyphesis_admin'($*)) dnl
+	
+	gen_require(`
+		type cyphesis_t, cyphesis_initrc_exec_t, cyphesis_log_t;
+		type cyphesis_runtime_t, cyphesis_tmp_t;
+	')
+
+	allow $1 cyphesis_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cyphesis_t)
+
+	init_startstop_service($1, $2, cyphesis_t, cyphesis_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, cyphesis_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, cyphesis_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, cyphesis_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cyphesis_admin'($*)) dnl
+	')
+
+## <summary>Small and secure DNS daemon.</summary>
+
+#######################################
+## <summary>
+##	The template to define a djbdns domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`djbdns_daemontools_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `djbdns_daemontools_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute djbdns_domain;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type djbdns_$1_t, djbdns_domain;
+	type djbdns_$1_exec_t;
+	domain_type(djbdns_$1_t)
+	domain_entry_file(djbdns_$1_t, djbdns_$1_exec_t)
+	role system_r types djbdns_$1_t;
+
+	type djbdns_$1_conf_t;
+	files_config_file(djbdns_$1_conf_t)
+
+	########################################
+	#
+	# Local policy
+	#
+
+	daemontools_service_domain(djbdns_$1_t, djbdns_$1_exec_t)
+	daemontools_read_svc(djbdns_$1_t)
+
+	allow djbdns_$1_t djbdns_$1_conf_t:dir list_dir_perms;
+	allow djbdns_$1_t djbdns_$1_conf_t:file read_file_perms;
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `djbdns_daemontools_domain_template'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Search djbdns-tinydns key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`djbdns_search_tinydns_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `djbdns_search_tinydns_keys'($*)) dnl
+	
+	gen_require(`
+		type djbdns_tinydns_t;
+	')
+
+	allow $1 djbdns_tinydns_t:key search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `djbdns_search_tinydns_keys'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Link djbdns-tinydns key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`djbdns_link_tinydns_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `djbdns_link_tinydns_keys'($*)) dnl
+	
+	gen_require(`
+		type djbdns_tinydns_t;
+	')
+
+	allow $1 djbdns_tinydns_t:key link;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `djbdns_link_tinydns_keys'($*)) dnl
+	')
+
+## <summary>Network UPS Tools </summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an nut environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nut_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nut_admin'($*)) dnl
+	
+	gen_require(`
+		attribute nut_domain;
+		type nut_initrc_exec_t, nut_runtime_t, nut_conf_t;
+	')
+
+	allow $1 nut_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, nut_domain)
+
+	init_startstop_service($1, $2, nut_domain, nut_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, nut_conf_t)
+
+	files_search_pids($1)
+	admin_pattern($1, nut_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nut_admin'($*)) dnl
+	')
+
+## <summary>MIT Kerberos admin and KDC.</summary>
+
+########################################
+## <summary>
+##	Execute kadmind in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`kerberos_exec_kadmind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_exec_kadmind'($*)) dnl
+	
+	gen_require(`
+		type kadmind_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, kadmind_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_exec_kadmind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run kpropd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`kerberos_domtrans_kpropd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_domtrans_kpropd'($*)) dnl
+	
+	gen_require(`
+		type kpropd_t, kpropd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, kpropd_exec_t, kpropd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_domtrans_kpropd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Support kerberos services.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_use',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_use'($*)) dnl
+	
+	gen_require(`
+		type krb5kdc_conf_t, krb5_host_rcache_t, krb5_conf_t;
+	')
+
+	kerberos_read_config($1)
+
+	dontaudit $1 krb5_conf_t:file write_file_perms;
+	dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
+	dontaudit $1 krb5kdc_conf_t:file rw_file_perms;
+
+	dontaudit $1 self:process setfscreate;
+
+	selinux_dontaudit_validate_context($1)
+	seutil_dontaudit_read_file_contexts($1)
+
+	tunable_policy(`allow_kerberos',`
+		allow $1 self:tcp_socket create_socket_perms;
+		allow $1 self:udp_socket create_socket_perms;
+
+		corenet_all_recvfrom_unlabeled($1)
+		corenet_all_recvfrom_netlabel($1)
+		corenet_tcp_sendrecv_generic_if($1)
+		corenet_udp_sendrecv_generic_if($1)
+		corenet_tcp_sendrecv_generic_node($1)
+		corenet_udp_sendrecv_generic_node($1)
+
+		corenet_sendrecv_kerberos_client_packets($1)
+		corenet_tcp_connect_kerberos_port($1)
+
+		corenet_sendrecv_ocsp_client_packets($1)
+		corenet_tcp_connect_ocsp_port($1)
+
+		allow $1 krb5_host_rcache_t:file getattr_file_perms;
+	')
+
+	optional_policy(`
+		tunable_policy(`allow_kerberos',`
+			pcscd_stream_connect($1)
+		')
+	')
+
+	optional_policy(`
+		sssd_read_public_files($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_use'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kerberos configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kerberos_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_read_config'($*)) dnl
+	
+	gen_require(`
+		type krb5_conf_t, krb5_home_t;
+	')
+
+	files_search_etc($1)
+	allow $1 krb5_conf_t:file read_file_perms;
+
+	userdom_search_user_home_dirs($1)
+	allow $1 krb5_home_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write
+##	kerberos configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_dontaudit_write_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_dontaudit_write_config'($*)) dnl
+	
+	gen_require(`
+		type krb5_conf_t;
+	')
+
+	dontaudit $1 krb5_conf_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_dontaudit_write_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write kerberos
+##	configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kerberos_rw_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_rw_config'($*)) dnl
+	
+	gen_require(`
+		type krb5_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 krb5_conf_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_rw_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	kerberos home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_manage_krb5_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_manage_krb5_home_files'($*)) dnl
+	
+	gen_require(`
+		type krb5_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 krb5_home_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_manage_krb5_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel kerberos home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_relabel_krb5_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_relabel_krb5_home_files'($*)) dnl
+	
+	gen_require(`
+		type krb5_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 krb5_home_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_relabel_krb5_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the krb5 home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_home_filetrans_krb5_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_home_filetrans_krb5_home'($*)) dnl
+	
+	gen_require(`
+		type krb5_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, krb5_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_home_filetrans_krb5_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kerberos key table files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kerberos_read_keytab',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_read_keytab'($*)) dnl
+	
+	gen_require(`
+		type krb5_keytab_t;
+	')
+
+	files_search_etc($1)
+	allow $1 krb5_keytab_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_read_keytab'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write kerberos key table files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_rw_keytab',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_rw_keytab'($*)) dnl
+	
+	gen_require(`
+		type krb5_keytab_t;
+	')
+
+	files_search_etc($1)
+	allow $1 krb5_keytab_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_rw_keytab'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	kerberos key table files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_manage_keytab_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_manage_keytab_files'($*)) dnl
+	
+	gen_require(`
+		type krb5_keytab_t;
+	')
+
+	files_search_etc($1)
+	allow $1 krb5_keytab_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_manage_keytab_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in generic
+##	etc directories with the kerberos
+##	keytab file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_etc_filetrans_keytab',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_etc_filetrans_keytab'($*)) dnl
+	
+	gen_require(`
+		type krb5_keytab_t;
+	')
+
+	files_etc_filetrans($1, krb5_keytab_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_etc_filetrans_keytab'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kerberos kdc configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kerberos_read_kdc_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_read_kdc_config'($*)) dnl
+	
+	gen_require(`
+		type krb5kdc_conf_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, krb5kdc_conf_t, krb5kdc_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_read_kdc_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	kerberos host rcache files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kerberos_manage_host_rcache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_manage_host_rcache'($*)) dnl
+	
+	gen_require(`
+		type krb5_host_rcache_t;
+	')
+
+	domain_obj_id_change_exemption($1)
+
+	tunable_policy(`allow_kerberos',`
+		allow $1 self:process setfscreate;
+
+		selinux_validate_context($1)
+
+		seutil_read_file_contexts($1)
+
+		files_search_tmp($1)
+		allow $1 krb5_host_rcache_t:file manage_file_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_manage_host_rcache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in generic temporary
+##	directories with the kerberos host
+##	rcache type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_tmp_filetrans_host_rcache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_tmp_filetrans_host_rcache'($*)) dnl
+	
+	gen_require(`
+		type krb5_host_rcache_t;
+	')
+
+	files_tmp_filetrans($1, krb5_host_rcache_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_tmp_filetrans_host_rcache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to krb524 service.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`kerberos_connect_524',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_connect_524'($*)) dnl
+	
+	tunable_policy(`allow_kerberos',`
+		allow $1 self:udp_socket create_socket_perms;
+
+		corenet_all_recvfrom_unlabeled($1)
+		corenet_all_recvfrom_netlabel($1)
+		corenet_udp_sendrecv_generic_if($1)
+		corenet_udp_sendrecv_generic_node($1)
+
+		corenet_sendrecv_kerberos_master_client_packets($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_connect_524'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an kerberos environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`kerberos_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `kerberos_admin'($*)) dnl
+	
+	gen_require(`
+		type kadmind_t, krb5kdc_t, kerberos_initrc_exec_t;
+		type kadmind_log_t, kadmind_tmp_t, kadmind_runtime_t;
+		type krb5_conf_t, krb5_keytab_t, krb5kdc_conf_t;
+		type krb5kdc_principal_t, krb5kdc_tmp_t, kpropd_t;
+		type krb5kdc_runtime_t, krb5_host_rcache_t;
+	')
+
+	allow $1 { kadmind_t krb5kdc_t kpropd_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd_t })
+
+	init_startstop_service($1, $2, { kadmind_t krb5kdc_t }, kerberos_initrc_exec_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, kadmind_log_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, { kadmind_tmp_t krb5_host_rcache_t krb5kdc_tmp_t })
+
+	kerberos_tmp_filetrans_host_rcache($1, file, "host_0")
+	kerberos_tmp_filetrans_host_rcache($1, file, "HTTP_23")
+	kerberos_tmp_filetrans_host_rcache($1, file, "HTTP_48")
+	kerberos_tmp_filetrans_host_rcache($1, file, "imap_0")
+	kerberos_tmp_filetrans_host_rcache($1, file, "nfs_0")
+	kerberos_tmp_filetrans_host_rcache($1, file, "ldapmap1_0")
+	kerberos_tmp_filetrans_host_rcache($1, file, "ldap_487")
+	kerberos_tmp_filetrans_host_rcache($1, file, "ldap_55")
+
+	files_list_pids($1)
+	admin_pattern($1, { kadmind_runtime_t krb5kdc_runtime_t })
+
+	files_list_etc($1)
+	admin_pattern($1, krb5_conf_t)
+
+	files_etc_filetrans($1, krb5_conf_t, file, "krb5.conf")
+
+	admin_pattern($1, { krb5_keytab_t  krb5kdc_principal_t })
+
+	filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal")
+	filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal0")
+	filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, "principal1")
+
+	kerberos_etc_filetrans_keytab($1, file, "kadm5.keytab")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `kerberos_admin'($*)) dnl
+	')
+
+## <summary>Local LDAP name service daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run nslcd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`nslcd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nslcd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type nslcd_t, nslcd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, nslcd_exec_t, nslcd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nslcd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute nslcd server in the nslcd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`nslcd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nslcd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type nslcd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, nslcd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nslcd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read nslcd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nslcd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nslcd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type nslcd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 nslcd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nslcd_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to nslcd over an unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`nslcd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nslcd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type nslcd_t, nslcd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, nslcd_runtime_t, nslcd_runtime_t, nslcd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nslcd_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an nslcd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nslcd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nslcd_admin'($*)) dnl
+	
+	gen_require(`
+		type nslcd_t, nslcd_initrc_exec_t, nslcd_runtime_t;
+		type nslcd_conf_t;
+	')
+
+	allow $1 nslcd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, nslcd_t)
+
+	init_startstop_service($1, $2, nslcd_t, nslcd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, nslcd_conf_t)
+
+	files_search_pids($1)
+	admin_pattern($1, nslcd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nslcd_admin'($*)) dnl
+	')
+
+## <summary>Multilayer virtual switch.</summary>
+
+########################################
+## <summary>
+##	Execute openvswitch in the openvswitch domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`openvswitch_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvswitch_domtrans'($*)) dnl
+	
+	gen_require(`
+		type openvswitch_t, openvswitch_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, openvswitch_exec_t, openvswitch_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvswitch_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read openvswitch pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`openvswitch_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvswitch_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type openvswitch_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, openvswitch_runtime_t, openvswitch_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvswitch_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an openvswitch environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`openvswitch_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openvswitch_admin'($*)) dnl
+	
+	gen_require(`
+		type openvswitch_t, openvswitch_initrc_exec_t, openvswitch_conf_t;
+		type openvswitch_var_lib_t, openvswitch_log_t, openvswitch_runtime_t;
+	')
+
+	allow $1 openvswitch_t:process { ptrace signal_perms };
+	ps_process_pattern($1, openvswitch_t)
+
+	init_startstop_service($1, $2, openvswitch_t, openvswitch_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, openvswitch_conf_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, openvswitch_var_lib_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, openvswitch_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, openvswitch_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openvswitch_admin'($*)) dnl
+	')
+
+## <summary>Rshd, rlogind, and telnetd.</summary>
+
+########################################
+## <summary>
+##	Domain transition to the remote login domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`remotelogin_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `remotelogin_domtrans'($*)) dnl
+	
+	gen_require(`
+		type remote_login_t;
+	')
+
+	corecmd_search_bin($1)
+	auth_domtrans_login_program($1, remote_login_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `remotelogin_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to remote login.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`remotelogin_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `remotelogin_signal'($*)) dnl
+	
+	gen_require(`
+		type remote_login_t;
+	')
+
+	allow $1 remote_login_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `remotelogin_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	remote login temporary content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`remotelogin_manage_tmp_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `remotelogin_manage_tmp_content'($*)) dnl
+	
+	gen_require(`
+		type remote_login_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 remote_login_tmp_t:dir manage_dir_perms;
+	allow $1 remote_login_tmp_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `remotelogin_manage_tmp_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel remote login temporary content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`remotelogin_relabel_tmp_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `remotelogin_relabel_tmp_content'($*)) dnl
+	
+	gen_require(`
+		type remote_login_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 remote_login_tmp_t:dir relabel_dir_perms;
+	allow $1 remote_login_tmp_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `remotelogin_relabel_tmp_content'($*)) dnl
+	')
+
+## <summary>Distributed infrastructure monitoring.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run zabbix.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`zabbix_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zabbix_domtrans'($*)) dnl
+	
+	gen_require(`
+		type zabbix_t, zabbix_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, zabbix_exec_t, zabbix_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zabbix_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to zabbit on the TCP network.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`zabbix_tcp_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zabbix_tcp_connect'($*)) dnl
+	
+	gen_require(`
+		type zabbix_t;
+	')
+
+	corenet_sendrecv_zabbix_client_packets($1)
+	corenet_tcp_connect_zabbix_port($1)
+	corenet_tcp_recvfrom_labeled($1, zabbix_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zabbix_tcp_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read zabbix log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`zabbix_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zabbix_read_log'($*)) dnl
+	
+	gen_require(`
+		type zabbix_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, zabbix_log_t, zabbix_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zabbix_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append zabbix log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`zabbix_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zabbix_append_log'($*)) dnl
+	
+	gen_require(`
+		type zabbix_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, zabbix_log_t, zabbix_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zabbix_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read zabbix pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`zabbix_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zabbix_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type zabbix_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 zabbix_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zabbix_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to zabbix agent on the TCP network.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`zabbix_agent_tcp_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zabbix_agent_tcp_connect'($*)) dnl
+	
+	gen_require(`
+		type zabbix_t;
+	')
+
+	corenet_sendrecv_zabbix_agent_client_packets($1)
+	corenet_tcp_connect_zabbix_agent_port($1)
+	corenet_tcp_recvfrom_labeled($1, zabbix_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zabbix_agent_tcp_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an zabbix environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`zabbix_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zabbix_admin'($*)) dnl
+	
+	gen_require(`
+		type zabbix_t, zabbix_agent_t, zabbix_log_t, zabbix_runtime_t;
+		type zabbix_initrc_exec_t, zabbix_agent_initrc_exec_t, zabbix_tmp_t;
+		type zabbix_tmpfs_t;
+	')
+
+	allow $1 { zabbix_t zabbix_agent_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { zabbix_t zabbix_agent_t })
+
+	init_startstop_service($1, $2, zabbix_t, zabbix_initrc_exec_t)
+	init_startstop_service($1, $2, zabbix_agent_t, zabbix_agent_initrc_exec_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, zabbix_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, zabbix_runtime_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, zabbix_tmp_t)
+
+	fs_list_tmpfs($1)
+	admin_pattern($1, zabbix_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zabbix_admin'($*)) dnl
+	')
+
+## <summary>KDE Talk daemon.</summary>
+## <summary>Desktop messaging bus.</summary>
+
+########################################
+## <summary>
+##	DBUS stub interface.  No access allowed.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_stub',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_stub'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_t;
+		class dbus all_dbus_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_stub'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dbus in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`dbus_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_exec'($*)) dnl
+	
+	gen_require(`
+		type dbusd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, dbusd_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for dbus.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_role_template'($*)) dnl
+	
+	gen_require(`
+		class dbus { send_msg acquire_svc };
+		attribute session_bus_type;
+		type system_dbusd_t, dbusd_exec_t;
+		type session_dbusd_tmp_t, session_dbusd_home_t;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	type $1_dbusd_t, session_bus_type;
+	domain_type($1_dbusd_t)
+	domain_entry_file($1_dbusd_t, dbusd_exec_t)
+	ubac_constrained($1_dbusd_t)
+
+	role $2 types $1_dbusd_t;
+
+	##############################
+	#
+	# Local policy
+	#
+
+	allow $3 $1_dbusd_t:unix_stream_socket connectto;
+	allow $3 $1_dbusd_t:dbus { send_msg acquire_svc };
+	allow $3 $1_dbusd_t:fd use;
+
+	allow $3 system_dbusd_t:dbus { send_msg acquire_svc };
+
+	allow $3 { session_dbusd_home_t session_dbusd_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $3 { session_dbusd_home_t session_dbusd_tmp_t }:file { manage_file_perms relabel_file_perms };
+	userdom_user_home_dir_filetrans($3, session_dbusd_home_t, dir, ".dbus")
+
+	domtrans_pattern($3, dbusd_exec_t, $1_dbusd_t)
+
+	ps_process_pattern($3, $1_dbusd_t)
+	allow $3 $1_dbusd_t:process { ptrace signal_perms };
+
+	allow $1_dbusd_t $3:process sigkill;
+
+	corecmd_bin_domtrans($1_dbusd_t, $3)
+	corecmd_shell_domtrans($1_dbusd_t, $3)
+
+	auth_use_nsswitch($1_dbusd_t)
+
+	ifdef(`hide_broken_symptoms',`
+		dontaudit $3 $1_dbusd_t:netlink_selinux_socket { read write };
+	')
+
+	ifdef(`distro_gentoo',`
+		optional_policy(`
+			xdg_read_data_home_files($1_dbusd_t)
+		')
+	')
+
+	optional_policy(`
+		systemd_read_logind_pids($1_dbusd_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_role_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Template for creating connections to
+##	the system bus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_system_bus_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_system_bus_client'($*)) dnl
+	
+	gen_require(`
+		attribute dbusd_system_bus_client;
+		type system_dbusd_t, system_dbusd_runtime_t, system_dbusd_var_lib_t;
+		class dbus send_msg;
+	')
+
+	typeattribute $1 dbusd_system_bus_client;
+
+	allow $1 { system_dbusd_t self }:dbus send_msg;
+	allow system_dbusd_t $1:dbus send_msg;
+
+	files_search_var_lib($1)
+	read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
+
+	files_search_pids($1)
+	stream_connect_pattern($1, system_dbusd_runtime_t, system_dbusd_runtime_t, system_dbusd_t)
+
+	dbus_read_config($1)
+
+	ifdef(`distro_gentoo',`
+		# The /var/lib/dbus/machine-id file is a link to /etc/machine-id
+		read_lnk_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_system_bus_client'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Acquire service on all DBUS
+##	session busses.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_connect_all_session_bus',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_connect_all_session_bus'($*)) dnl
+	
+	gen_require(`
+		attribute session_bus_type;
+		class dbus acquire_svc;
+	')
+
+	allow $1 session_bus_type:dbus acquire_svc;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_connect_all_session_bus'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Acquire service on specified
+##	DBUS session bus.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_connect_spec_session_bus',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_connect_spec_session_bus'($*)) dnl
+	
+	gen_require(`
+		type $1_dbusd_t;
+		class dbus acquire_svc;
+	')
+
+	allow $2 $1_dbusd_t:dbus acquire_svc;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_connect_spec_session_bus'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Creating connections to all
+##	DBUS session busses.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_all_session_bus_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_all_session_bus_client'($*)) dnl
+	
+	gen_require(`
+		attribute session_bus_type, dbusd_session_bus_client;
+		class dbus send_msg;
+	')
+
+	typeattribute $1 dbusd_session_bus_client;
+
+	allow $1 { session_bus_type self }:dbus send_msg;
+	allow session_bus_type $1:dbus send_msg;
+
+	allow $1 session_bus_type:unix_stream_socket connectto;
+	allow $1 session_bus_type:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_all_session_bus_client'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Creating connections to specified
+##	DBUS session bus.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_spec_session_bus_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_spec_session_bus_client'($*)) dnl
+	
+	gen_require(`
+		attribute dbusd_session_bus_client;
+		type $1_dbusd_t;
+		class dbus send_msg;
+	')
+
+	typeattribute $2 dbusd_session_bus_client;
+
+	allow $2 { $1_dbusd_t self }:dbus send_msg;
+	allow $1_dbusd_t $2:dbus send_msg;
+
+	allow $2 $1_dbusd_t:unix_stream_socket connectto;
+	allow $2 $1_dbusd_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_spec_session_bus_client'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send messages to all DBUS
+##	session busses.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_send_all_session_bus',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_send_all_session_bus'($*)) dnl
+	
+	gen_require(`
+		attribute session_bus_type;
+		class dbus send_msg;
+	')
+
+	allow $1 session_bus_type:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_send_all_session_bus'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send messages to specified
+##	DBUS session busses.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_send_spec_session_bus',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_send_spec_session_bus'($*)) dnl
+	
+	gen_require(`
+		type $1_dbusd_t;
+		class dbus send_msg;
+	')
+
+	allow $2 $1_dbusd_t:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_send_spec_session_bus'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read dbus configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_read_config'($*)) dnl
+	
+	gen_require(`
+		type dbusd_etc_t;
+	')
+
+	allow $1 dbusd_etc_t:dir list_dir_perms;
+	allow $1 dbusd_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read system dbus lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
+	read_lnk_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel system dbus lib directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_relabel_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_relabel_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 system_dbusd_var_lib_t:dir { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_relabel_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	system dbus lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow a application domain to be
+##	started by the specified session bus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an
+##	entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_all_session_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_all_session_domain'($*)) dnl
+	
+	gen_require(`
+		attribute session_bus_type;
+	')
+
+	domtrans_pattern(session_bus_type, $2, $1)
+
+	dbus_all_session_bus_client($1)
+	dbus_connect_all_session_bus($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_all_session_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow a application domain to be
+##	started by the specified session bus.
+## </summary>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an
+##	entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_spec_session_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_spec_session_domain'($*)) dnl
+	
+	gen_require(`
+		type $1_dbusd_t;
+	')
+
+	domtrans_pattern($1_dbusd_t, $3, $2)
+
+	dbus_spec_session_bus_client($1, $2)
+	dbus_connect_spec_session_bus($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_spec_session_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Acquire service on the DBUS system bus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_connect_system_bus',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_connect_system_bus'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_t;
+		class dbus acquire_svc;
+	')
+
+	allow $1 system_dbusd_t:dbus acquire_svc;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_connect_system_bus'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send messages to the DBUS system bus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_send_system_bus',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_send_system_bus'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 system_dbusd_t:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_send_system_bus'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to DBUS system bus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_system_bus_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_system_bus_unconfined'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_t;
+		class dbus { acquire_svc send_msg };
+	')
+
+	allow $1 system_dbusd_t:dbus { acquire_svc send_msg };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_system_bus_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain for processes which
+##	can be started by the DBUS system bus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_system_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_system_domain'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_t;
+		role system_r;
+	')
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+
+	role system_r types $1;
+
+	domtrans_pattern(system_dbusd_t, $2, $1)
+
+	dbus_system_bus_client($1)
+	dbus_connect_system_bus($1)
+
+	ps_process_pattern(system_dbusd_t, $1)
+
+	userdom_read_all_users_state($1)
+
+	ifdef(`init_systemd',`
+		init_daemon_domain($1, $2)
+	')
+
+	ifdef(`hide_broken_symptoms', `
+		dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_system_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use and inherit DBUS system bus
+##	file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_use_system_bus_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_use_system_bus_fds'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_t;
+	')
+
+	allow $1 system_dbusd_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_use_system_bus_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write DBUS system bus TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_dontaudit_system_bus_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_dontaudit_system_bus_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_t;
+	')
+
+	dontaudit $1 system_dbusd_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_dontaudit_system_bus_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch system bus runtime directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_watch_system_bus_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_watch_system_bus_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_runtime_t;
+	')
+
+	allow $1 system_dbusd_runtime_t:dir watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_watch_system_bus_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch system bus runtime named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_watch_system_bus_runtime_named_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_watch_system_bus_runtime_named_sockets'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_runtime_t;
+	')
+
+	allow $1 system_dbusd_runtime_t:sock_file watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_watch_system_bus_runtime_named_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to DBUS.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute dbusd_unconfined;
+	')
+
+	typeattribute $1 dbusd_unconfined;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create resources in /run or /var/run with the system_dbusd_runtime_t
+##	label. This method is deprecated in favor of the init_daemon_run_dir
+##	call.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Classes supported for the created resources
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Optional file name used for the resource
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_generic_pid_filetrans_system_dbusd_var_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_generic_pid_filetrans_system_dbusd_var_run'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_generic_pid_filetrans_system_dbusd_var_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create directories with the system_dbusd_runtime_t label
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`dbus_create_system_dbusd_var_run_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dbus_create_system_dbusd_var_run_dirs'($*)) dnl
+	
+	gen_require(`
+		type system_dbusd_runtime_t;
+	')
+
+	create_dirs_pattern($1, system_dbusd_runtime_t, system_dbusd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dbus_create_system_dbusd_var_run_dirs'($*)) dnl
+	')
+
+
+
+## <summary>System Security Services Daemon.</summary>
+
+#######################################
+## <summary>
+##	Get attributes of sssd executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_getattr_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_getattr_exec'($*)) dnl
+	
+	gen_require(`
+		type sssd_exec_t;
+	')
+
+	allow $1 sssd_exec_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_getattr_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run sssd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sssd_t, sssd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, sssd_exec_t, sssd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute sssd init scripts in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type sssd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, sssd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_initrc_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read sssd configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_read_config'($*)) dnl
+	
+	gen_require(`
+		type sssd_conf_t;
+	')
+
+	files_search_etc($1)
+	list_dirs_pattern($1, sssd_conf_t, sssd_conf_t)
+	read_files_pattern($1, sssd_conf_t, sssd_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_read_config'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Write sssd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_write_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_write_config'($*)) dnl
+	
+	gen_require(`
+		type sssd_conf_t;
+	')
+
+	files_search_etc($1)
+	write_files_pattern($1, sssd_conf_t, sssd_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_write_config'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Create, read, write, and delete
+##	sssd configuration files.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`sssd_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_manage_config'($*)) dnl
+	
+	gen_require(`
+		type sssd_conf_t;
+	')
+
+	files_search_etc($1)
+	manage_files_pattern($1, sssd_conf_t, sssd_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read sssd public files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_read_public_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_read_public_files'($*)) dnl
+	
+	gen_require(`
+		type sssd_public_t;
+	')
+
+	sssd_search_lib($1)
+	allow $1 sssd_public_t:dir list_dir_perms;
+	read_files_pattern($1, sssd_public_t, sssd_public_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_read_public_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	sssd public files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_manage_public_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_manage_public_files'($*)) dnl
+	
+	gen_require(`
+		type sssd_public_t;
+	')
+
+	sssd_search_lib($1)
+	manage_files_pattern($1, sssd_public_t, sssd_public_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_manage_public_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read sssd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type sssd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 sssd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	sssd pid content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_manage_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_manage_pids'($*)) dnl
+	
+	gen_require(`
+		type sssd_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_dirs_pattern($1, sssd_runtime_t, sssd_runtime_t)
+	manage_files_pattern($1, sssd_runtime_t, sssd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_manage_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search sssd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_search_lib'($*)) dnl
+	
+	gen_require(`
+		type sssd_var_lib_t;
+	')
+
+	allow $1 sssd_var_lib_t:dir search_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search
+##	sssd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_dontaudit_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_dontaudit_search_lib'($*)) dnl
+	
+	gen_require(`
+		type sssd_var_lib_t;
+	')
+
+	dontaudit $1 sssd_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_dontaudit_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read sssd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type sssd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
+	read_lnk_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	sssd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type sssd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
+	manage_lnk_files_pattern($1, sssd_var_lib_t, sssd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	sssd over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type sssd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 sssd_t:dbus send_msg;
+	allow sssd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to sssd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sssd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type sssd_t, sssd_var_lib_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, sssd_var_lib_t, sssd_var_lib_t, sssd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an sssd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sssd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sssd_admin'($*)) dnl
+	
+	gen_require(`
+		type sssd_t, sssd_public_t, sssd_initrc_exec_t;
+		type sssd_var_lib_t, sssd_runtime_t, sssd_conf_t;
+		type sssd_var_log_t;
+	')
+
+	allow $1 sssd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, sssd_t)
+
+	init_startstop_service($1, $2, sssd_t, sssd_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, sssd_conf_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, { sssd_var_lib_t sssd_public_t })
+
+	files_search_pids($1)
+	admin_pattern($1, sssd_runtime_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, sssd_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sssd_admin'($*)) dnl
+	')
+
+## <summary>Tunnels instant messaging traffic to a virtual IRC channel.</summary>
+
+########################################
+## <summary>
+##	Read bitlbee configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bitlbee_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bitlbee_read_config'($*)) dnl
+	
+	gen_require(`
+		type bitlbee_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 bitlbee_conf_t:dir list_dir_perms;
+	allow $1 bitlbee_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bitlbee_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an bitlbee environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bitlbee_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bitlbee_admin'($*)) dnl
+	
+	gen_require(`
+		type bitlbee_t, bitlbee_conf_t, bitlbee_var_t;
+		type bitlbee_initrc_exec_t, bitlbee_runtime_t;
+		type bitlbee_log_t, bitlbee_tmp_t;
+	')
+
+	allow $1 bitlbee_t:process { ptrace signal_perms };
+	ps_process_pattern($1, bitlbee_t)
+
+	init_startstop_service($1, $2, bitlbee_t, bitlbee_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, bitlbee_conf_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, bitlbee_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, bitlbee_tmp_t)
+
+	files_search_pids($1)
+	admin_pattern($1, bitlbee_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, bitlbee_var_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bitlbee_admin'($*)) dnl
+	')
+
+## <summary>Manager for dynamically switching between networks.</summary>
+
+########################################
+## <summary>
+##	Read and write networkmanager udp sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_rw_udp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_rw_udp_sockets'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t;
+	')
+
+	allow $1 NetworkManager_t:udp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_rw_udp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write networkmanager packet sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_rw_packet_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_rw_packet_sockets'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t;
+	')
+
+	allow $1 NetworkManager_t:packet_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_rw_packet_sockets'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+## Relabel networkmanager tun socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`networkmanager_attach_tun_iface',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_attach_tun_iface'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t;
+	')
+
+	allow $1 NetworkManager_t:tun_socket relabelfrom;
+	allow $1 self:tun_socket relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_attach_tun_iface'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write networkmanager netlink
+##	routing sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_rw_routing_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_rw_routing_sockets'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t;
+	')
+
+	allow $1 NetworkManager_t:netlink_route_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_rw_routing_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute networkmanager with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_domtrans'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t, NetworkManager_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, NetworkManager_exec_t, NetworkManager_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute networkmanager scripts with
+##	an automatic domain transition to initrc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	networkmanager over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t;
+		class dbus send_msg;
+	')
+
+	allow $1 NetworkManager_t:dbus send_msg;
+	allow NetworkManager_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_dbus_chat'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read metworkmanager process state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_read_state'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t;
+	')
+
+	allow $1 NetworkManager_t:dir search_dir_perms;
+	allow $1 NetworkManager_t:file read_file_perms;
+	allow $1 NetworkManager_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to networkmanager.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_signal'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t;
+	')
+
+	allow $1 NetworkManager_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read networkmanager etc files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_read_etc_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_read_etc_files'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_etc_t;
+	')
+
+	files_search_etc($1)
+	list_dirs_pattern($1, NetworkManager_etc_t, NetworkManager_etc_t)
+	read_files_pattern($1, NetworkManager_etc_t, NetworkManager_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_read_etc_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, and write
+##	networkmanager library files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
+	allow $1 NetworkManager_var_lib_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read networkmanager lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	list_dirs_pattern($1, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
+	read_files_pattern($1, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
+	allow $1 NetworkManager_var_lib_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append networkmanager log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_append_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_append_log_files'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 NetworkManager_log_t:dir list_dir_perms;
+	append_files_pattern($1, NetworkManager_log_t, NetworkManager_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_append_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read networkmanager pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 NetworkManager_runtime_t:dir search_dir_perms;
+	allow $1 NetworkManager_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_read_pid_files'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##  Connect to networkmanager over
+##	a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`networkmanager_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t, NetworkManager_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, NetworkManager_runtime_t, NetworkManager_runtime_t, NetworkManager_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to enable/disable NetworkManager units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_enabledisable',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_enabledisable'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_unit_t;
+		class service { enable disable };
+	')
+
+	allow $1 NetworkManager_unit_t:service { enable disable };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_enabledisable'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to start/stop NetworkManager units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_startstop',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_startstop'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_unit_t;
+		class service { start stop };
+	')
+
+	allow $1 NetworkManager_unit_t:service { start stop };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_startstop'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to get status of NetworkManager
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_status'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_unit_t;
+		class service status;
+	')
+
+	allow $1 NetworkManager_unit_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_status'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an networkmanager environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`networkmanager_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_admin'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_etc_t;
+		type NetworkManager_etc_rw_t, NetworkManager_log_t, NetworkManager_tmp_t;
+		type NetworkManager_var_lib_t, NetworkManager_runtime_t, wpa_cli_t;
+	')
+
+	allow $1 { wpa_cli_t NetworkManager_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { wpa_cli_t NetworkManager_t })
+
+	init_startstop_service($1, $2, NetworkManager_t, NetworkManager_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, { NetworkManager_etc_t NetworkManager_etc_rw_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, NetworkManager_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, NetworkManager_var_lib_t)
+	allow $1 NetworkManager_var_lib_t:file map;
+
+	files_search_pids($1)
+	admin_pattern($1, NetworkManager_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, NetworkManager_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_admin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit use of wpa_cli file descriptors
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to dontaudit access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_dontaudit_use_wpa_cli_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_dontaudit_use_wpa_cli_fds'($*)) dnl
+	
+	gen_require(`
+		type wpa_cli_t;
+	')
+
+	dontaudit $1 wpa_cli_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_dontaudit_use_wpa_cli_fds'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##      Execute wpa_cli in the wpa_cli domain.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed to transition.
+##      </summary>
+## </param>
+#
+ 	 	define(`networkmanager_domtrans_wpa_cli',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_domtrans_wpa_cli'($*)) dnl
+	
+        gen_require(`
+                type wpa_cli_t, wpa_cli_exec_t;
+        ')
+
+        corecmd_search_bin($1)
+        domtrans_pattern($1, wpa_cli_exec_t, wpa_cli_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_domtrans_wpa_cli'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Execute wpa cli in the wpa_cli domain, and
+##      allow the specified role the wpa_cli domain.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed to transition.
+##      </summary>
+## </param>
+## <param name="role">
+##      <summary>
+##      Role allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`networkmanager_run_wpa_cli',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_run_wpa_cli'($*)) dnl
+	
+        gen_require(`
+                type wpa_cli_exec_t;
+        ')
+
+        networkmanager_domtrans_wpa_cli($1)
+        role $2 types wpa_cli_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_run_wpa_cli'($*)) dnl
+	')
+
+
+# Gentoo specific interfaces follow but not allowed ifdef
+
+########################################
+## <summary>
+##	Read and write networkmanager rawip sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`networkmanager_rw_rawip_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `networkmanager_rw_rawip_sockets'($*)) dnl
+	
+	gen_require(`
+		type NetworkManager_t;
+	')
+
+	allow $1 NetworkManager_t:rawip_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `networkmanager_rw_rawip_sockets'($*)) dnl
+	')
+
+## <summary>Open AntiVirus scannerdaemon and signature update.</summary>
+
+########################################
+## <summary>
+##	Execute oav_update in the oav_update domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`oav_domtrans_update',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oav_domtrans_update'($*)) dnl
+	
+	gen_require(`
+		type oav_update_t, oav_update_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, oav_update_exec_t, oav_update_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oav_domtrans_update'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute oav_update in the oav update
+##	domain, and allow the specified role
+##	the oav_update domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`oav_run_update',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oav_run_update'($*)) dnl
+	
+	gen_require(`
+		attribute_role oav_update_roles;
+	')
+
+	oav_domtrans_update($1)
+	roleattribute $2 oav_update_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oav_run_update'($*)) dnl
+	')
+
+## <summary>iMaze game server.</summary>
+## <summary>MojoMojo Wiki.</summary>
+## <summary>A X11-based print system and API.</summary>
+## <summary>gpsd monitor daemon.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run gpsd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`gpsd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpsd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type gpsd_t, gpsd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, gpsd_exec_t, gpsd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpsd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute gpsd in the gpsd domain, and
+##	allow the specified role the gpsd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpsd_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpsd_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role gpsd_roles;
+	')
+
+	gpsd_domtrans($1)
+	roleattribute $2 gpsd_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpsd_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write gpsd shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`gpsd_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpsd_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type gpsd_t, gpsd_tmpfs_t;
+	')
+
+	allow $1 gpsd_t:shm rw_shm_perms;
+	allow $1 gpsd_tmpfs_t:dir list_dir_perms;
+	rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+	read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpsd_rw_shm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an gpsd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`gpsd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `gpsd_admin'($*)) dnl
+	
+	gen_require(`
+		type gpsd_t, gpsd_initrc_exec_t, gpsd_runtime_t;
+	')
+
+	allow $1 gpsd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, gpsd_t)
+
+	init_startstop_service($1, $2, gpsd_t, gpsd_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, gpsd_runtime_t)
+
+	gpsd_run($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `gpsd_admin'($*)) dnl
+	')
+
+## <summary>Bring up/down ethernet interfaces based on cable detection.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run ifplugd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`ifplugd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ifplugd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ifplugd_t, ifplugd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ifplugd_exec_t, ifplugd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ifplugd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to ifplugd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ifplugd_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ifplugd_signal'($*)) dnl
+	
+	gen_require(`
+		type ifplugd_t;
+	')
+
+	allow $1 ifplugd_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ifplugd_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ifplugd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ifplugd_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ifplugd_read_config'($*)) dnl
+	
+	gen_require(`
+		type ifplugd_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ifplugd_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	ifplugd configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ifplugd_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ifplugd_manage_config'($*)) dnl
+	
+	gen_require(`
+		type ifplugd_etc_t;
+	')
+
+	files_search_etc($1)
+	manage_dirs_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
+	manage_files_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ifplugd_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ifplugd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ifplugd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ifplugd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type ifplugd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 ifplugd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ifplugd_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ifplugd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ifplugd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ifplugd_admin'($*)) dnl
+	
+	gen_require(`
+		type ifplugd_t, ifplugd_etc_t, ifplugd_runtime_t;
+		type ifplugd_initrc_exec_t;
+	')
+
+	allow $1 ifplugd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ifplugd_t)
+
+	init_startstop_service($1, $2, ifplugd_t, ifplugd_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, ifplugd_etc_t)
+
+	files_list_pids($1)
+	admin_pattern($1, ifplugd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ifplugd_admin'($*)) dnl
+	')
+
+## <summary>Daemon to record and keep track of system up times.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an uptime environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`uptime_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `uptime_admin'($*)) dnl
+	
+	gen_require(`
+		type uptimed_t, uptimed_initrc_exec_t, uptimed_etc_t;
+		type uptimed_spool_t, uptimed_runtime_t;
+	')
+
+	allow $1 uptimed_t:process { ptrace signal_perms };
+	ps_process_pattern($1, uptimed_t)
+
+	init_startstop_service($1, $2, uptimed_t, uptimed_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, uptimed_etc_t)
+
+	files_search_spool($1)
+	admin_pattern($1, uptimed_spool_t)
+
+	files_search_pids($1)
+	admin_pattern($1, uptimed_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `uptime_admin'($*)) dnl
+	')
+
+## <summary>Remote shell service.</summary>
+
+########################################
+## <summary>
+##	Execute rshd in the rshd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rshd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rshd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rshd_exec_t, rshd_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rshd_exec_t, rshd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rshd_domtrans'($*)) dnl
+	')
+
+## <summary>DNS Privacy stub resolver.</summary>
+## <summary>Update dynamic IP address at DynDNS.org.</summary>
+
+#######################################
+## <summary>
+##	Execute ddclient in the ddclient domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ddclient_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ddclient_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ddclient_t, ddclient_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ddclient_exec_t, ddclient_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ddclient_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ddclient in the ddclient
+##	domain, and allow the specified
+##	role the ddclient domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	 Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ddclient_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ddclient_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role ddclient_roles;
+	')
+
+	ddclient_domtrans($1)
+	roleattribute $2 ddclient_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ddclient_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ddclient environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ddclient_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ddclient_admin'($*)) dnl
+	
+	gen_require(`
+		type ddclient_t, ddclient_etc_t, ddclient_log_t;
+		type ddclient_var_t, ddclient_var_lib_t, ddclient_tmp_t;
+		type ddclient_runtime_t, ddclient_initrc_exec_t;
+	')
+
+	allow $1 ddclient_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ddclient_t)
+
+	init_startstop_service($1, $2, ddclient_t, ddclient_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, ddclient_etc_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, ddclient_log_t)
+
+	files_list_var($1)
+	admin_pattern($1, ddclient_var_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, ddclient_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, ddclient_runtime_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, ddclient_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ddclient_admin'($*)) dnl
+	')
+
+## <summary>HyperV key value pair (KVP).</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an hypervkvp environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`hypervkvp_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hypervkvp_admin'($*)) dnl
+	
+	gen_require(`
+		type hypervkvpd_t, hypervkvpd_initrc_exec_t;
+	')
+
+	allow $1 hypervkvpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, hypervkvpd_t)
+
+	init_startstop_service($1, $2, hypervkvpd_t, hypervkvpd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hypervkvp_admin'($*)) dnl
+	')
+
+## <summary>Xorg.conf keyboard layout callout.</summary>
+
+######################################
+## <summary>
+##	Read keyboardd unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`keyboardd_read_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `keyboardd_read_pipes'($*)) dnl
+	
+	gen_require(`
+		type keyboardd_t;
+	')
+
+	allow $1 keyboardd_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `keyboardd_read_pipes'($*)) dnl
+	')
+
+## <summary>PBX software.</summary>
+
+########################################
+## <summary>
+##	Execute callweaver in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`callweaver_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `callweaver_exec'($*)) dnl
+	
+	gen_require(`
+		type callweaver_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, callweaver_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `callweaver_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to callweaver over a
+##	unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`callweaver_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `callweaver_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type callweaver_t, callweaver_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, callweaver_runtime_t, callweaver_runtime_t, callweaver_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `callweaver_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an callweaver environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`callweaver_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `callweaver_admin'($*)) dnl
+	
+	gen_require(`
+		type callweaver_t, callweaver_initrc_exec_t, callweaver_log_t;
+		type callweaver_var_lib_t, callweaver_runtime_t, callweaver_spool_t;
+	')
+
+	allow $1 callweaver_t:process { ptrace signal_perms };
+	ps_process_pattern($1, callweaver_t)
+
+	init_startstop_service($1, $2, callweaver_t, callweaver_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, callweaver_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, callweaver_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, { callweaver_spool_t callweaver_var_lib_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `callweaver_admin'($*)) dnl
+	')
+
+## <summary>TCP daemon.</summary>
+
+########################################
+## <summary>
+##	Execute tcpd in the tcpd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tcpd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tcpd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type tcpd_t, tcpd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, tcpd_exec_t, tcpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tcpd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain for services that
+##	utilize tcp wrappers.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`tcpd_wrapped_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tcpd_wrapped_domain'($*)) dnl
+	
+	gen_require(`
+		type tcpd_t;
+		role system_r;
+	')
+
+	domtrans_pattern(tcpd_t, $2, $1)
+	role system_r types $1;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tcpd_wrapped_domain'($*)) dnl
+	')
+
+## <summary>Apache QPID AMQP messaging server.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run qpidd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`qpidd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qpidd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type qpidd_t, qpidd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, qpidd_exec_t, qpidd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qpidd_domtrans'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read and write access qpidd semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qpidd_rw_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qpidd_rw_semaphores'($*)) dnl
+	
+	gen_require(`
+		type qpidd_t;
+	')
+
+	allow $1 qpidd_t:sem rw_sem_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qpidd_rw_semaphores'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write qpidd shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qpidd_rw_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qpidd_rw_shm'($*)) dnl
+	
+	gen_require(`
+		type qpidd_t;
+	')
+
+	allow $1 qpidd_t:shm rw_shm_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qpidd_rw_shm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute qpidd init script in
+##	the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`qpidd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qpidd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type qpidd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, qpidd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qpidd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read qpidd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qpidd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qpidd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type qpidd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 qpidd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qpidd_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search qpidd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qpidd_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qpidd_search_lib'($*)) dnl
+	
+	gen_require(`
+		type qpidd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 qpidd_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qpidd_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read qpidd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qpidd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qpidd_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type qpidd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qpidd_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	qpidd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`qpidd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qpidd_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type qpidd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qpidd_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an qpidd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`qpidd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qpidd_admin'($*)) dnl
+	
+	gen_require(`
+		type qpidd_t, qpidd_initrc_exec_t, qpidd_var_lib_t;
+		type qpidd_runtime_t;
+	')
+
+	allow $1 qpidd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, qpidd_t)
+
+	init_startstop_service($1, $2, qpidd_t, qpidd_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, qpidd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, qpidd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qpidd_admin'($*)) dnl
+	')
+
+## <summary>Privacy enhancing web proxy.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an privoxy environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`privoxy_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `privoxy_admin'($*)) dnl
+	
+	gen_require(`
+		type privoxy_t, privoxy_log_t, privoxy_initrc_exec_t;
+		type privoxy_etc_rw_t, privoxy_runtime_t;
+	')
+
+	allow $1 privoxy_t:process { ptrace signal_perms };
+	ps_process_pattern($1, privoxy_t)
+
+	init_startstop_service($1, $2, privoxy_t, privoxy_initrc_exec_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, privoxy_log_t)
+
+	files_list_etc($1)
+	admin_pattern($1, privoxy_etc_rw_t)
+
+	files_list_pids($1)
+	admin_pattern($1, privoxy_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `privoxy_admin'($*)) dnl
+	')
+
+## <summary>Reserve well-known ports in the RPC port range.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run portreserve.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`portreserve_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portreserve_domtrans'($*)) dnl
+	
+	gen_require(`
+		type portreserve_t, portreserve_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, portreserve_exec_t, portreserve_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portreserve_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read portreserve configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`portreserve_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portreserve_read_config'($*)) dnl
+	
+	gen_require(`
+		type portreserve_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 portreserve_etc_t:dir list_dir_perms;
+	allow $1 portreserve_etc_t:file read_file_perms;
+	allow $1 portreserve_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portreserve_read_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	portreserve configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`portreserve_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portreserve_manage_config'($*)) dnl
+	
+	gen_require(`
+		type portreserve_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 portreserve_etc_t:dir manage_dir_perms;
+	allow $1 portreserve_etc_t:file manage_file_perms;
+	allow $1 portreserve_etc_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portreserve_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute portreserve init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`portreserve_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portreserve_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type portreserve_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, portreserve_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portreserve_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an portreserve environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`portreserve_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `portreserve_admin'($*)) dnl
+	
+	gen_require(`
+		type portreserve_t, portreserve_etc_t, portreserve_runtime_t;
+		type portreserve_initrc_exec_t;
+	')
+
+	allow $1 portreserve_t:process { ptrace signal_perms };
+	ps_process_pattern($1, portreserve_t)
+
+	init_startstop_service($1, $2, portreserve_t, portreserve_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, portreserve_etc_t)
+
+	files_list_pids($1)
+	admin_pattern($1, portreserve_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `portreserve_admin'($*)) dnl
+	')
+
+## <summary>Python implementation of the OpenStack identity service API.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an keystone environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`keystone_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `keystone_admin'($*)) dnl
+	
+	gen_require(`
+		type keystone_t, keystone_initrc_exec_t, keystone_log_t;
+		type keystone_var_lib_t, keystone_tmp_t;
+	')
+
+	allow $1 keystone_t:process { ptrace signal_perms };
+	ps_process_pattern($1, keystone_t)
+
+	init_startstop_service($1, $2, keystone_t, keystone_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, keystone_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, keystone_var_lib_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, keystone_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `keystone_admin'($*)) dnl
+	')
+
+## <summary>Subscription Management Certificate Daemon.</summary>
+
+########################################
+## <summary>
+##	Execute rhsmcertd in the rhsmcertd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_t, rhsmcertd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rhsmcertd_exec_t, rhsmcertd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute rhsmcertd init scripts
+##	in the initrc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, rhsmcertd_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rhsmcertd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rhsmcertd_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_read_log'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_log_t;
+	')
+
+	logging_search_logs($1)
+	read_files_pattern($1, rhsmcertd_log_t, rhsmcertd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append rhsmcertd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_append_log'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, rhsmcertd_log_t, rhsmcertd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rhsmcertd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_manage_log'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_dirs_pattern($1, rhsmcertd_log_t, rhsmcertd_log_t)
+	manage_files_pattern($1, rhsmcertd_log_t, rhsmcertd_log_t)
+	manage_lnk_files_pattern($1, rhsmcertd_log_t, rhsmcertd_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search rhsmcertd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_search_lib'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 rhsmcertd_var_lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rhsmcertd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rhsmcertd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rhsmcertd lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_manage_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_manage_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, rhsmcertd_var_lib_t, rhsmcertd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_manage_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rhsmcertd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 rhsmcertd_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_read_pid_files'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Connect to rhsmcertd with a
+##	unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_t, rhsmcertd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, rhsmcertd_runtime_t, rhsmcertd_runtime_t, rhsmcertd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_stream_connect'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send and receive messages from
+##	rhsmcertd over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 rhsmcertd_t:dbus send_msg;
+	allow rhsmcertd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_dbus_chat'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Do not audit attempts to send
+##	and receive messages from
+##	rhsmcertd over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhsmcertd_dontaudit_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_dontaudit_dbus_chat'($*)) dnl
+	
+	gen_require(`
+	type rhsmcertd_t;
+	class dbus send_msg;
+	')
+
+	dontaudit $1 rhsmcertd_t:dbus send_msg;
+	dontaudit rhsmcertd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_dontaudit_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rhsmcertd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rhsmcertd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhsmcertd_admin'($*)) dnl
+	
+	gen_require(`
+		type rhsmcertd_t, rhsmcertd_initrc_exec_t, rhsmcertd_log_t;
+		type rhsmcertd_var_lib_t, rhsmcertd_runtime_t, rhsmcertd_lock_t;
+	')
+
+	allow $1 rhsmcertd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, rhsmcertd_t)
+
+	init_startstop_service($1, $2, rhsmcertd_t, rhsmcertd_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, rhsmcertd_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, rhsmcertd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, rhsmcertd_runtime_t)
+
+	files_search_locks($1)
+	admin_pattern($1, rhsmcertd_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhsmcertd_admin'($*)) dnl
+	')
+
+## <summary>Perdition POP and IMAP proxy.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an perdition environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`perdition_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `perdition_admin'($*)) dnl
+	
+	gen_require(`
+		type perdition_t, perdition_initrc_exec_t, perdition_etc_t;
+		type perdition_runtime_t;
+	')
+
+	allow $1 perdition_t:process { ptrace signal_perms };
+	ps_process_pattern($1, perdition_t)
+
+	init_startstop_service($1, $2, perdition_t, perdition_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, perdition_etc_t)
+
+	files_search_pids($1)
+	admin_pattern($1, perdition_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `perdition_admin'($*)) dnl
+	')
+
+## <summary>SSL Tunneling Proxy.</summary>
+
+########################################
+## <summary>
+##	Define the specified domain as a stunnel inetd service.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type associated with the stunnel inetd service process.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type associated with the process program.
+##	</summary>
+## </param>
+#
+ 	 	define(`stunnel_service_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `stunnel_service_domain'($*)) dnl
+	
+	gen_require(`
+		type stunnel_t;
+	')
+
+	domtrans_pattern(stunnel_t, $2, $1)
+	allow $1 stunnel_t:tcp_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `stunnel_service_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read stunnel configuration content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`stunnel_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `stunnel_read_config'($*)) dnl
+	
+	gen_require(`
+		type stunnel_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 stunnel_etc_t:dir list_dir_perms;
+	allow $1 stunnel_etc_t:file read_file_perms;
+	allow $1 stunnel_etc_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `stunnel_read_config'($*)) dnl
+	')
+
+## <summary>z/OS Remote-services Audit dispatcher plugin.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run audispd-zos-remote.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`zosremote_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zosremote_domtrans'($*)) dnl
+	
+	gen_require(`
+		type zos_remote_t, zos_remote_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, zos_remote_exec_t, zos_remote_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zosremote_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute zos remote in the zos remote
+##	domain, and allow the specified role
+##	the zos remote domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`zosremote_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `zosremote_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role zos_remote_roles;
+	')
+
+	zosremote_domtrans($1)
+	roleattribute $2 zos_remote_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `zosremote_run'($*)) dnl
+	')
+
+## <summary>Mirrors a block device over the network to another machine.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run drbd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`drbd_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `drbd_domtrans'($*)) dnl
+	
+	gen_require(`
+		type drbd_t, drbd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, drbd_exec_t, drbd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `drbd_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an drbd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`drbd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `drbd_admin'($*)) dnl
+	
+	gen_require(`
+		type drbd_t, drbd_initrc_exec_t, drbd_lock_t;
+		type drbd_var_lib_t;
+	')
+
+	allow $1 drbd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, drbd_t)
+
+	init_startstop_service($1, $2, drbd_t, drbd_initrc_exec_t)
+
+	files_search_locks($1)
+	admin_pattern($1, drbd_lock_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, drbd_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `drbd_admin'($*)) dnl
+	')
+
+## <summary>Software for reliable, scalable, distributed computing.</summary>
+
+#######################################
+## <summary>
+##	The template to define a hadoop domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute hadoop_domain, hadoop_initrc_domain, hadoop_init_script_file;
+		attribute hadoop_pid_file, hadoop_lock_file, hadoop_log_file;
+		attribute hadoop_tmp_file, hadoop_var_lib_file;
+		type hadoop_log_t, hadoop_var_lib_t, hadoop_runtime_t;
+		type hadoop_exec_t, hadoop_hsperfdata_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type hadoop_$1_t, hadoop_domain;
+	domain_type(hadoop_$1_t)
+	domain_entry_file(hadoop_$1_t, hadoop_exec_t)
+	role system_r types hadoop_$1_t;
+
+	type hadoop_$1_initrc_t, hadoop_initrc_domain;
+	type hadoop_$1_initrc_exec_t, hadoop_init_script_file;
+	init_script_domain(hadoop_$1_initrc_t, hadoop_$1_initrc_exec_t)
+	role system_r types hadoop_$1_initrc_t;
+
+	type hadoop_$1_initrc_runtime_t, hadoop_pid_file;
+	files_pid_file(hadoop_$1_initrc_runtime_t)
+
+	type hadoop_$1_lock_t, hadoop_lock_file;
+	files_lock_file(hadoop_$1_lock_t)
+
+	type hadoop_$1_log_t, hadoop_log_file;
+	logging_log_file(hadoop_$1_log_t)
+
+	type hadoop_$1_tmp_t, hadoop_tmp_file;
+	files_tmp_file(hadoop_$1_tmp_t)
+
+	type hadoop_$1_var_lib_t, hadoop_var_lib_file;
+	files_type(hadoop_$1_var_lib_t)
+
+	####################################
+	#
+	# hadoop_domain policy
+	#
+
+	manage_files_pattern(hadoop_$1_t, hadoop_$1_log_t, hadoop_$1_log_t)
+	filetrans_pattern(hadoop_$1_t, hadoop_log_t, hadoop_$1_log_t, { dir file })
+
+	manage_dirs_pattern(hadoop_$1_t, hadoop_$1_var_lib_t, hadoop_$1_var_lib_t)
+	manage_files_pattern(hadoop_$1_t, hadoop_$1_var_lib_t, hadoop_$1_var_lib_t)
+	filetrans_pattern(hadoop_$1_t, hadoop_var_lib_t, hadoop_$1_var_lib_t, file)
+
+	manage_files_pattern(hadoop_$1_t, hadoop_$1_initrc_runtime_t, hadoop_$1_initrc_runtime_t)
+	filetrans_pattern(hadoop_$1_t, hadoop_runtime_t, hadoop_$1_initrc_runtime_t, file)
+
+	manage_files_pattern(hadoop_$1_t, hadoop_$1_tmp_t, hadoop_$1_tmp_t)
+	filetrans_pattern(hadoop_$1_t, hadoop_hsperfdata_t, hadoop_$1_tmp_t, file)
+
+	auth_use_nsswitch(hadoop_$1_t)
+
+	####################################
+	#
+	# hadoop_initrc_domain policy
+	#
+
+	allow hadoop_$1_initrc_t hadoop_$1_t:process { signal signull };
+
+	domtrans_pattern(hadoop_$1_initrc_t, hadoop_exec_t, hadoop_$1_t)
+
+	manage_files_pattern(hadoop_$1_initrc_t, hadoop_$1_lock_t, hadoop_$1_lock_t)
+	files_lock_filetrans(hadoop_$1_initrc_t, hadoop_$1_lock_t, file)
+
+	manage_files_pattern(hadoop_$1_initrc_t, hadoop_$1_initrc_runtime_t, hadoop_$1_initrc_runtime_t)
+	filetrans_pattern(hadoop_$1_initrc_t, hadoop_runtime_t, hadoop_$1_initrc_runtime_t, file)
+
+	manage_files_pattern(hadoop_$1_initrc_t, hadoop_$1_log_t, hadoop_$1_log_t)
+	filetrans_pattern(hadoop_$1_initrc_t, hadoop_log_t, hadoop_$1_log_t, { dir file })
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Role access for hadoop.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`hadoop_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role hadoop_roles, zookeeper_roles;
+		type hadoop_t, zookeeper_t, hadoop_home_t;
+		type hadoop_tmp_t, hadoop_hsperfdata_t, zookeeper_tmp_t;
+	')
+
+	hadoop_domtrans($2)
+	roleattribute $1 hadoop_roles;
+
+	hadoop_domtrans_zookeeper_client($2)
+	roleattribute $1 zookeeper_roles;
+
+	allow $2 { hadoop_t zookeeper_t }:process { ptrace signal_perms };
+	ps_process_pattern($2, { hadoop_t zookeeper_t })
+
+	allow $2 { hadoop_home_t hadoop_tmp_t hadoop_hsperfdata_t }:dir { manage_dir_perms relabel_dir_perms };
+	allow $2 { hadoop_home_t hadoop_tmp_t zookeeper_tmp_t }:file { manage_file_perms relabel_file_perms };
+	allow $2 hadoop_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute hadoop in the
+##	hadoop domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_domtrans'($*)) dnl
+	
+	gen_require(`
+		type hadoop_t, hadoop_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, hadoop_exec_t, hadoop_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive from hadoop peer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_recvfrom',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_recvfrom'($*)) dnl
+	
+	gen_require(`
+		type hadoop_t;
+	')
+
+	allow $1 hadoop_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_recvfrom'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute zookeeper client in the
+##	zookeeper client domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_domtrans_zookeeper_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_domtrans_zookeeper_client'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_t, zookeeper_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, zookeeper_exec_t, zookeeper_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_domtrans_zookeeper_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive from zookeeper peer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_recvfrom_zookeeper_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_recvfrom_zookeeper_client'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_t;
+	')
+
+	allow $1 zookeeper_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_recvfrom_zookeeper_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute zookeeper server in the
+##	zookeeper server domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_domtrans_zookeeper_server',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_domtrans_zookeeper_server'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_server_t, zookeeper_server_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, zookeeper_server_exec_t, zookeeper_server_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_domtrans_zookeeper_server'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive from zookeeper server peer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_recvfrom_zookeeper_server',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_recvfrom_zookeeper_server'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_server_t;
+	')
+
+	allow $1 zookeeper_server_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_recvfrom_zookeeper_server'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute zookeeper server in the
+##	zookeeper domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_initrc_domtrans_zookeeper_server',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_initrc_domtrans_zookeeper_server'($*)) dnl
+	
+	gen_require(`
+		type zookeeper_server_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, zookeeper_server_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_initrc_domtrans_zookeeper_server'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive from datanode peer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_recvfrom_datanode',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_recvfrom_datanode'($*)) dnl
+	
+	gen_require(`
+		type hadoop_datanode_t;
+	')
+
+	allow $1 hadoop_datanode_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_recvfrom_datanode'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read hadoop configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_read_config'($*)) dnl
+	
+	gen_require(`
+		type hadoop_etc_t;
+	')
+
+	read_files_pattern($1, hadoop_etc_t, hadoop_etc_t)
+	read_lnk_files_pattern($1, hadoop_etc_t, hadoop_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute hadoop configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_exec_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_exec_config'($*)) dnl
+	
+	gen_require(`
+		type hadoop_etc_t;
+	')
+
+	hadoop_read_config($1)
+	allow $1 hadoop_etc_t:file exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_exec_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive from jobtracker peer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_recvfrom_jobtracker',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_recvfrom_jobtracker'($*)) dnl
+	
+	gen_require(`
+		type hadoop_jobtracker_t;
+	')
+
+	allow $1 hadoop_jobtracker_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_recvfrom_jobtracker'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Match hadoop lan association.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_match_lan_spd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_match_lan_spd'($*)) dnl
+	
+	gen_require(`
+		type hadoop_lan_t;
+	')
+
+	allow $1 hadoop_lan_t:association polmatch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_match_lan_spd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive from namenode peer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_recvfrom_namenode',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_recvfrom_namenode'($*)) dnl
+	
+	gen_require(`
+		type hadoop_namenode_t;
+	')
+
+	allow $1 hadoop_namenode_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_recvfrom_namenode'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive from secondary namenode peer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_recvfrom_secondarynamenode',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_recvfrom_secondarynamenode'($*)) dnl
+	
+	gen_require(`
+		type hadoop_secondarynamenode_t;
+	')
+
+	allow $1 hadoop_secondarynamenode_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_recvfrom_secondarynamenode'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Receive from tasktracker peer.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hadoop_recvfrom_tasktracker',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_recvfrom_tasktracker'($*)) dnl
+	
+	gen_require(`
+		type hadoop_tasktracker_t;
+	')
+
+	allow $1 hadoop_tasktracker_t:peer recv;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_recvfrom_tasktracker'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an hadoop environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`hadoop_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hadoop_admin'($*)) dnl
+	
+	gen_require(`
+		attribute hadoop_domain;
+		attribute hadoop_initrc_domain;
+
+		attribute hadoop_pid_file;
+		attribute hadoop_lock_file;
+		attribute hadoop_log_file;
+		attribute hadoop_tmp_file;
+		attribute hadoop_var_lib_file;
+
+		type hadoop_t, hadoop_etc_t, hadoop_hsperfdata_t;
+		type zookeeper_t, zookeeper_etc_t, zookeeper_server_t;
+		type zookeeper_server_var_t;
+
+		type hadoop_datanode_initrc_t, hadoop_datanode_initrc_exec_t;
+		type hadoop_jobtracker_initrc_t, hadoop_jobtracker_initrc_exec_t;
+		type hadoop_namenode_initrc_t, hadoop_namenode_initrc_exec_t;
+		type hadoop_secondarynamenode_initrc_t, hadoop_secondarynamenode_initrc_exec_t;
+		type hadoop_tasktracker_initrc_t, hadoop_tasktracker_initrc_exec_t;
+	')
+
+	allow $1 { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t })
+
+	init_startstop_service($1, $2, hadoop_datanode_initrc_t, hadoop_datanode_initrc_exec_t)
+	init_startstop_service($1, $2, hadoop_jobtracker_initrc_t, hadoop_jobtracker_initrc_exec_t)
+	init_startstop_service($1, $2, hadoop_namenode_initrc_t, hadoop_namenode_initrc_exec_t)
+	init_startstop_service($1, $2, hadoop_secondarynamenode_initrc_t, hadoop_secondarynamenode_initrc_exec_t)
+	init_startstop_service($1, $2, hadoop_tasktracker_initrc_t, hadoop_tasktracker_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, { hadoop_etc_t zookeeper_etc_t })
+
+	logging_search_logs($1)
+	admin_pattern($1, hadoop_log_file)
+
+	files_search_locks($1)
+	admin_pattern($1, hadoop_lock_file)
+
+	files_search_pids($1)
+	admin_pattern($1, hadoop_pid_file)
+
+	files_search_tmp($1)
+	admin_pattern($1, { hadoop_tmp_file hadoop_hsperfdata_t })
+
+	files_search_var_lib($1)
+	admin_pattern($1, { hadoop_var_lib_file zookeeper_server_var_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hadoop_admin'($*)) dnl
+	')
+
+## <summary>high-performance authoritative-only DNS server.</summary>
+
+########################################
+## <summary>
+##      Execute knotc in the knotc domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##      Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`knot_domtrans_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `knot_domtrans_client'($*)) dnl
+	
+	gen_require(`
+		type knotc_t, knotc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, knotc_exec_t, knotc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `knot_domtrans_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Execute knotc in the knotc domain, and
+##      allow the specified role the knotc domain.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed to transition.
+##      </summary>
+## </param>
+## <param name="role">
+##      <summary>
+##      Role allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`knot_run_client',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `knot_run_client'($*)) dnl
+	
+	gen_require(`
+		attribute_role knot_roles;
+	')
+
+	knot_domtrans_client($1)
+	roleattribute $2 knot_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `knot_run_client'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Read knot config files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`knot_read_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `knot_read_config_files'($*)) dnl
+	
+	gen_require(`
+		type knot_conf_t;
+	')
+
+	read_files_pattern($1, knot_conf_t, knot_conf_t)
+	files_search_etc($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `knot_read_config_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      All of the rules required to
+##      administrate an knot environment.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <param name="role">
+##      <summary>
+##      Role allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`knot_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `knot_admin'($*)) dnl
+	
+	gen_require(`
+		type knotc_t, knotd_t, knot_conf_t, knot_initrc_exec_t;
+		type knot_runtime_t, knot_tmp_t, knot_var_lib_t;
+	')
+
+	allow $1 knotc_t:process signal_perms;
+	allow $1 knotd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, knotc_t)
+	ps_process_pattern($1, knotd_t)
+
+	init_startstop_service($1, $2, knotd_t, knot_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, knot_conf_t)
+
+	files_search_pids($1)
+	admin_pattern($1, knot_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, knot_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, knot_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `knot_admin'($*)) dnl
+	')
+
+## <summary>D-BUS service which runs odd jobs on behalf of client applications.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run oddjob.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`oddjob_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oddjob_domtrans'($*)) dnl
+	
+	gen_require(`
+		type oddjob_t, oddjob_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, oddjob_exec_t, oddjob_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oddjob_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified program domain
+##	accessable from the oddjob.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process to transition to.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type of the file used as an entrypoint to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`oddjob_system_entry',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oddjob_system_entry'($*)) dnl
+	
+	gen_require(`
+		type oddjob_t;
+	')
+
+	domtrans_pattern(oddjob_t, $2, $1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oddjob_system_entry'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	oddjob over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`oddjob_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oddjob_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type oddjob_t;
+		class dbus send_msg;
+	')
+
+	allow $1 oddjob_t:dbus send_msg;
+	allow oddjob_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oddjob_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to
+##	run oddjob mkhomedir.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`oddjob_domtrans_mkhomedir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oddjob_domtrans_mkhomedir'($*)) dnl
+	
+	gen_require(`
+		type oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, oddjob_mkhomedir_exec_t, oddjob_mkhomedir_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oddjob_domtrans_mkhomedir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute oddjob mkhomedir in the
+##	oddjob mkhomedir domain and allow
+##	the specified role the oddjob
+##	mkhomedir domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`oddjob_run_mkhomedir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oddjob_run_mkhomedir'($*)) dnl
+	
+	gen_require(`
+		attribute_role oddjob_mkhomedir_roles;
+	')
+
+	oddjob_domtrans_mkhomedir($1)
+	roleattribute $2 oddjob_mkhomedir_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oddjob_run_mkhomedir'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Do not audit attempts to read and write
+##	oddjob fifo files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`oddjob_dontaudit_rw_fifo_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oddjob_dontaudit_rw_fifo_files'($*)) dnl
+	
+	gen_require(`
+		type oddjob_t;
+	')
+
+	dontaudit $1 oddjob_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oddjob_dontaudit_rw_fifo_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Send child terminated signals to oddjob.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`oddjob_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `oddjob_sigchld'($*)) dnl
+	
+	gen_require(`
+		type oddjob_t;
+	')
+
+	allow $1 oddjob_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `oddjob_sigchld'($*)) dnl
+	')
+
+## <summary>Distributed compiler daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an distcc environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`distcc_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `distcc_admin'($*)) dnl
+	
+	gen_require(`
+		type distccd_t, distccd_t, distccd_log_t;
+		type distccd_runtime_t, distccd_tmp_t, distccd_initrc_exec_t;
+	')
+
+	allow $1 distccd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, distccd_t)
+
+	init_startstop_service($1, $2, distccd_t, distccd_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, distccd_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, distccd_tmp_t)
+
+	files_search_pids($1)
+	admin_pattern($1, distccd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `distcc_admin'($*)) dnl
+	')
+
+## <summary>Fast incremental file transfer for synchronization.</summary>
+
+########################################
+## <summary>
+##	Make rsync executable file an
+##	entry point for the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain for which rsync_exec_t is an entrypoint.
+##	</summary>
+## </param>
+#
+ 	 	define(`rsync_entry_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_entry_type'($*)) dnl
+	
+	gen_require(`
+		type rsync_exec_t;
+	')
+
+	domain_entry_file($1, rsync_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_entry_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a rsync in a specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute a rsync in a specified domain.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="source_domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	Domain to transition to.
+##	</summary>
+## </param>
+#
+ 	 	define(`rsync_entry_spec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_entry_spec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rsync_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domain_auto_transition_pattern($1, rsync_exec_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_entry_spec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a rsync in a specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute a rsync in a specified domain.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="source_domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	Domain to transition to.
+##	</summary>
+## </param>
+#
+ 	 	define(`rsync_entry_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_entry_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rsync_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domain_auto_transition_pattern($1, rsync_exec_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_entry_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the rsync program in the rsync domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rsync_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_domtrans'($*)) dnl
+	
+	gen_require(`
+		type rsync_t, rsync_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, rsync_exec_t, rsync_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute rsync in the rsync domain, and
+##	allow the specified role the rsync domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rsync_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role rsync_roles;
+	')
+
+	rsync_domtrans($1)
+	roleattribute $2 rsync_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute rsync in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rsync_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_exec'($*)) dnl
+	
+	gen_require(`
+		type rsync_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, rsync_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read rsync config files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`rsync_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_read_config'($*)) dnl
+	
+	gen_require(`
+		type rsync_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 rsync_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write rsync config files.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`rsync_write_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_write_config'($*)) dnl
+	
+	gen_require(`
+		type rsync_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 rsync_etc_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_write_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rsync config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rsync_manage_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_manage_config_files'($*)) dnl
+	
+	gen_require(`
+		type rsync_etc_t;
+	')
+
+	files_search_etc($1)
+	manage_files_pattern($1, rsync_etc_t, rsync_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_manage_config_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in etc directories
+##	with rsync etc type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`rsync_etc_filetrans_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_etc_filetrans_config'($*)) dnl
+	
+	gen_require(`
+		type rsync_etc_t;
+	')
+
+	files_etc_filetrans($1, rsync_etc_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_etc_filetrans_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rsync environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rsync_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rsync_admin'($*)) dnl
+	
+	gen_require(`
+		type rsync_t, rsync_etc_t, rsync_data_t;
+		type rsync_log_t, rsync_tmp_t, rsync_runtime_t;
+	')
+
+	allow $1 rsync_t:process { ptrace signal_perms };
+	ps_process_pattern($1, rsync_t)
+
+	files_search_etc($1)
+	admin_pattern($1, rsync_etc_t)
+
+	admin_pattern($1, rsync_data_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, rsync_log_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, rsync_tmp_t)
+
+	files_search_pids($1)
+	admin_pattern($1, rsync_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rsync_admin'($*)) dnl
+	')
+
+## <summary>CacheFiles user-space management daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cachefilesd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cachefilesd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cachefilesd_admin'($*)) dnl
+	
+	gen_require(`
+		type cachefilesd_t, cachefilesd_initrc_exec_t, cachefilesd_cache_t;
+		type cachefilesd_runtime_t;
+	')
+
+	allow $1 cachefilesd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cachefilesd_t)
+
+	init_startstop_service($1, $2, cachefilesd_t, cachefilesd_initrc_exec_t)
+
+	files_search_var($1)
+	admin_pattern($1, cachefilesd_cache_t)
+
+	files_search_pids($1)
+	admin_pattern($1, cachefilesd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cachefilesd_admin'($*)) dnl
+	')
+
+## <summary>Red Hat Cluster Suite.</summary>
+
+#######################################
+## <summary>
+##	The template to define a rhcs domain.
+## </summary>
+## <param name="domain_prefix">
+##	<summary>
+##	Domain prefix to be used.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute cluster_domain, cluster_pid, cluster_tmpfs;
+		attribute cluster_log;
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	type $1_t, cluster_domain;
+	type $1_exec_t;
+	init_daemon_domain($1_t, $1_exec_t)
+
+	type $1_runtime_t alias $1_var_run_t, cluster_pid;
+	files_pid_file($1_runtime_t)
+
+	type $1_tmpfs_t, cluster_tmpfs;
+	files_tmpfs_file($1_tmpfs_t)
+
+	type $1_var_log_t, cluster_log;
+	logging_log_file($1_var_log_t)
+
+	##############################
+	#
+	# Local policy
+	#
+
+	manage_dirs_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
+	manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
+	fs_tmpfs_filetrans($1_t, $1_tmpfs_t, { dir file })
+
+	manage_dirs_pattern($1_t, $1_var_log_t, $1_var_log_t)
+	append_files_pattern($1_t, $1_var_log_t, $1_var_log_t)
+	create_files_pattern($1_t, $1_var_log_t, $1_var_log_t)
+	setattr_files_pattern($1_t, $1_var_log_t, $1_var_log_t)
+	manage_sock_files_pattern($1_t, $1_var_log_t, $1_var_log_t)
+	logging_log_filetrans($1_t, $1_var_log_t, { dir file sock_file })
+
+	manage_dirs_pattern($1_t, $1_runtime_t, $1_runtime_t)
+	manage_files_pattern($1_t, $1_runtime_t, $1_runtime_t)
+	manage_fifo_files_pattern($1_t, $1_runtime_t, $1_runtime_t)
+	manage_sock_files_pattern($1_t, $1_runtime_t, $1_runtime_t)
+	files_pid_filetrans($1_t, $1_runtime_t, { dir file sock_file fifo_file })
+
+	optional_policy(`
+		dbus_system_bus_client($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_domain_template'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute a domain transition to
+##	run dlm_controld.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`rhcs_domtrans_dlm_controld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_domtrans_dlm_controld'($*)) dnl
+	
+	gen_require(`
+	type dlm_controld_t, dlm_controld_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dlm_controld_exec_t, dlm_controld_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_domtrans_dlm_controld'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Get attributes of fenced
+##	executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_getattr_fenced_exec_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_getattr_fenced_exec_files'($*)) dnl
+	
+	gen_require(`
+		type fenced_exec_t;
+	')
+
+	allow $1 fenced_exec_t:file getattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_getattr_fenced_exec_files'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to dlm_controld with a
+##	unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_stream_connect_dlm_controld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_stream_connect_dlm_controld'($*)) dnl
+	
+	gen_require(`
+		type dlm_controld_t, dlm_controld_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, dlm_controld_runtime_t, dlm_controld_runtime_t, dlm_controld_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_stream_connect_dlm_controld'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read and write dlm_controld semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_rw_dlm_controld_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_rw_dlm_controld_semaphores'($*)) dnl
+	
+	gen_require(`
+		type dlm_controld_t, dlm_controld_tmpfs_t;
+	')
+
+	allow $1 dlm_controld_t:sem { rw_sem_perms destroy };
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, dlm_controld_tmpfs_t, dlm_controld_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_rw_dlm_controld_semaphores'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute a domain transition to run fenced.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_domtrans_fenced',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_domtrans_fenced'($*)) dnl
+	
+	gen_require(`
+		type fenced_t, fenced_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, fenced_exec_t, fenced_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_domtrans_fenced'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read and write fenced semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_rw_fenced_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_rw_fenced_semaphores'($*)) dnl
+	
+	gen_require(`
+		type fenced_t, fenced_tmpfs_t;
+	')
+
+	allow $1 fenced_t:sem { rw_sem_perms destroy };
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, fenced_tmpfs_t, fenced_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_rw_fenced_semaphores'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Connect to all cluster domains
+##	with a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_stream_connect_cluster',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_stream_connect_cluster'($*)) dnl
+	
+	gen_require(`
+		attribute cluster_domain, cluster_pid;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_stream_connect_cluster'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Connect to fenced with an unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_stream_connect_fenced',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_stream_connect_fenced'($*)) dnl
+	
+	gen_require(`
+		type fenced_runtime_t, fenced_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, fenced_runtime_t, fenced_runtime_t, fenced_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_stream_connect_fenced'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Execute a domain transition
+##	to run gfs_controld.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_domtrans_gfs_controld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_domtrans_gfs_controld'($*)) dnl
+	
+	gen_require(`
+	type gfs_controld_t, gfs_controld_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, gfs_controld_exec_t, gfs_controld_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_domtrans_gfs_controld'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Read and write gfs_controld semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_rw_gfs_controld_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_rw_gfs_controld_semaphores'($*)) dnl
+	
+	gen_require(`
+		type gfs_controld_t, gfs_controld_tmpfs_t;
+	')
+
+	allow $1 gfs_controld_t:sem { rw_sem_perms destroy };
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_rw_gfs_controld_semaphores'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write gfs_controld_t shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_rw_gfs_controld_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_rw_gfs_controld_shm'($*)) dnl
+	
+	gen_require(`
+		type gfs_controld_t, gfs_controld_tmpfs_t;
+	')
+
+	allow $1 gfs_controld_t:shm { rw_shm_perms destroy };
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_rw_gfs_controld_shm'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to gfs_controld_t with
+##	a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_stream_connect_gfs_controld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_stream_connect_gfs_controld'($*)) dnl
+	
+	gen_require(`
+		type gfs_controld_t, gfs_controld_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, gfs_controld_runtime_t, gfs_controld_runtime_t, gfs_controld_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_stream_connect_gfs_controld'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute a domain transition to run groupd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`rhcs_domtrans_groupd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_domtrans_groupd'($*)) dnl
+	
+	gen_require(`
+		type groupd_t, groupd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, groupd_exec_t, groupd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_domtrans_groupd'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Connect to groupd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_stream_connect_groupd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_stream_connect_groupd'($*)) dnl
+	
+	gen_require(`
+		type groupd_t, groupd_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, groupd_runtime_t, groupd_runtime_t, groupd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_stream_connect_groupd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write all cluster domains
+##	shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_rw_cluster_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_rw_cluster_shm'($*)) dnl
+	
+	gen_require(`
+		attribute cluster_domain, cluster_tmpfs;
+	')
+
+	allow $1 cluster_domain:shm { rw_shm_perms destroy };
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, cluster_tmpfs, cluster_tmpfs)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_rw_cluster_shm'($*)) dnl
+	')
+
+
+####################################
+## <summary>
+##	Read and write all cluster
+##	domains semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_rw_cluster_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_rw_cluster_semaphores'($*)) dnl
+	
+	gen_require(`
+		attribute cluster_domain;
+	')
+
+	allow $1 cluster_domain:sem { rw_sem_perms destroy };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_rw_cluster_semaphores'($*)) dnl
+	')
+
+
+#####################################
+## <summary>
+##	Read and write groupd semaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_rw_groupd_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_rw_groupd_semaphores'($*)) dnl
+	
+	gen_require(`
+		type groupd_t, groupd_tmpfs_t;
+	')
+
+	allow $1 groupd_t:sem { rw_sem_perms destroy };
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, groupd_tmpfs_t, groupd_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_rw_groupd_semaphores'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write groupd shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_rw_groupd_shm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_rw_groupd_shm'($*)) dnl
+	
+	gen_require(`
+		type groupd_t, groupd_tmpfs_t;
+	')
+
+	allow $1 groupd_t:shm { rw_shm_perms destroy };
+
+	fs_search_tmpfs($1)
+	manage_files_pattern($1, groupd_tmpfs_t, groupd_tmpfs_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_rw_groupd_shm'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute a domain transition to run qdiskd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`rhcs_domtrans_qdiskd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_domtrans_qdiskd'($*)) dnl
+	
+	gen_require(`
+		type qdiskd_t, qdiskd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, qdiskd_exec_t, qdiskd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_domtrans_qdiskd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an rhcs environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`rhcs_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `rhcs_admin'($*)) dnl
+	
+	gen_require(`
+		attribute cluster_domain, cluster_pid, cluster_tmpfs;
+		attribute cluster_log;
+		type dlm_controld_initrc_exec_t, foghorn_initrc_exec_t, fenced_lock_t;
+		type fenced_tmp_t, qdiskd_var_lib_t;
+		type dlm_controld_t, foghorn_t;
+	')
+
+	allow $1 cluster_domain:process { ptrace signal_perms };
+	ps_process_pattern($1, cluster_domain)
+
+	init_startstop_service($1, $2, dlm_controld_t, dlm_controld_initrc_exec_t)
+	init_startstop_service($1, $2, foghorn_t, foghorn_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, cluster_pid)
+
+	files_search_locks($1)
+	admin_pattern($1, fenced_lock_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, fenced_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, qdiskd_var_lib_t)
+
+	fs_search_tmpfs($1)
+	admin_pattern($1, cluster_tmpfs)
+
+	logging_search_logs($1)
+	admin_pattern($1, cluster_log)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `rhcs_admin'($*)) dnl
+	')
+
+## <summary>Internet services daemon.</summary>
+
+########################################
+## <summary>
+##	Define the specified domain as a inetd service.
+## </summary>
+## <desc>
+##	<p>
+##	Define the specified domain as a inetd service.  The
+##	inetd_service_domain(), inetd_tcp_service_domain(),
+##	or inetd_udp_service_domain() interfaces should be used
+##	instead of this interface, as this interface only provides
+##	the common rules to these three interfaces.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	The type associated with the inetd service process.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type associated with the process program.
+##	</summary>
+## </param>
+#
+ 	 	define(`inetd_core_service_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inetd_core_service_domain'($*)) dnl
+	
+	gen_require(`
+		type inetd_t;
+		role system_r;
+	')
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+
+	role system_r types $1;
+
+	domtrans_pattern(inetd_t, $2, $1)
+	allow inetd_t $1:process { siginh sigkill };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inetd_core_service_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define the specified domain as a TCP inetd service.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type associated with the inetd service process.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type associated with the process program.
+##	</summary>
+## </param>
+#
+ 	 	define(`inetd_tcp_service_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inetd_tcp_service_domain'($*)) dnl
+	
+
+	gen_require(`
+		type inetd_t;
+	')
+
+	inetd_core_service_domain($1, $2)
+
+	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inetd_tcp_service_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define the specified domain as a UDP inetd service.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type associated with the inetd service process.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type associated with the process program.
+##	</summary>
+## </param>
+#
+ 	 	define(`inetd_udp_service_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inetd_udp_service_domain'($*)) dnl
+	
+	gen_require(`
+		type inetd_t;
+	')
+
+	inetd_core_service_domain($1, $2)
+
+	allow $1 inetd_t:udp_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inetd_udp_service_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define the specified domain as a TCP and UDP inetd service.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type associated with the inetd service process.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type associated with the process program.
+##	</summary>
+## </param>
+#
+ 	 	define(`inetd_service_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inetd_service_domain'($*)) dnl
+	
+	gen_require(`
+		type inetd_t;
+	')
+
+	inetd_core_service_domain($1, $2)
+
+	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
+	allow $1 inetd_t:udp_socket rw_socket_perms;
+
+	optional_policy(`
+		stunnel_service_domain($1, $2)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inetd_service_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use inetd file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`inetd_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inetd_use_fds'($*)) dnl
+	
+	gen_require(`
+		type inetd_t;
+	')
+
+	allow $1 inetd_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inetd_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run inetd child process in the
+##	inet child domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`inetd_domtrans_child',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inetd_domtrans_child'($*)) dnl
+	
+	gen_require(`
+		type inetd_child_t, inetd_child_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, inetd_child_exec_t, inetd_child_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inetd_domtrans_child'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write inetd TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`inetd_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `inetd_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type inetd_t;
+	')
+
+	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `inetd_rw_tcp_sockets'($*)) dnl
+	')
+
+## <summary>Berkeley Internet name domain DNS server.</summary>
+
+########################################
+## <summary>
+##	Execute bind init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type named_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, named_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ndc in the ndc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_domtrans_ndc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_domtrans_ndc'($*)) dnl
+	
+	gen_require(`
+		type ndc_t, ndc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ndc_exec_t, ndc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_domtrans_ndc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to bind.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_signal'($*)) dnl
+	
+	gen_require(`
+		type named_t;
+	')
+
+	allow $1 named_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to bind.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_signull'($*)) dnl
+	
+	gen_require(`
+		type named_t;
+	')
+
+	allow $1 named_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send kill signals to bind.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_kill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_kill'($*)) dnl
+	
+	gen_require(`
+		type named_t;
+	')
+
+	allow $1 named_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_kill'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ndc in the ndc domain, and
+##	allow the specified role the ndc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bind_run_ndc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_run_ndc'($*)) dnl
+	
+	gen_require(`
+		attribute_role ndc_roles;
+	')
+
+	bind_domtrans_ndc($1)
+	roleattribute $2 ndc_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_run_ndc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute bind in the named domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_domtrans'($*)) dnl
+	
+	gen_require(`
+		type named_t, named_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, named_exec_t, named_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read dnssec key files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_read_dnssec_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_read_dnssec_keys'($*)) dnl
+	
+	gen_require(`
+		type named_conf_t, named_zone_t, dnssec_t;
+	')
+
+	read_files_pattern($1, { named_conf_t named_zone_t }, dnssec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_read_dnssec_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read bind named configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_read_config'($*)) dnl
+	
+	gen_require(`
+		type named_conf_t;
+	')
+
+	read_files_pattern($1, named_conf_t, named_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write bind named configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_write_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_write_config'($*)) dnl
+	
+	gen_require(`
+		type named_conf_t;
+	')
+
+	write_files_pattern($1, named_conf_t, named_conf_t)
+	allow $1 named_conf_t:file setattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_write_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	bind configuration directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_manage_config_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_manage_config_dirs'($*)) dnl
+	
+	gen_require(`
+		type named_conf_t;
+	')
+
+	manage_dirs_pattern($1, named_conf_t, named_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_manage_config_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search bind cache directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_search_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_search_cache'($*)) dnl
+	
+	gen_require(`
+		type named_conf_t, named_cache_t, named_zone_t;
+	')
+
+	files_search_var($1)
+	allow $1 named_conf_t:dir search_dir_perms;
+	allow $1 named_zone_t:dir search_dir_perms;
+	allow $1 named_cache_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_search_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	bind cache files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_manage_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_manage_cache'($*)) dnl
+	
+	gen_require(`
+		type named_cache_t, named_zone_t;
+	')
+
+	files_search_var($1)
+	allow $1 named_zone_t:dir search_dir_perms;
+	manage_files_pattern($1, named_cache_t, named_cache_t)
+	manage_lnk_files_pattern($1, named_cache_t, named_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_manage_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of bind pid directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_setattr_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_setattr_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type named_runtime_t;
+	')
+
+	allow $1 named_runtime_t:dir setattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_setattr_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of bind zone directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_setattr_zone_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_setattr_zone_dirs'($*)) dnl
+	
+	gen_require(`
+		type named_zone_t;
+	')
+
+	allow $1 named_zone_t:dir setattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_setattr_zone_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read bind zone files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_read_zone',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_read_zone'($*)) dnl
+	
+	gen_require(`
+		type named_zone_t;
+	')
+
+	files_search_var($1)
+	read_files_pattern($1, named_zone_t, named_zone_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_read_zone'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	bind zone files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`bind_manage_zone',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_manage_zone'($*)) dnl
+	
+	gen_require(`
+		type named_zone_t;
+	')
+
+	files_search_var($1)
+	manage_files_pattern($1, named_zone_t, named_zone_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_manage_zone'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an bind environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`bind_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `bind_admin'($*)) dnl
+	
+	gen_require(`
+		type named_t, named_tmp_t, named_log_t;
+		type named_cache_t, named_zone_t, named_initrc_exec_t;
+		type dnssec_t, ndc_t, named_conf_t, named_runtime_t;
+		type named_keytab_t;
+	')
+
+	allow $1 { named_t ndc_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { named_t ndc_t })
+
+	init_startstop_service($1, $2, named_t, named_initrc_exec_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, named_tmp_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, named_log_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { named_keytab_t named_conf_t })
+
+	files_list_var($1)
+	admin_pattern($1, { dnssec_t named_cache_t named_zone_t })
+
+	files_list_pids($1)
+	admin_pattern($1, named_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `bind_admin'($*)) dnl
+	')
+
+## <summary>Devicekit modular hardware abstraction layer.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run devicekit.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`devicekit_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_domtrans'($*)) dnl
+	
+	gen_require(`
+		type devicekit_t, devicekit_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, devicekit_exec_t, devicekit_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send to devicekit over a unix domain
+##	datagram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_dgram_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_dgram_send'($*)) dnl
+	
+	gen_require(`
+		type devicekit_t, devicekit_runtime_t;
+	')
+
+	files_search_pids($1)
+	dgram_send_pattern($1, devicekit_runtime_t, devicekit_runtime_t, devicekit_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_dgram_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	devicekit over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type devicekit_t;
+		class dbus send_msg;
+	')
+
+	allow $1 devicekit_t:dbus send_msg;
+	allow devicekit_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	devicekit disk over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_dbus_chat_disk',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_dbus_chat_disk'($*)) dnl
+	
+	gen_require(`
+		type devicekit_disk_t;
+		class dbus send_msg;
+	')
+
+	allow $1 devicekit_disk_t:dbus send_msg;
+	allow devicekit_disk_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_dbus_chat_disk'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to devicekit power.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_signal_power',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_signal_power'($*)) dnl
+	
+	gen_require(`
+		type devicekit_power_t;
+	')
+
+	allow $1 devicekit_power_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_signal_power'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	devicekit power over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_dbus_chat_power',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_dbus_chat_power'($*)) dnl
+	
+	gen_require(`
+		type devicekit_power_t;
+		class dbus send_msg;
+	')
+
+	allow $1 devicekit_power_t:dbus send_msg;
+	allow devicekit_power_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_dbus_chat_power'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use and inherit devicekit power
+##	file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_use_fds_power',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_use_fds_power'($*)) dnl
+	
+	gen_require(`
+		type devicekit_power_t;
+	')
+
+	allow $1 devicekit_power_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_use_fds_power'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append inherited devicekit log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_append_inherited_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_append_inherited_log_files'($*)) dnl
+	
+	gen_require(`
+		type devicekit_var_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 devicekit_var_log_t:file { getattr_file_perms append };
+
+	devicekit_use_fds_power($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_append_inherited_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	devicekit log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_manage_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_manage_log_files'($*)) dnl
+	
+	gen_require(`
+		type devicekit_var_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, devicekit_var_log_t, devicekit_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_manage_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel devicekit log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_relabel_log_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_relabel_log_files'($*)) dnl
+	
+	gen_require(`
+		type devicekit_var_log_t;
+	')
+
+	logging_search_logs($1)
+	relabel_files_pattern($1, devicekit_var_log_t, devicekit_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_relabel_log_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read devicekit PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type devicekit_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, devicekit_runtime_t, devicekit_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	devicekit PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`devicekit_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type devicekit_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, devicekit_runtime_t, devicekit_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an devicekit environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`devicekit_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `devicekit_admin'($*)) dnl
+	
+	gen_require(`
+		type devicekit_t, devicekit_disk_t, devicekit_power_t;
+		type devicekit_var_lib_t, devicekit_runtime_t, devicekit_tmp_t;
+		type devicekit_var_log_t;
+	')
+
+	allow $1 { devicekit_t devicekit_disk_t devicekit_power_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { devicekit_t devicekit_disk_t devicekit_power_t })
+
+	files_search_tmp($1)
+	admin_pattern($1, devicekit_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, devicekit_var_lib_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, devicekit_var_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, devicekit_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `devicekit_admin'($*)) dnl
+	')
+
+## <summary>GNOME color manager.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run colord.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`colord_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `colord_domtrans'($*)) dnl
+	
+	gen_require(`
+		type colord_t, colord_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, colord_exec_t, colord_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `colord_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	colord over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`colord_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `colord_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type colord_t;
+		class dbus send_msg;
+	')
+
+	allow $1 colord_t:dbus send_msg;
+	allow colord_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `colord_dbus_chat'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Read colord lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`colord_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `colord_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type colord_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, colord_var_lib_t, colord_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `colord_read_lib_files'($*)) dnl
+	')
+
+## <summary>Line printer daemon.</summary>
+
+########################################
+## <summary>
+##	Role access for lpd.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	User domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`lpd_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_role'($*)) dnl
+	
+	gen_require(`
+		attribute_role lpr_roles;
+		type lpr_t, lpr_exec_t;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	roleattribute $1 lpr_roles;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($2, lpr_exec_t, lpr_t)
+
+	allow $2 lpr_t:process { ptrace signal_perms };
+	ps_process_pattern($2, lpr_t)
+
+	dontaudit lpr_t $2:unix_stream_socket { read write };
+
+	optional_policy(`
+		cups_read_config($2)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute lpd in the lpd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`lpd_domtrans_checkpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_domtrans_checkpc'($*)) dnl
+	
+	gen_require(`
+		type checkpc_t, checkpc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, checkpc_exec_t, checkpc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_domtrans_checkpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute amrecover in the lpd
+##	domain, and allow the specified
+##	role the lpd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lpd_run_checkpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_run_checkpc'($*)) dnl
+	
+	gen_require(`
+		attribute_role checkpc_roles;
+	')
+
+	lpd_domtrans_checkpc($1)
+	roleattribute $2 checkpc_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_run_checkpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List printer spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lpd_list_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_list_spool'($*)) dnl
+	
+	gen_require(`
+		type print_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 print_spool_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_list_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read printer spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lpd_read_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_read_spool'($*)) dnl
+	
+	gen_require(`
+		type print_spool_t;
+	')
+
+	files_search_spool($1)
+	read_files_pattern($1, print_spool_t, print_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_read_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	printer spool content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lpd_manage_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_manage_spool'($*)) dnl
+	
+	gen_require(`
+		type print_spool_t;
+	')
+
+	files_search_spool($1)
+	manage_dirs_pattern($1, print_spool_t, print_spool_t)
+	manage_files_pattern($1, print_spool_t, print_spool_t)
+	manage_lnk_files_pattern($1, print_spool_t, print_spool_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_manage_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lpd_relabel_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_relabel_spool'($*)) dnl
+	
+	gen_require(`
+		type print_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 print_spool_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_relabel_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read printer configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lpd_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_read_config'($*)) dnl
+	
+	gen_require(`
+		type printconf_t;
+	')
+
+	allow $1 printconf_t:dir list_dir_perms;
+	read_files_pattern($1, printconf_t, printconf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transition to a user lpr domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`lpd_domtrans_lpr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_domtrans_lpr'($*)) dnl
+	
+	gen_require(`
+		type lpr_t, lpr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, lpr_exec_t, lpr_t)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_domtrans_lpr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute lpr in the lpr domain, and
+##	allow the specified role the lpr domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lpd_run_lpr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_run_lpr'($*)) dnl
+	
+	gen_require(`
+		attribute_role lpr_roles;
+	')
+
+	lpd_domtrans_lpr($1)
+	roleattribute $2 lpr_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_run_lpr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute lpr in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lpd_exec_lpr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lpd_exec_lpr'($*)) dnl
+	
+	gen_require(`
+		type lpr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, lpr_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lpd_exec_lpr'($*)) dnl
+	')
+
+## <summary>Qmail Mail Server.</summary>
+
+########################################
+## <summary>
+##	Template for qmail parent/sub-domain pairs.
+## </summary>
+## <param name="child_prefix">
+##	<summary>
+##	The prefix of the child domain.
+##	</summary>
+## </param>
+## <param name="parent_domain">
+##	<summary>
+##	The name of the parent domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`qmail_child_domain_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qmail_child_domain_template'($*)) dnl
+	
+	gen_require(`
+		attribute qmail_child_domain;
+	')
+
+	########################################
+	#
+	# Declarations
+	#
+
+	type $1_t, qmail_child_domain;
+	type $1_exec_t;
+	domain_type($1_t)
+	domain_entry_file($1_t, $1_exec_t)
+
+	role system_r types $1_t;
+
+	########################################
+	#
+	# Policy
+	#
+
+	domtrans_pattern($2, $1_exec_t, $1_t)
+
+	kernel_read_system_state($2)
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qmail_child_domain_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transition to qmail_inject_t.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`qmail_domtrans_inject',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qmail_domtrans_inject'($*)) dnl
+	
+	gen_require(`
+		type qmail_inject_t, qmail_inject_exec_t;
+	')
+
+	domtrans_pattern($1, qmail_inject_exec_t, qmail_inject_t)
+
+	ifdef(`distro_debian',`
+		files_search_usr($1)
+		corecmd_search_bin($1)
+	',`
+		files_search_var($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qmail_domtrans_inject'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transition to qmail_queue_t.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`qmail_domtrans_queue',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qmail_domtrans_queue'($*)) dnl
+	
+	gen_require(`
+		type qmail_queue_t, qmail_queue_exec_t;
+	')
+
+	domtrans_pattern($1, qmail_queue_exec_t, qmail_queue_t)
+
+	ifdef(`distro_debian',`
+		files_search_usr($1)
+		corecmd_search_bin($1)
+	',`
+		files_search_var($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qmail_domtrans_queue'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read qmail configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`qmail_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qmail_read_config'($*)) dnl
+	
+	gen_require(`
+		type qmail_etc_t;
+	')
+
+	files_search_var($1)
+	allow $1 qmail_etc_t:dir list_dir_perms;
+	allow $1 qmail_etc_t:file read_file_perms;
+	allow $1 qmail_etc_t:lnk_file read_lnk_file_perms;
+
+	ifdef(`distro_debian',`
+		files_search_etc($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qmail_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Define the specified domain as a
+##	qmail-smtp service.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type associated with the process program.
+##	</summary>
+## </param>
+#
+ 	 	define(`qmail_smtpd_service_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `qmail_smtpd_service_domain'($*)) dnl
+	
+	gen_require(`
+		type qmail_smtpd_t;
+	')
+
+	domtrans_pattern(qmail_smtpd_t, $2, $1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `qmail_smtpd_service_domain'($*)) dnl
+	')
+
+## <summary>Procmail mail delivery agent.</summary>
+
+########################################
+## <summary>
+##	Execute procmail with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`procmail_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `procmail_domtrans'($*)) dnl
+	
+	gen_require(`
+		type procmail_exec_t, procmail_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, procmail_exec_t, procmail_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `procmail_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute procmail in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`procmail_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `procmail_exec'($*)) dnl
+	
+	gen_require(`
+		type procmail_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, procmail_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `procmail_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	procmail home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`procmail_manage_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `procmail_manage_home_files'($*)) dnl
+	
+	gen_require(`
+		type procmail_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 procmail_home_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `procmail_manage_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read procmail user home content files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`procmail_read_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `procmail_read_home_files'($*)) dnl
+	
+	gen_require(`
+		type procmail_home_t;
+
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 procmail_home_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `procmail_read_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel procmail home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`procmail_relabel_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `procmail_relabel_home_files'($*)) dnl
+	
+	gen_require(`
+		type procmail_home_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 procmail_home_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `procmail_relabel_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in user home
+##	directories with the procmail home type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`procmail_home_filetrans_procmail_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `procmail_home_filetrans_procmail_home'($*)) dnl
+	
+	gen_require(`
+		type procmail_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, procmail_home_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `procmail_home_filetrans_procmail_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read procmail tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`procmail_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `procmail_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type procmail_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 procmail_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `procmail_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write procmail tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`procmail_rw_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `procmail_rw_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type procmail_tmp_t;
+	')
+
+	files_search_tmp($1)
+	rw_files_pattern($1, procmail_tmp_t, procmail_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `procmail_rw_tmp_files'($*)) dnl
+	')
+
+## <summary>Jockey driver manager.</summary>
+## <summary>Open source implementation of the Service Availability Forum Hardware Platform Interface.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an openhpi environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`openhpi_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `openhpi_admin'($*)) dnl
+	
+	gen_require(`
+		type openhpid_t, openhpid_initrc_exec_t, openhpid_var_lib_t;
+		type openhpid_runtime_t;
+	')
+
+	allow $1 openhpid_t:process { ptrace signal_perms };
+	ps_process_pattern($1, openhpid_t)
+
+	init_startstop_service($1, $2, openhpid_t, openhpid_initrc_exec_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, openhpid_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, openhpid_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `openhpi_admin'($*)) dnl
+	')
+
+## <summary>Concurrent versions system.</summary>
+
+########################################
+## <summary>
+##	Read CVS data and metadata content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cvs_read_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cvs_read_data'($*)) dnl
+	
+	gen_require(`
+		type cvs_data_t;
+	')
+
+	list_dirs_pattern($1, cvs_data_t, cvs_data_t)
+	read_files_pattern($1, cvs_data_t, cvs_data_t)
+	read_lnk_files_pattern($1, cvs_data_t, cvs_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cvs_read_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cvs in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`cvs_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cvs_exec'($*)) dnl
+	
+	gen_require(`
+		type cvs_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, cvs_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cvs_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cvs environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`cvs_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `cvs_admin'($*)) dnl
+	
+	gen_require(`
+		type cvs_t, cvs_tmp_t, cvs_initrc_exec_t;
+		type cvs_data_t, cvs_runtime_t, cvs_keytab_t;
+	')
+
+	allow $1 cvs_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cvs_t)
+
+	init_startstop_service($1, $2, cvs_t, cvs_initrc_exec_t)
+
+	files_search_etc($1)
+	admin_pattern($1, cvs_keytab_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, cvs_tmp_t)
+
+	files_search_usr($1)
+	admin_pattern($1, cvs_data_t)
+
+	files_list_pids($1)
+	admin_pattern($1, cvs_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `cvs_admin'($*)) dnl
+	')
+
+## <summary>File transfer protocol service.</summary>
+
+#######################################
+## <summary>
+##	Execute a dyntransition to run anon sftpd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ftp_dyntrans_anon_sftpd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ftp_dyntrans_anon_sftpd'($*)) dnl
+	
+	gen_require(`
+		type anon_sftpd_t;
+	')
+
+	dyntrans_pattern($1, anon_sftpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ftp_dyntrans_anon_sftpd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ftpd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ftp_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ftp_read_config'($*)) dnl
+	
+	gen_require(`
+		type ftpd_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 ftpd_etc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ftp_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute FTP daemon entry point programs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ftp_check_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ftp_check_exec'($*)) dnl
+	
+	gen_require(`
+		type ftpd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	allow $1 ftpd_exec_t:file mmap_exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ftp_check_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read ftpd log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ftp_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ftp_read_log'($*)) dnl
+	
+	gen_require(`
+		type xferlog_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 xferlog_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ftp_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the ftpdctl in the ftpdctl domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ftp_domtrans_ftpdctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ftp_domtrans_ftpdctl'($*)) dnl
+	
+	gen_require(`
+		type ftpdctl_t, ftpdctl_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ftpdctl_exec_t, ftpdctl_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ftp_domtrans_ftpdctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the ftpdctl in the ftpdctl
+##	domain, and allow the specified
+##	role the ftpctl domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ftp_run_ftpdctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ftp_run_ftpdctl'($*)) dnl
+	
+	gen_require(`
+		attribute_role ftpdctl_roles;
+	')
+
+	ftp_domtrans_ftpdctl($1)
+	roleattribute $2 ftpdctl_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ftp_run_ftpdctl'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute a dyntransition to run sftpd.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ftp_dyntrans_sftpd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ftp_dyntrans_sftpd'($*)) dnl
+	
+	gen_require(`
+		type sftpd_t;
+	')
+
+	dyntrans_pattern($1, sftpd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ftp_dyntrans_sftpd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ftp environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ftp_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ftp_admin'($*)) dnl
+	
+	gen_require(`
+		type ftpd_t, ftpdctl_t, ftpd_tmp_t;
+		type ftpd_etc_t, ftpd_lock_t, sftpd_t;
+		type ftpd_runtime_t, xferlog_t, anon_sftpd_t;
+		type ftpd_initrc_exec_t, ftpdctl_tmp_t;
+		type ftpd_keytab_t;
+	')
+
+	allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t })
+
+	init_startstop_service($1, $2, ftpd_t, ftpd_initrc_exec_t)
+
+	miscfiles_manage_public_files($1)
+
+	files_list_tmp($1)
+	admin_pattern($1, { ftpd_tmp_t ftpdctl_tmp_t })
+
+	files_list_etc($1)
+	admin_pattern($1, { ftpd_etc_t ftpd_keytab_t })
+
+	files_list_var($1)
+	admin_pattern($1, ftpd_lock_t)
+
+	files_list_pids($1)
+	admin_pattern($1, ftpd_runtime_t)
+
+	logging_list_logs($1)
+	admin_pattern($1, xferlog_t)
+
+	ftp_run_ftpdctl($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ftp_admin'($*)) dnl
+	')
+
+## <summary>Network scanning daemon.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an nessus environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`nessus_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `nessus_admin'($*)) dnl
+	
+	gen_require(`
+		type nessusd_t, nessusd_db_t, nessusd_initrc_exec_t;
+		type nessusd_etc_t, nessusd_log_t, nessusd_runtime_t;
+	')
+
+	allow $1 nessusd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, nessusd_t)
+
+	init_startstop_service($1, $2, nessusd_t, nessusd_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, nessusd_log_t)
+
+	files_search_etc($1)
+	admin_pattern($1, nessusd_etc_t)
+
+	files_search_pids($1)
+	admin_pattern($1, nessusd_runtime_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, nessusd_db_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `nessus_admin'($*)) dnl
+	')
+
+## <summary>WireGuard VPN.</summary>
+
+########################################
+## <summary>
+##	Execute WireGuard in the wireguard domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`wireguard_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wireguard_domtrans'($*)) dnl
+	
+	gen_require(`
+		type wireguard_t, wireguard_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, wireguard_exec_t, wireguard_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wireguard_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute WireGuard in the wireguard domain, and
+##	allow the specified role the wireguard domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`wireguard_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wireguard_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role wireguard_roles;
+	')
+
+	wireguard_domtrans($1)
+	roleattribute $2 wireguard_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wireguard_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate a WireGuard
+##	environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`wireguard_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `wireguard_admin'($*)) dnl
+	
+	gen_require(`
+		type wireguard_t, wireguard_etc_t, wireguard_initrc_exec_t, wireguard_unit_t;
+	')
+
+	admin_process_pattern($1, wireguard_t)
+
+	init_startstop_service($1, $2, wireguard_t, wireguard_initrc_exec_t, wireguard_unit_t)
+
+	files_search_etc($1)
+	admin_pattern($1, wireguard_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `wireguard_admin'($*)) dnl
+	')
+
+## <summary>Hardware abstraction layer.</summary>
+
+########################################
+## <summary>
+##	Execute hal in the hal domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_domtrans'($*)) dnl
+	
+	gen_require(`
+		type hald_t, hald_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, hald_exec_t, hald_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get attributes of hald processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_getattr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_getattr'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+	')
+
+	allow $1 hald_t:process getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_getattr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read hal process state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_read_state'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+	')
+
+	ps_process_pattern($1, hald_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Trace hald processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_ptrace',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_ptrace'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+	')
+
+	allow $1 hald_t:process ptrace;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_ptrace'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use hald file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_use_fds'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+	')
+
+	allow $1 hald_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherited
+##	and use hald file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+	')
+
+	dontaudit $1 hald_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write hald unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+	')
+
+	allow $1 hald_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write hald unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_dontaudit_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_dontaudit_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+	')
+
+	dontaudit $1 hald_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_dontaudit_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send to hald over a unix domain
+##	datagram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_dgram_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_dgram_send'($*)) dnl
+	
+	gen_require(`
+		type hald_t, hald_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	dgram_send_pattern($1, hald_var_lib_t, hald_var_lib_t, hald_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_dgram_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send to hald over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type hald_t, hald_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	stream_connect_pattern($1, hald_var_lib_t, hald_var_lib_t, hald_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write hald unix datagram sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_dontaudit_rw_dgram_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_dontaudit_rw_dgram_sockets'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+	')
+
+	dontaudit $1 hald_t:unix_dgram_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_dontaudit_rw_dgram_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send messages to hald over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_dbus_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_dbus_send'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+		class dbus send_msg;
+	')
+
+	allow $1 hald_t:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_dbus_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	hald over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type hald_t;
+		class dbus send_msg;
+	')
+
+	allow $1 hald_t:dbus send_msg;
+	allow hald_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute hal mac in the hal mac domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_domtrans_mac',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_domtrans_mac'($*)) dnl
+	
+	gen_require(`
+		type hald_mac_t, hald_mac_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, hald_mac_exec_t, hald_mac_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_domtrans_mac'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write hald log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_write_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_write_log'($*)) dnl
+	
+	gen_require(`
+		type hald_log_t;
+	')
+
+	logging_search_logs($1)
+	write_files_pattern($1, hald_log_t, hald_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_write_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write hald
+##	log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_dontaudit_write_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_dontaudit_write_log'($*)) dnl
+	
+	gen_require(`
+		type hald_log_t;
+	')
+
+	dontaudit $1 hald_log_t:file { append write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_dontaudit_write_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	hald log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_manage_log'($*)) dnl
+	
+	gen_require(`
+		type hald_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_files_pattern($1, hald_log_t, hald_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_manage_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read hald temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_read_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_read_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type hald_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 hald_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_read_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to append
+##	hald libraries files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_dontaudit_append_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_dontaudit_append_lib_files'($*)) dnl
+	
+	gen_require(`
+		type hald_var_lib_t;
+	')
+
+	dontaudit $1 hald_var_lib_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_dontaudit_append_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read hald pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type hald_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 hald_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_read_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write hald pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_rw_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_rw_pid_files'($*)) dnl
+	
+	gen_require(`
+		type hald_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 hald_runtime_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_rw_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	hald pid directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_manage_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_manage_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type hald_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_dirs_pattern($1, hald_runtime_t, hald_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_manage_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	hald pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hal_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hal_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type hald_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, hald_runtime_t, hald_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hal_manage_pid_files'($*)) dnl
+	')
+
+## <summary>POP and IMAP mail server.</summary>
+
+#######################################
+## <summary>
+##	Connect to dovecot using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dovecot_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dovecot_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type dovecot_t, dovecot_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, dovecot_runtime_t, dovecot_runtime_t, dovecot_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dovecot_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to dovecot using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dovecot_stream_connect_auth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dovecot_stream_connect_auth'($*)) dnl
+	
+	gen_require(`
+		type dovecot_auth_t, dovecot_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, dovecot_runtime_t, dovecot_runtime_t, dovecot_auth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dovecot_stream_connect_auth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute dovecot_deliver in the
+##	dovecot_deliver domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`dovecot_domtrans_deliver',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dovecot_domtrans_deliver'($*)) dnl
+	
+	gen_require(`
+		type dovecot_deliver_t, dovecot_deliver_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dovecot_deliver_exec_t, dovecot_deliver_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dovecot_domtrans_deliver'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	dovecot spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`dovecot_manage_spool',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dovecot_manage_spool'($*)) dnl
+	
+	gen_require(`
+		type dovecot_spool_t;
+	')
+
+	files_search_spool($1)
+	allow $1 dovecot_spool_t:dir manage_dir_perms;
+	allow $1 dovecot_spool_t:file manage_file_perms;
+	allow $1 dovecot_spool_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dovecot_manage_spool'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to delete
+##	dovecot lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dovecot_dontaudit_unlink_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dovecot_dontaudit_unlink_lib_files'($*)) dnl
+	
+	gen_require(`
+		type dovecot_var_lib_t;
+	')
+
+	dontaudit $1 dovecot_var_lib_t:file delete_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dovecot_dontaudit_unlink_lib_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Write inherited dovecot tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`dovecot_write_inherited_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dovecot_write_inherited_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type dovecot_tmp_t;
+	')
+
+	allow $1 dovecot_tmp_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dovecot_write_inherited_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dovecot environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`dovecot_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `dovecot_admin'($*)) dnl
+	
+	gen_require(`
+		type dovecot_t, dovecot_etc_t, dovecot_var_log_t;
+		type dovecot_spool_t, dovecot_var_lib_t, dovecot_initrc_exec_t;
+		type dovecot_runtime_t, dovecot_cert_t, dovecot_passwd_t;
+		type dovecot_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t;
+		type dovecot_keytab_t;
+	')
+
+	allow $1 dovecot_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dovecot_t)
+
+	init_startstop_service($1, $2, dovecot_t, dovecot_initrc_exec_t)
+
+	files_list_etc($1)
+	admin_pattern($1, { dovecot_keytab_t dovecot_etc_t })
+
+	logging_list_logs($1)
+	admin_pattern($1, dovecot_var_log_t)
+
+	files_list_spool($1)
+	admin_pattern($1, dovecot_spool_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, { dovecot_tmp_t dovecot_auth_tmp_t dovecot_deliver_tmp_t })
+
+	files_list_var_lib($1)
+	admin_pattern($1, dovecot_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, dovecot_runtime_t)
+
+	admin_pattern($1, { dovecot_cert_t dovecot_passwd_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `dovecot_admin'($*)) dnl
+	')
+
+## <summary>SELinux troubleshooting service.</summary>
+
+########################################
+## <summary>
+##	Connect to setroubleshootd with a
+##	unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`setroubleshoot_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setroubleshoot_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type setroubleshootd_t, setroubleshoot_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, setroubleshoot_runtime_t, setroubleshoot_runtime_t, setroubleshootd_t)
+	allow $1 setroubleshoot_runtime_t:sock_file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setroubleshoot_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to connect to
+##	setroubleshootd with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`setroubleshoot_dontaudit_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setroubleshoot_dontaudit_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type setroubleshootd_t, setroubleshoot_runtime_t;
+	')
+
+	dontaudit $1 setroubleshoot_runtime_t:sock_file rw_sock_file_perms;
+	dontaudit $1 setroubleshootd_t:unix_stream_socket connectto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setroubleshoot_dontaudit_stream_connect'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send null signals to setroubleshoot.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`setroubleshoot_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setroubleshoot_signull'($*)) dnl
+	
+	gen_require(`
+		type setroubleshootd_t;
+	')
+
+	allow $1 setroubleshootd_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setroubleshoot_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	setroubleshoot over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`setroubleshoot_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setroubleshoot_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type setroubleshootd_t;
+		class dbus send_msg;
+	')
+
+	allow $1 setroubleshootd_t:dbus send_msg;
+	allow setroubleshootd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setroubleshoot_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit send and receive messages from
+##	setroubleshoot over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`setroubleshoot_dontaudit_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setroubleshoot_dontaudit_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type setroubleshootd_t;
+		class dbus send_msg;
+	')
+
+	dontaudit $1 setroubleshootd_t:dbus send_msg;
+	dontaudit setroubleshootd_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setroubleshoot_dontaudit_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	setroubleshoot fixit over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`setroubleshoot_dbus_chat_fixit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setroubleshoot_dbus_chat_fixit'($*)) dnl
+	
+	gen_require(`
+		type setroubleshoot_fixit_t;
+		class dbus send_msg;
+	')
+
+	allow $1 setroubleshoot_fixit_t:dbus send_msg;
+	allow setroubleshoot_fixit_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setroubleshoot_dbus_chat_fixit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an setroubleshoot environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`setroubleshoot_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setroubleshoot_admin'($*)) dnl
+	
+	gen_require(`
+		type setroubleshootd_t, setroubleshoot_var_log_t, setroubleshoot_fixit_t;
+		type setroubleshoot_var_lib_t, setroubleshoot_runtime_t;
+	')
+
+	allow $1 { setroubleshoot_fixit_t setroubleshootd_t }:process { ptrace signal_perms };
+	ps_process_pattern($1, { setroubleshootd_t setroubleshoot_fixit_t })
+
+	logging_list_logs($1)
+	admin_pattern($1, setroubleshoot_var_log_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, setroubleshoot_var_lib_t)
+
+	files_list_pids($1)
+	admin_pattern($1, setroubleshoot_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setroubleshoot_admin'($*)) dnl
+	')
+
+## <summary>IRC servers.</summary>
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ircd environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ircd_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ircd_admin'($*)) dnl
+	
+	gen_require(`
+		type ircd_t, ircd_initrc_exec_t, ircd_etc_t;
+		type ircd_log_t, ircd_var_lib_t, ircd_runtime_t;
+	')
+
+	init_startstop_service($1, $2, ircd_t, ircd_initrc_exec_t)
+
+	allow $1 ircd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ircd_t)
+
+	files_search_etc($1)
+	admin_pattern($1, ircd_etc_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, ircd_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, ircd_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, ircd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ircd_admin'($*)) dnl
+	')
+
+## <summary>SELinux MLS/MCS label translation service.</summary>
+
+########################################
+## <summary>
+##	Execute setrans server in the setrans domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`setrans_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setrans_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type setrans_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, setrans_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setrans_initrc_domtrans'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow a domain to translate contexts.  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`setrans_translate_context',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setrans_translate_context'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setrans_translate_context'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	All of the rules required to
+##	administrate an setrans environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`setrans_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `setrans_admin'($*)) dnl
+	
+	gen_require(`
+		type setrans_t, setrans_initrc_exec_t;
+		type setrans_runtime_t, setrans_unit_t;
+	')
+
+	allow $1 setrans_t:process { ptrace signal_perms };
+	ps_process_pattern($1, setrans_t)
+
+	init_startstop_service($1, $2, setrans_t, setrans_initrc_exec_t, setrans_unit_t)
+
+	files_search_pids($1)
+	admin_pattern($1, setrans_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `setrans_admin'($*)) dnl
+	')
+
+## <summary>Policy for the kernel message logger and system logging daemon.</summary>
+
+########################################
+## <summary>
+##	Make the specified type usable for log files
+##	in a filesystem.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable for log files in a filesystem.
+##	This will also make the type usable for files, making
+##	calls to files_type() redundant.  Failure to use this interface
+##	for a log file type may result in problems with log
+##	rotation, log analysis, and log monitoring programs.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>logging_log_filetrans()</li>
+##	</ul>
+##	<p>
+##	Example usage with a domain that can create
+##	and append to a private log file stored in the
+##	general directories (e.g., /var/log):
+##	</p>
+##	<p>
+##	type mylogfile_t;
+##	logging_log_file(mylogfile_t)
+##	allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
+##	logging_log_filetrans(mydomain_t, mylogfile_t, file)
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be used for files.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`logging_log_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_log_file'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	files_type($1)
+	files_associate_tmp($1)
+	fs_associate_tmpfs($1)
+	typeattribute $1 logfile;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_log_file'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Send audit messages.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_send_audit_msgs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_send_audit_msgs'($*)) dnl
+	
+	allow $1 self:capability audit_write;
+	allow $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_send_audit_msgs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	dontaudit attempts to send audit messages.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_dontaudit_send_audit_msgs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_dontaudit_send_audit_msgs'($*)) dnl
+	
+	dontaudit $1 self:capability audit_write;
+	dontaudit $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_dontaudit_send_audit_msgs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set login uid
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_set_loginuid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_set_loginuid'($*)) dnl
+	
+	allow $1 self:capability audit_control;
+	allow $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_relay };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_set_loginuid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set tty auditing
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_set_tty_audit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_set_tty_audit'($*)) dnl
+	
+	allow $1 self:netlink_audit_socket { r_netlink_socket_perms nlmsg_tty_audit };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_set_tty_audit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set up audit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_set_audit_parameters',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_set_audit_parameters'($*)) dnl
+	
+	allow $1 self:capability { audit_control audit_write };
+	allow $1 self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_set_audit_parameters'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the audit log.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_read_audit_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_read_audit_log'($*)) dnl
+	
+	gen_require(`
+		type auditd_log_t;
+	')
+
+	files_search_var($1)
+	read_files_pattern($1, auditd_log_t, auditd_log_t)
+	allow $1 auditd_log_t:dir list_dir_perms;
+
+	dontaudit $1 auditd_log_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_read_audit_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute auditctl in the auditctl domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_domtrans_auditctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_domtrans_auditctl'($*)) dnl
+	
+	gen_require(`
+		type auditctl_t, auditctl_exec_t;
+	')
+
+	domtrans_pattern($1, auditctl_exec_t, auditctl_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_domtrans_auditctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute auditctl in the auditctl domain, and
+##	allow the specified role the auditctl domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_run_auditctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_run_auditctl'($*)) dnl
+	
+	gen_require(`
+		type auditctl_t;
+	')
+
+	logging_domtrans_auditctl($1)
+	role $2 types auditctl_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_run_auditctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute auditd in the auditd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_domtrans_auditd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_domtrans_auditd'($*)) dnl
+	
+	gen_require(`
+		type auditd_t, auditd_exec_t;
+	')
+
+	domtrans_pattern($1, auditd_exec_t, auditd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_domtrans_auditd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute auditd in the auditd domain, and
+##	allow the specified role the auditd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_run_auditd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_run_auditd'($*)) dnl
+	
+	gen_require(`
+		type auditd_t;
+	')
+
+	logging_domtrans_auditd($1)
+	role $2 types auditd_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_run_auditd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run the audit dispatcher.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`logging_domtrans_dispatcher',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_domtrans_dispatcher'($*)) dnl
+	
+	gen_require(`
+		type audisp_t, audisp_exec_t;
+	')
+
+	domtrans_pattern($1, audisp_exec_t, audisp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_domtrans_dispatcher'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Signal the audit dispatcher.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`logging_signal_dispatcher',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_signal_dispatcher'($*)) dnl
+	
+	gen_require(`
+		type audisp_t;
+	')
+
+	allow $1 audisp_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_signal_dispatcher'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain for processes
+##	which can be started by the system audit dispatcher
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_dispatcher_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_dispatcher_domain'($*)) dnl
+	
+	gen_require(`
+		type audisp_t;
+		role system_r;
+	')
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+
+	role system_r types $1;
+
+	domtrans_pattern(audisp_t, $2, $1)
+	allow audisp_t $1:process { sigkill sigstop signull signal };
+
+	allow audisp_t $2:file getattr;
+	allow $1 audisp_t:unix_stream_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_dispatcher_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to the audit dispatcher over an unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_stream_connect_dispatcher',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_stream_connect_dispatcher'($*)) dnl
+	
+	gen_require(`
+		type audisp_t, audisp_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, audisp_runtime_t, audisp_runtime_t, audisp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_stream_connect_dispatcher'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the auditd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_manage_audit_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_manage_audit_config'($*)) dnl
+	
+	gen_require(`
+		type auditd_etc_t;
+	')
+
+	files_search_etc($1)
+	manage_files_pattern($1, auditd_etc_t, auditd_etc_t)
+
+	dontaudit $1 auditd_etc_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_manage_audit_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the audit log.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_manage_audit_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_manage_audit_log'($*)) dnl
+	
+	gen_require(`
+		type auditd_log_t;
+	')
+
+	files_search_var($1)
+	manage_dirs_pattern($1, auditd_log_t, auditd_log_t)
+	manage_files_pattern($1, auditd_log_t, auditd_log_t)
+
+	dontaudit $1 auditd_log_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_manage_audit_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute klogd in the klog domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_domtrans_klog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_domtrans_klog'($*)) dnl
+	
+	gen_require(`
+		type klogd_t, klogd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, klogd_exec_t, klogd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_domtrans_klog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Check if syslogd is executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_check_exec_syslog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_check_exec_syslog'($*)) dnl
+	
+	gen_require(`
+		type syslogd_exec_t;
+	')
+
+	corecmd_list_bin($1)
+	allow $1 syslogd_exec_t:file execute;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_check_exec_syslog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute syslogd in the syslog domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_domtrans_syslog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_domtrans_syslog'($*)) dnl
+	
+	gen_require(`
+		type syslogd_t, syslogd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, syslogd_exec_t, syslogd_t)
+	ifdef(`enable_mls',`
+		range_transition $1 syslogd_exec_t:process mls_systemhigh;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_domtrans_syslog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to check status of syslog unit
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_status_syslog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_status_syslog'($*)) dnl
+	
+	gen_require(`
+		type syslogd_unit_t;
+		class service status;
+	')
+
+	allow $1 syslogd_unit_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_status_syslog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of syslog temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_setattr_syslogd_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_setattr_syslogd_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type syslogd_tmp_t;
+	')
+
+	allow $1 syslogd_tmp_t:file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_setattr_syslogd_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from syslog temporary file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_relabel_syslogd_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_relabel_syslogd_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type syslogd_tmp_t;
+	')
+
+	allow $1 syslogd_tmp_t:file { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_relabel_syslogd_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of syslog temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_setattr_syslogd_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_setattr_syslogd_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type syslogd_tmp_t;
+	')
+
+	allow $1 syslogd_tmp_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_setattr_syslogd_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from syslog temporary directory type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_relabel_syslogd_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_relabel_syslogd_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type syslogd_tmp_t;
+	')
+
+	allow $1 syslogd_tmp_t:dir { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_relabel_syslogd_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create an object in the log directory, with a private type.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to create an object
+##	in the general system log directories (e.g., /var/log)
+##	with a private type.  Typically this is used for creating
+##	private log files in /var/log with the private type instead
+##	of the general system log type. To accomplish this goal,
+##	either the program must be SELinux-aware, or use this interface.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>logging_log_file()</li>
+##	</ul>
+##	<p>
+##	Example usage with a domain that can create
+##	and append to a private log file stored in the
+##	general directories (e.g., /var/log):
+##	</p>
+##	<p>
+##	type mylogfile_t;
+##	logging_log_file(mylogfile_t)
+##	allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
+##	logging_log_filetrans(mydomain_t, mylogfile_t, file)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+ 	 	define(`logging_log_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_log_filetrans'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	filetrans_pattern($1, var_log_t, $2, $3, $4)
+	allow $1 var_log_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_log_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send system log messages.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to connect to the
+##	system log service (syslog), to send messages be added to
+##	the system logs. Typically this is used by services
+##	that do not have their own log file in /var/log.
+##	</p>
+##	<p>
+##	This does not allow messages to be sent to
+##	the auditing system.
+##	</p>
+##	<p>
+##	Programs which use the libc function syslog() will
+##	require this access.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>logging_send_audit_msgs()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_send_syslog_msg',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_send_syslog_msg'($*)) dnl
+	
+	gen_require(`
+		type syslogd_t, syslogd_runtime_t, devlog_t;
+	')
+
+	allow $1 devlog_t:sock_file write_sock_file_perms;
+
+	# systemd journal socket is in /run/systemd/journal/dev-log
+	init_search_run($1)
+	allow $1 syslogd_runtime_t:dir search_dir_perms;
+
+	# the type of socket depends on the syslog daemon
+	allow $1 syslogd_t:unix_dgram_socket sendto;
+	allow $1 syslogd_t:unix_stream_socket connectto;
+	allow $1 self:unix_dgram_socket create_socket_perms;
+	allow $1 self:unix_stream_socket create_socket_perms;
+
+	# If syslog is down, the glibc syslog() function
+	# will write to the console.
+	term_write_console($1)
+	term_dontaudit_read_console($1)
+
+	ifdef(`init_systemd',`
+		# Allow systemd-journald to check whether the process died
+		allow syslogd_t $1:process signull;
+
+		ifdef(`distro_redhat',`
+			kernel_dgram_send($1)
+		')
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_send_syslog_msg'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow domain to relabelto devlog sock_files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_relabelto_devlog_sock_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_relabelto_devlog_sock_files'($*)) dnl
+	
+	gen_require(`
+		type devlog_t;
+	')
+
+	allow $1 devlog_t:sock_file relabelto_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_relabelto_devlog_sock_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Connect to the syslog control unix stream socket.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`logging_create_devlog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_create_devlog'($*)) dnl
+	
+	gen_require(`
+		type devlog_t;
+	')
+
+	allow $1 devlog_t:sock_file manage_sock_file_perms;
+	dev_filetrans($1, devlog_t, sock_file)
+	init_pid_filetrans($1, devlog_t, sock_file, "syslog")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_create_devlog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the auditd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_read_audit_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_read_audit_config'($*)) dnl
+	
+	gen_require(`
+		type auditd_etc_t;
+	')
+
+	files_search_etc($1)
+	read_files_pattern($1, auditd_etc_t, auditd_etc_t)
+	allow $1 auditd_etc_t:dir list_dir_perms;
+
+	dontaudit $1 auditd_etc_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_read_audit_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit search of auditd configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_dontaudit_search_audit_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_dontaudit_search_audit_config'($*)) dnl
+	
+	gen_require(`
+		type auditd_etc_t;
+	')
+
+	dontaudit $1 auditd_etc_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_dontaudit_search_audit_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read syslog configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_read_syslog_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_read_syslog_config'($*)) dnl
+	
+	gen_require(`
+		type syslog_conf_t;
+	')
+
+	allow $1 syslog_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_read_syslog_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch syslog runtime dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_watch_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_watch_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type syslogd_runtime_t;
+	')
+
+	allow $1 syslogd_runtime_t:dir watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_watch_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete the syslog socket files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_delete_devlog_socket',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_delete_devlog_socket'($*)) dnl
+	
+	gen_require(`
+		type devlog_t;
+	')
+
+	allow $1 devlog_t:sock_file unlink;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_delete_devlog_socket'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete syslog PID sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_manage_pid_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_manage_pid_sockets'($*)) dnl
+	
+	gen_require(`
+		type syslogd_runtime_t;
+	')
+
+	manage_sock_files_pattern($1, syslogd_runtime_t, syslogd_runtime_t)
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_manage_pid_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allows the domain to open a file in the
+##	log directory, but does not allow the listing
+##	of the contents of the log directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_search_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_search_logs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_log_t:dir search_dir_perms;
+	allow $1 var_log_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_search_logs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attempts to search the var log directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain not to audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_dontaudit_search_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_dontaudit_search_logs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	dontaudit $1 var_log_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_dontaudit_search_logs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	List the contents of the generic log directory (/var/log).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_list_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_list_logs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_log_t:dir list_dir_perms;
+	allow $1 var_log_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_list_logs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write the generic log directory (/var/log).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_rw_generic_log_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_rw_generic_log_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_log_t:dir rw_dir_perms;
+	allow $1 var_log_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_rw_generic_log_dirs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Search through all log dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_search_all_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_search_all_logs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	allow $1 logfile:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_search_all_logs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Set attributes on all log dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_setattr_all_log_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_setattr_all_log_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	allow $1 logfile:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_setattr_all_log_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of any log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_dontaudit_getattr_all_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_dontaudit_getattr_all_logs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	dontaudit $1 logfile:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_dontaudit_getattr_all_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the atttributes of any log file
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_getattr_all_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_getattr_all_logs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	allow $1 logfile:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_getattr_all_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append to all log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_append_all_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_append_all_logs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	append_files_pattern($1, var_log_t, logfile)
+	allow $1 var_log_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_append_all_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Append to all log files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`logging_append_all_inherited_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_append_all_inherited_logs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	allow $1 logfile:file { getattr append ioctl lock };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_append_all_inherited_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_read_all_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_read_all_logs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	files_search_var($1)
+	allow $1 logfile:dir list_dir_perms;
+	read_files_pattern($1, logfile, logfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_read_all_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute all log files in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: not sure why this is needed.  This was added
+# because of logrotate.
+ 	 	define(`logging_exec_all_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_exec_all_logs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	files_search_var($1)
+	allow $1 logfile:dir list_dir_perms;
+	can_exec($1, logfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_exec_all_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	read/write to all log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_rw_all_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_rw_all_logs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	files_search_var($1)
+	rw_files_pattern($1, logfile, logfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_rw_all_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete all log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_manage_all_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_manage_all_logs'($*)) dnl
+	
+	gen_require(`
+		attribute logfile;
+	')
+
+	files_search_var($1)
+	manage_files_pattern($1, logfile, logfile)
+	read_lnk_files_pattern($1, logfile, logfile)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_manage_all_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete generic log directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_manage_generic_log_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_manage_generic_log_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_log_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_manage_generic_log_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from and to generic log directory type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_relabel_generic_log_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_relabel_generic_log_dirs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_log_t:dir { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_relabel_generic_log_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_read_generic_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_read_generic_logs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_log_t:dir list_dir_perms;
+	read_files_pattern($1, var_log_t, var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_read_generic_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Map generic log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_mmap_generic_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_mmap_generic_logs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	allow $1 var_log_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_mmap_generic_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write generic log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_write_generic_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_write_generic_logs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_log_t:dir list_dir_perms;
+	write_files_pattern($1, var_log_t, var_log_t)
+	allow $1 var_log_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_write_generic_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit Write generic log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_dontaudit_write_generic_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_dontaudit_write_generic_logs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	dontaudit $1 var_log_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_dontaudit_write_generic_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write generic log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_rw_generic_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_rw_generic_logs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_log_t:dir list_dir_perms;
+	rw_files_pattern($1, var_log_t, var_log_t)
+	allow $1 var_log_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_rw_generic_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	generic log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_manage_generic_logs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_manage_generic_logs'($*)) dnl
+	
+	gen_require(`
+		type var_log_t;
+	')
+
+	files_search_var($1)
+	manage_files_pattern($1, var_log_t, var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_manage_generic_logs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	the audit environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	User role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_admin_audit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_admin_audit'($*)) dnl
+	
+	gen_require(`
+		type auditd_t, auditd_etc_t, auditd_log_t;
+		type auditd_runtime_t;
+		type auditd_initrc_exec_t, auditd_unit_t;
+	')
+
+	allow $1 auditd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, auditd_t)
+
+	manage_dirs_pattern($1, auditd_etc_t, auditd_etc_t)
+	manage_files_pattern($1, auditd_etc_t, auditd_etc_t)
+
+	manage_dirs_pattern($1, auditd_log_t, auditd_log_t)
+	manage_files_pattern($1, auditd_log_t, auditd_log_t)
+
+	manage_dirs_pattern($1, auditd_runtime_t, auditd_runtime_t)
+	manage_files_pattern($1, auditd_runtime_t, auditd_runtime_t)
+
+	logging_run_auditctl($1, $2)
+
+	init_startstop_service($1, $2, auditd_t, auditd_initrc_exec_t, auditd_unit_t)
+
+	dontaudit $1 auditd_etc_t:file map;
+	dontaudit $1 auditd_log_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_admin_audit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	the syslog environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	User role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_admin_syslog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_admin_syslog'($*)) dnl
+	
+	gen_require(`
+		type syslogd_t, klogd_t, syslog_conf_t;
+		type syslogd_tmp_t, syslogd_var_lib_t;
+		type syslogd_runtime_t, klogd_runtime_t;
+		type klogd_tmp_t;
+		type syslogd_initrc_exec_t, syslogd_unit_t;
+	')
+
+	allow $1 syslogd_t:process { ptrace signal_perms };
+	allow $1 klogd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, syslogd_t)
+	ps_process_pattern($1, klogd_t)
+
+	manage_dirs_pattern($1, klogd_runtime_t, klogd_runtime_t)
+	manage_files_pattern($1, klogd_runtime_t, klogd_runtime_t)
+
+	manage_dirs_pattern($1, klogd_tmp_t, klogd_tmp_t)
+	manage_files_pattern($1, klogd_tmp_t, klogd_tmp_t)
+
+	manage_dirs_pattern($1, syslogd_tmp_t, syslogd_tmp_t)
+	manage_files_pattern($1, syslogd_tmp_t, syslogd_tmp_t)
+
+	manage_dirs_pattern($1, syslog_conf_t, syslog_conf_t)
+	manage_files_pattern($1, syslog_conf_t, syslog_conf_t)
+	files_etc_filetrans($1, syslog_conf_t, file, "rsyslog.conf")
+	files_etc_filetrans($1, syslog_conf_t, file, "syslog.conf")
+
+	manage_dirs_pattern($1, syslogd_var_lib_t, syslogd_var_lib_t)
+	manage_files_pattern($1, syslogd_var_lib_t, syslogd_var_lib_t)
+
+	manage_dirs_pattern($1, syslogd_runtime_t, syslogd_runtime_t)
+	manage_files_pattern($1, syslogd_runtime_t, syslogd_runtime_t)
+
+	logging_manage_all_logs($1)
+
+	init_startstop_service($1, $2, syslogd_t, syslogd_initrc_exec_t, syslogd_unit_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_admin_syslog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	the logging environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	User role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`logging_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_admin'($*)) dnl
+	
+	logging_admin_audit($1, $2)
+	logging_admin_syslog($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_admin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mark the type as a syslog managed log file
+##	and introduce the proper file transition when
+##	created by the system logger in the generic
+##	log directory
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to mark as a syslog managed log file
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name to use for the file
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_syslog_managed_log_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_syslog_managed_log_file'($*)) dnl
+	
+	gen_require(`
+		attribute syslogmanaged;
+		type syslogd_t;
+	')
+
+	typeattribute $1 syslogmanaged;
+
+	logging_log_file($1)
+	logging_log_filetrans(syslogd_t, $1, file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_syslog_managed_log_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mark the type as a syslog managed log dir
+##	and introduce the proper file transition when
+##	created by the system logger in the generic
+##	log directory
+## </summary>
+## <desc>
+##	<p>
+##	Once set, the system logger is able to fully
+##	manage files and directory of the given type.
+##	You do not need to use logging_syslog_managed_file
+##	anymore (unless a file name transition is needed
+##	for that as well).
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to mark as a syslog managed log dir
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name to use for the directory
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_syslog_managed_log_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_syslog_managed_log_dir'($*)) dnl
+	
+	gen_require(`
+		attribute syslogmanaged;
+		type syslogd_t;
+	')
+
+	typeattribute $1 syslogmanaged;
+
+	logging_log_file($1)
+	logging_log_filetrans(syslogd_t, $1, dir, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_syslog_managed_log_dir'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Map files in /run/log/journal/ directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`logging_mmap_journal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `logging_mmap_journal'($*)) dnl
+	
+	gen_require(`
+		type syslogd_runtime_t;
+	')
+
+	allow $1 syslogd_runtime_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `logging_mmap_journal'($*)) dnl
+	')
+
+## <summary>Systemd components (not PID 1)</summary>
+
+#########################################
+## <summary>
+##	Template for systemd --user per-role domains.
+## </summary>
+## <param name="prefix">
+##	<summary>
+##	Prefix for generated types
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The user role.
+##	</summary>
+## </param>
+## <param name="userdomain">
+##	<summary>
+##	The user domain for the role.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_role_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_role_template'($*)) dnl
+	
+	gen_require(`
+		attribute systemd_user_session_type, systemd_log_parse_env_type;
+		type systemd_user_runtime_t, systemd_user_runtime_notify_t;
+	')
+
+	#################################
+	#
+	# Declarations
+	#
+	type $1_systemd_t, systemd_user_session_type, systemd_log_parse_env_type;
+	init_pgm_spec_user_daemon_domain($1_systemd_t)
+	domain_user_exemption_target($1_systemd_t)
+	ubac_constrained($1_systemd_t)
+	role $2 types $1_systemd_t;
+
+	#################################
+	#
+	# Local policy
+	#
+
+	allow $3 systemd_user_runtime_t:dir { manage_dir_perms relabel_dir_perms };
+	allow $3 systemd_user_runtime_t:file { manage_file_perms relabel_file_perms };
+	allow $3 systemd_user_runtime_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
+	allow $3 systemd_user_runtime_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
+	allow $3 systemd_user_runtime_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	allow $3 systemd_user_runtime_notify_t:sock_file { manage_sock_file_perms relabel_sock_file_perms };
+
+	# This domain is per-role because of the below transitions.
+	# See the sytemd --user section of systemd.te for the
+	# remainder of the rules.
+	allow $1_systemd_t $3:process { setsched rlimitinh };
+	corecmd_shell_domtrans($1_systemd_t, $3)
+	corecmd_bin_domtrans($1_systemd_t, $3)
+
+	# Allow using file descriptors for user environment generators
+	allow $3 $1_systemd_t:fd use;
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_role_template'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##   Make the specified type usable as an
+##   log parse environment type.
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Type to be used as a log parse environment type.
+##   </summary>
+## </param>
+#
+ 	 	define(`systemd_log_parse_environment',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_log_parse_environment'($*)) dnl
+	
+	gen_require(`
+		attribute systemd_log_parse_env_type;
+	')
+
+	typeattribute $1 systemd_log_parse_env_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_log_parse_environment'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##   Allow domain to use systemd's Name Service Switch (NSS) module.
+##   This module provides UNIX user and group name resolution for dynamic users
+##   and groups allocated through the DynamicUser= option in systemd unit files
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Domain allowed access
+##   </summary>
+## </param>
+#
+ 	 	define(`systemd_use_nss',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_use_nss'($*)) dnl
+	
+	gen_require(`
+		type systemd_conf_t;
+	')
+
+	# Get attributes of /etc/systemd/dont-synthesize-nobody
+	files_search_etc($1)
+	allow $1 systemd_conf_t:file getattr;
+
+	optional_policy(`
+		dbus_system_bus_client($1)
+		# For GetDynamicUser(), LookupDynamicUserByName()... of org.freedesktop.systemd1.Manager
+		init_dbus_chat($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_use_nss'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##   Allow domain to be used as a systemd service with a unit
+##   that uses PrivateDevices=yes in section [Service].
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Domain allowed access
+##   </summary>
+## </param>
+#
+ 	 	define(`systemd_PrivateDevices',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_PrivateDevices'($*)) dnl
+	
+	# For services using PrivateDevices, systemd mounts a dedicated
+	# tmpfs filesystem for the /dev, which gets label tmpfs_t.
+	# Allow to traverse /dev and to read symlinks in /dev (for example /dev/log)
+	fs_read_tmpfs_symlinks($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_PrivateDevices'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Allow domain to read udev hwdb file
+## </summary>
+## <param name="domain">
+## <summary>
+##  domain allowed access
+## </summary>
+## </param>
+#
+ 	 	define(`systemd_read_hwdb',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_read_hwdb'($*)) dnl
+	
+	gen_require(`
+		type systemd_hwdb_t;
+	')
+
+	read_files_pattern($1, systemd_hwdb_t, systemd_hwdb_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_read_hwdb'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Allow domain to map udev hwdb file
+## </summary>
+## <param name="domain">
+## <summary>
+##  domain allowed access
+## </summary>
+## </param>
+#
+ 	 	define(`systemd_map_hwdb',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_map_hwdb'($*)) dnl
+	
+	gen_require(`
+		type systemd_hwdb_t;
+	')
+
+	allow $1 systemd_hwdb_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_map_hwdb'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##   Read systemd_login PID files.
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Domain allowed access.
+##   </summary>
+## </param>
+#
+ 	 	define(`systemd_read_logind_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_read_logind_pids'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 systemd_logind_runtime_t:dir list_dir_perms;
+	allow $1 systemd_logind_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_read_logind_pids'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##   Manage systemd_login PID pipes.
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Domain allowed access.
+##   </summary>
+## </param>
+#
+ 	 	define(`systemd_manage_logind_pid_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_manage_logind_pid_pipes'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_fifo_files_pattern($1, systemd_logind_runtime_t, systemd_logind_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_manage_logind_pid_pipes'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##     Write systemd_login named pipe.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`systemd_write_logind_pid_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_write_logind_pid_pipes'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_runtime_t;
+	')
+
+	init_search_run($1)
+	files_search_pids($1)
+	allow $1 systemd_logind_runtime_t:fifo_file { getattr write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_write_logind_pid_pipes'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##   Use inherited systemd
+##   logind file descriptors.
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Domain allowed access.
+##   </summary>
+## </param>
+#
+ 	 	define(`systemd_use_logind_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_use_logind_fds'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_t;
+	')
+
+	allow $1 systemd_logind_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_use_logind_fds'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##      Read logind sessions files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`systemd_read_logind_sessions_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_read_logind_sessions_files'($*)) dnl
+	
+	gen_require(`
+		type systemd_sessions_runtime_t, systemd_logind_t;
+	')
+
+	allow $1 systemd_logind_t:fd use;
+	init_search_run($1)
+	allow $1 systemd_sessions_runtime_t:dir list_dir_perms;
+	read_files_pattern($1, systemd_sessions_runtime_t, systemd_sessions_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_read_logind_sessions_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##      Write inherited logind sessions pipes.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`systemd_write_inherited_logind_sessions_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_write_inherited_logind_sessions_pipes'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_t, systemd_sessions_runtime_t;
+	')
+
+	allow $1 systemd_logind_t:fd use;
+	allow $1 systemd_sessions_runtime_t:fifo_file write;
+	allow systemd_logind_t $1:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_write_inherited_logind_sessions_pipes'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##      Write inherited logind inhibit pipes.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`systemd_write_inherited_logind_inhibit_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_write_inherited_logind_inhibit_pipes'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_inhibit_runtime_t;
+		type systemd_logind_t;
+	')
+
+	allow $1 systemd_logind_t:fd use;
+	allow $1 systemd_logind_inhibit_runtime_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_write_inherited_logind_inhibit_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##   Send and receive messages from
+##   systemd logind over dbus.
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Domain allowed access.
+##   </summary>
+## </param>
+#
+ 	 	define(`systemd_dbus_chat_logind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_dbus_chat_logind'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_t;
+		class dbus send_msg;
+	')
+
+	allow $1 systemd_logind_t:dbus send_msg;
+	allow systemd_logind_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_dbus_chat_logind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##   Allow process to write to systemd_kmod_conf_t.
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Domain allowed access.
+##   </summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`systemd_write_kmod_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_write_kmod_files'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_write_kmod_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the system status information from systemd_login
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_status_logind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_status_logind'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_t;
+		class service status;
+	')
+
+	allow $1 systemd_logind_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_status_logind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send systemd_login a null signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_signull_logind',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_signull_logind'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_t;
+	')
+
+	allow $1 systemd_logind_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_signull_logind'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow reading /run/systemd/machines
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain that can access the machines files
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_read_machines',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_read_machines'($*)) dnl
+	
+	gen_require(`
+		type systemd_machined_runtime_t;
+	')
+
+	allow $1 systemd_machined_runtime_t:dir list_dir_perms;
+	allow $1 systemd_machined_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_read_machines'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##   Send and receive messages from
+##   systemd hostnamed over dbus.
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Domain allowed access.
+##   </summary>
+## </param>
+#
+ 	 	define(`systemd_dbus_chat_hostnamed',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_dbus_chat_hostnamed'($*)) dnl
+	
+	gen_require(`
+		type systemd_hostnamed_t;
+		class dbus send_msg;
+	')
+
+	allow $1 systemd_hostnamed_t:dbus send_msg;
+	allow systemd_hostnamed_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_dbus_chat_hostnamed'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      allow systemd_passwd_agent to inherit fds
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain that owns the fds
+##      </summary>
+## </param>
+#
+ 	 	define(`systemd_use_passwd_agent_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_use_passwd_agent_fds'($*)) dnl
+	
+	gen_require(`
+		type systemd_passwd_agent_t;
+	')
+
+	allow systemd_passwd_agent_t $1:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_use_passwd_agent_fds'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow a systemd_passwd_agent_t process to interact with a daemon
+##	that needs a password from the sysadmin.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_use_passwd_agent',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_use_passwd_agent'($*)) dnl
+	
+	gen_require(`
+		type systemd_passwd_agent_t;
+		type systemd_passwd_runtime_t;
+	')
+
+	manage_files_pattern($1, systemd_passwd_runtime_t, systemd_passwd_runtime_t)
+	manage_sock_files_pattern($1, systemd_passwd_runtime_t, systemd_passwd_runtime_t)
+
+	allow systemd_passwd_agent_t $1:process signull;
+	ps_process_pattern(systemd_passwd_agent_t, $1)
+	allow systemd_passwd_agent_t $1:unix_dgram_socket sendto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_use_passwd_agent'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Transition to systemd_passwd_runtime_t when creating dirs
+## </summary>
+## <param name="domain">
+##      <summary>
+##	Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`systemd_filetrans_passwd_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_filetrans_passwd_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type systemd_passwd_runtime_t;
+	')
+
+	init_pid_filetrans($1, systemd_passwd_runtime_t, dir, "ask-password-block")
+	init_pid_filetrans($1, systemd_passwd_runtime_t, dir, "ask-password")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_filetrans_passwd_runtime_dirs'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##  Allow to domain to create systemd-passwd symlink
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`systemd_manage_passwd_runtime_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_manage_passwd_runtime_symlinks'($*)) dnl
+	
+	gen_require(`
+		type systemd_passwd_runtime_t;
+	')
+
+	allow $1 systemd_passwd_runtime_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_manage_passwd_runtime_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      manage systemd unit dirs and the files in them
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`systemd_manage_all_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_manage_all_units'($*)) dnl
+	
+	gen_require(`
+		attribute systemdunit;
+	')
+
+	manage_dirs_pattern($1, systemdunit, systemdunit)
+	manage_files_pattern($1, systemdunit, systemdunit)
+	manage_lnk_files_pattern($1, systemdunit, systemdunit)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_manage_all_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Allow domain to read systemd_journal_t files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`systemd_read_journal_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_read_journal_files'($*)) dnl
+	
+	gen_require(`
+		type systemd_journal_t;
+	')
+
+	list_dirs_pattern($1, systemd_journal_t, systemd_journal_t)
+	mmap_read_files_pattern($1, systemd_journal_t, systemd_journal_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_read_journal_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Allow domain to create/manage systemd_journal_t files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`systemd_manage_journal_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_manage_journal_files'($*)) dnl
+	
+	gen_require(`
+		type systemd_journal_t;
+	')
+
+	manage_dirs_pattern($1, systemd_journal_t, systemd_journal_t)
+	manage_files_pattern($1, systemd_journal_t, systemd_journal_t)
+	allow $1 systemd_journal_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_manage_journal_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to systemd-journald directory type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_relabelto_journal_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_relabelto_journal_dirs'($*)) dnl
+	
+	gen_require(`
+		type systemd_journal_t;
+	')
+
+	files_search_var($1)
+	allow $1 systemd_journal_t:dir relabelto_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_relabelto_journal_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to systemd-journald file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_relabelto_journal_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_relabelto_journal_files'($*)) dnl
+	
+	gen_require(`
+		type systemd_journal_t;
+	')
+
+	files_search_var($1)
+	list_dirs_pattern($1,systemd_journal_t,systemd_journal_t)
+	allow $1 systemd_journal_t:file relabelto_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_relabelto_journal_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow domain to read systemd_networkd_t unit files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	 </summary>
+## </param>
+#
+ 	 	define(`systemd_read_networkd_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_read_networkd_units'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_unit_t;
+	')
+
+	init_search_units($1)
+	list_dirs_pattern($1, systemd_networkd_unit_t, systemd_networkd_unit_t)
+	read_files_pattern($1, systemd_networkd_unit_t, systemd_networkd_unit_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_read_networkd_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow domain to create/manage systemd_networkd_t unit files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	 </summary>
+## </param>
+#
+ 	 	define(`systemd_manage_networkd_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_manage_networkd_units'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_unit_t;
+	')
+
+	init_search_units($1)
+	manage_dirs_pattern($1, systemd_networkd_unit_t, systemd_networkd_unit_t)
+	manage_files_pattern($1, systemd_networkd_unit_t, systemd_networkd_unit_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_manage_networkd_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to enable systemd-networkd units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_enabledisable_networkd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_enabledisable_networkd'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_unit_t;
+		class service { enable disable };
+	')
+
+	allow $1 systemd_networkd_unit_t:service { enable disable };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_enabledisable_networkd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to start systemd-networkd units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_startstop_networkd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_startstop_networkd'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_unit_t;
+		class service { start stop };
+	')
+
+	allow $1 systemd_networkd_unit_t:service { start stop };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_startstop_networkd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to get status of systemd-networkd
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_status_networkd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_status_networkd'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_unit_t;
+		class service status;
+	')
+
+	allow $1 systemd_networkd_unit_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_status_networkd'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+## Relabel systemd_networkd tun socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`systemd_relabelfrom_networkd_tun_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_relabelfrom_networkd_tun_sockets'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_t;
+	')
+
+	allow $1 systemd_networkd_t:tun_socket relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_relabelfrom_networkd_tun_sockets'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+## Read/Write from systemd_networkd netlink route socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+ 	 	define(`systemd_rw_networkd_netlink_route_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_rw_networkd_netlink_route_sockets'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_t;
+	')
+
+	allow $1 systemd_networkd_t:netlink_route_socket client_stream_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_rw_networkd_netlink_route_sockets'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Allow domain to list dirs under /run/systemd/netif
+## </summary>
+## <param name="domain">
+## <summary>
+##  domain permitted the access
+## </summary>
+## </param>
+#
+ 	 	define(`systemd_list_networkd_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_list_networkd_runtime'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_runtime_t;
+	')
+
+	init_list_pids($1)
+	allow $1 systemd_networkd_runtime_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_list_networkd_runtime'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Watch directories under /run/systemd/netif
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain permitted the access
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_watch_networkd_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_watch_networkd_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_runtime_t;
+	')
+
+	allow $1 systemd_networkd_runtime_t:dir watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_watch_networkd_runtime_dirs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Allow domain to read files generated by systemd_networkd
+## </summary>
+## <param name="domain">
+## <summary>
+##  domain allowed access
+## </summary>
+## </param>
+#
+
+ 	 	define(`systemd_read_networkd_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_read_networkd_runtime'($*)) dnl
+	
+	gen_require(`
+		type systemd_networkd_runtime_t;
+	')
+
+	list_dirs_pattern($1, systemd_networkd_runtime_t, systemd_networkd_runtime_t)
+	read_files_pattern($1, systemd_networkd_runtime_t, systemd_networkd_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_read_networkd_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Allow systemd_logind_t to read process state for cgroup file
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain systemd_logind_t may access.
+##     </summary>
+## </param>
+#
+ 	 	define(`systemd_read_logind_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_read_logind_state'($*)) dnl
+	
+	gen_require(`
+		type systemd_logind_t;
+	')
+
+	allow systemd_logind_t $1:dir list_dir_perms;
+	allow systemd_logind_t $1:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_read_logind_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to start power units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_start_power_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_start_power_units'($*)) dnl
+	
+	gen_require(`
+		type power_unit_t;
+		class service start;
+	')
+
+	allow $1 power_unit_t:service start;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_start_power_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the system status information about power units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_status_power_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_status_power_units'($*)) dnl
+	
+	gen_require(`
+		type power_unit_t;
+		class service status;
+	')
+
+	allow $1 power_unit_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_status_power_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable for
+##	systemd tmpfiles config files.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used for systemd tmpfiles config files.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_tmpfiles_conf_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_tmpfiles_conf_file'($*)) dnl
+	
+	gen_require(`
+		attribute systemd_tmpfiles_conf_type;
+	')
+
+	files_config_file($1)
+	typeattribute $1 systemd_tmpfiles_conf_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_tmpfiles_conf_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to create
+##	the tmpfiles config directory with
+##	the correct context.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_tmpfiles_creator',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_tmpfiles_creator'($*)) dnl
+	
+	gen_require(`
+		type systemd_tmpfiles_conf_t;
+	')
+
+	files_pid_filetrans($1, systemd_tmpfiles_conf_t, dir, "tmpfiles.d")
+	allow $1 systemd_tmpfiles_conf_t:dir create;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_tmpfiles_creator'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create an object in the systemd tmpfiles config
+##	directory, with a private type
+##	using a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##	<summary>
+##	The type of the object to be created.
+##	</summary>
+## </param>
+## <param name="object">
+##	<summary>
+##	The object class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_tmpfiles_conf_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_tmpfiles_conf_filetrans'($*)) dnl
+	
+	gen_require(`
+		type systemd_tmpfiles_conf_t;
+	')
+
+	files_search_pids($1)
+	filetrans_pattern($1, systemd_tmpfiles_conf_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_tmpfiles_conf_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow domain to list systemd tmpfiles config directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_list_tmpfiles_conf',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_list_tmpfiles_conf'($*)) dnl
+	
+	gen_require(`
+		type systemd_tmpfiles_conf_t;
+	')
+
+	allow $1 systemd_tmpfiles_conf_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_list_tmpfiles_conf'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow domain to relabel to systemd tmpfiles config directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_relabelto_tmpfiles_conf_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_relabelto_tmpfiles_conf_dirs'($*)) dnl
+	
+	gen_require(`
+		type systemd_tmpfiles_conf_t;
+	')
+
+	allow $1 systemd_tmpfiles_conf_t:dir relabelto_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_relabelto_tmpfiles_conf_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow domain to relabel to systemd tmpfiles config files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_relabelto_tmpfiles_conf_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_relabelto_tmpfiles_conf_files'($*)) dnl
+	
+	gen_require(`
+		attribute systemd_tmpfiles_conf_type;
+	')
+
+	allow $1 systemd_tmpfiles_conf_type:file relabelto_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_relabelto_tmpfiles_conf_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Allow systemd_tmpfiles_t to manage filesystem objects
+## </summary>
+## <param name="type">
+## <summary>
+##  type of object to manage
+## </summary>
+## </param>
+## <param name="class">
+## <summary>
+##  object class to manage
+## </summary>
+## </param>
+#
+ 	 	define(`systemd_tmpfilesd_managed',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_tmpfilesd_managed'($*)) dnl
+	
+	gen_require(`
+		type systemd_tmpfiles_t;
+	')
+
+	allow systemd_tmpfiles_t $1:$2 { setattr relabelfrom relabelto create };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_tmpfilesd_managed'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##   Send and receive messages from
+##   systemd resolved over dbus.
+## </summary>
+## <param name="domain">
+##   <summary>
+##     Domain allowed access.
+##   </summary>
+## </param>
+#
+ 	 	define(`systemd_dbus_chat_resolved',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_dbus_chat_resolved'($*)) dnl
+	
+	gen_require(`
+		type systemd_resolved_t;
+		class dbus send_msg;
+	')
+
+	allow $1 systemd_resolved_t:dbus send_msg;
+	allow systemd_resolved_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_dbus_chat_resolved'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Allow domain to read resolv.conf file generated by systemd_resolved
+## </summary>
+## <param name="domain">
+## <summary>
+##  domain allowed access
+## </summary>
+## </param>
+#
+ 	 	define(`systemd_read_resolved_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_read_resolved_runtime'($*)) dnl
+	
+	gen_require(`
+		type systemd_resolved_runtime_t;
+	')
+
+	read_files_pattern($1, systemd_resolved_runtime_t, systemd_resolved_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_read_resolved_runtime'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Allow domain to getattr on .updated file (generated by systemd-update-done
+## </summary>
+## <param name="domain">
+## <summary>
+##  domain allowed access
+## </summary>
+## </param>
+#
+ 	 	define(`systemd_getattr_updated_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_getattr_updated_runtime'($*)) dnl
+	
+	gen_require(`
+		type systemd_update_run_t;
+	')
+
+	getattr_files_pattern($1, systemd_update_run_t, systemd_update_run_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_getattr_updated_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search keys for the all systemd --user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_search_all_user_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_search_all_user_keys'($*)) dnl
+	
+	gen_require(`
+		attribute systemd_user_session_type;
+	')
+
+	allow $1 systemd_user_session_type:key search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_search_all_user_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create keys for the all systemd --user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_create_all_user_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_create_all_user_keys'($*)) dnl
+	
+	gen_require(`
+		attribute systemd_user_session_type;
+	')
+
+	allow $1 systemd_user_session_type:key create;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_create_all_user_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write keys for the all systemd --user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`systemd_write_all_user_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `systemd_write_all_user_keys'($*)) dnl
+	
+	gen_require(`
+		attribute systemd_user_session_type;
+	')
+
+	allow $1 systemd_user_session_type:key write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `systemd_write_all_user_keys'($*)) dnl
+	')
+
+## <summary>
+##	Freedesktop standard locations (formerly known as X Desktop Group)
+## </summary>
+
+
+########################################
+## <summary>
+##	Mark the selected type as an xdg_cache_type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to give the xdg_cache_type attribute to
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_cache_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_cache_content'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_cache_type;
+	')
+
+	typeattribute $1 xdg_cache_type;
+
+	userdom_user_home_content($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_cache_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mark the selected type as an xdg_config_type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to give the xdg_config_type attribute to
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_config_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_config_content'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_config_type;
+	')
+
+	typeattribute $1 xdg_config_type;
+
+	userdom_user_home_content($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_config_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mark the selected type as an xdg_data_type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to give the xdg_data_type attribute to
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_data_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_data_content'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_data_type;
+	')
+
+	typeattribute $1 xdg_data_type;
+
+	userdom_user_home_content($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_data_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search through the xdg cache home directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_search_cache_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_search_cache_dirs'($*)) dnl
+	
+	gen_require(`
+		type xdg_cache_t;
+	')
+
+	search_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_search_cache_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the xdg cache home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_cache_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_cache_files'($*)) dnl
+	
+	gen_require(`
+		type xdg_cache_t;
+	')
+
+	read_files_pattern($1, xdg_cache_t, xdg_cache_t)
+	allow $1 xdg_cache_t:file map;
+	list_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
+	read_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_cache_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all xdg_cache_type files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_all_cache_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_all_cache_files'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_cache_type;
+	')
+
+	read_files_pattern($1, xdg_cache_type, xdg_cache_type)
+	allow $1 xdg_cache_type:file map;
+	list_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
+	read_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_all_cache_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in an xdg_cache directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the file or directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_cache_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_cache_filetrans'($*)) dnl
+	
+	gen_require(`
+		type xdg_cache_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+
+	filetrans_pattern($1, xdg_cache_t, $2, $3, $4)
+
+	xdg_create_cache_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_cache_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_cache_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_cache'($*)) dnl
+	
+	gen_require(`
+		type xdg_cache_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xdg_cache_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create xdg cache home directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_create_cache_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_create_cache_dirs'($*)) dnl
+	
+	gen_require(`
+		type xdg_cache_t;
+	')
+
+	allow $1 xdg_cache_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_create_cache_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the xdg cache home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_cache'($*)) dnl
+	
+	gen_require(`
+		type xdg_cache_t;
+	')
+
+	manage_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
+	manage_files_pattern($1, xdg_cache_t, xdg_cache_t)
+	allow $1 xdg_cache_t:file map;
+	manage_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
+	manage_fifo_files_pattern($1, xdg_cache_t, xdg_cache_t)
+	manage_sock_files_pattern($1, xdg_cache_t, xdg_cache_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all the xdg cache home files regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_all_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_all_cache'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_cache_type;
+	')
+
+	manage_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
+	manage_files_pattern($1, xdg_cache_type, xdg_cache_type)
+	allow $1 xdg_cache_type:file map;
+	manage_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
+	manage_fifo_files_pattern($1, xdg_cache_type, xdg_cache_type)
+	manage_sock_files_pattern($1, xdg_cache_type, xdg_cache_type)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_all_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg cache home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_cache'($*)) dnl
+	
+	gen_require(`
+		type xdg_cache_t;
+	')
+
+	relabel_dirs_pattern($1, xdg_cache_t, xdg_cache_t)
+	relabel_files_pattern($1, xdg_cache_t, xdg_cache_t)
+	relabel_lnk_files_pattern($1, xdg_cache_t, xdg_cache_t)
+	relabel_fifo_files_pattern($1, xdg_cache_t, xdg_cache_t)
+	relabel_sock_files_pattern($1, xdg_cache_t, xdg_cache_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg cache home files, regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_all_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_all_cache'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_cache_type;
+	')
+
+	relabel_dirs_pattern($1, xdg_cache_type, xdg_cache_type)
+	relabel_files_pattern($1, xdg_cache_type, xdg_cache_type)
+	relabel_lnk_files_pattern($1, xdg_cache_type, xdg_cache_type)
+	relabel_fifo_files_pattern($1, xdg_cache_type, xdg_cache_type)
+	relabel_sock_files_pattern($1, xdg_cache_type, xdg_cache_type)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_all_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search through the xdg config home directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_search_config_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_search_config_dirs'($*)) dnl
+	
+	gen_require(`
+		type xdg_config_t;
+	')
+
+	search_dirs_pattern($1, xdg_config_t, xdg_config_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_search_config_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the xdg config home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_config_files'($*)) dnl
+	
+	gen_require(`
+		type xdg_config_t;
+	')
+
+	read_files_pattern($1, xdg_config_t, xdg_config_t)
+	allow $1 xdg_config_t:file map;
+	list_dirs_pattern($1, xdg_config_t, xdg_config_t)
+	read_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_config_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all xdg_config_type files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_all_config_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_all_config_files'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_config_type;
+	')
+
+	read_files_pattern($1, xdg_config_type, xdg_config_type)
+	allow $1 xdg_config_type:file map;
+	list_dirs_pattern($1, xdg_config_type, xdg_config_type)
+	read_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_all_config_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in an xdg_config directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the file or directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_config_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_config_filetrans'($*)) dnl
+	
+	gen_require(`
+		type xdg_config_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+
+	filetrans_pattern($1, xdg_config_t, $2, $3, $4)
+
+	xdg_create_config_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_config_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_config_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_config'($*)) dnl
+	
+	gen_require(`
+		type xdg_config_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xdg_config_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create xdg config home directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_create_config_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_create_config_dirs'($*)) dnl
+	
+	gen_require(`
+		type xdg_config_t;
+	')
+
+	allow $1 xdg_config_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_create_config_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the xdg config home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_config'($*)) dnl
+	
+	gen_require(`
+		type xdg_config_t;
+	')
+
+	manage_dirs_pattern($1, xdg_config_t, xdg_config_t)
+	manage_files_pattern($1, xdg_config_t, xdg_config_t)
+	allow $1 xdg_config_t:file map;
+	manage_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
+	manage_fifo_files_pattern($1, xdg_config_t, xdg_config_t)
+	manage_sock_files_pattern($1, xdg_config_t, xdg_config_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all the xdg config home files regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_all_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_all_config'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_config_type;
+	')
+
+	manage_dirs_pattern($1, xdg_config_type, xdg_config_type)
+	manage_files_pattern($1, xdg_config_type, xdg_config_type)
+	allow $1 xdg_config_type:file map;
+	manage_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
+	manage_fifo_files_pattern($1, xdg_config_type, xdg_config_type)
+	manage_sock_files_pattern($1, xdg_config_type, xdg_config_type)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_all_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg config home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_config'($*)) dnl
+	
+	gen_require(`
+		type xdg_config_t;
+	')
+
+	relabel_dirs_pattern($1, xdg_config_t, xdg_config_t)
+	relabel_files_pattern($1, xdg_config_t, xdg_config_t)
+	relabel_lnk_files_pattern($1, xdg_config_t, xdg_config_t)
+	relabel_fifo_files_pattern($1, xdg_config_t, xdg_config_t)
+	relabel_sock_files_pattern($1, xdg_config_t, xdg_config_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg config home files, regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_all_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_all_config'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_config_type;
+	')
+
+	relabel_dirs_pattern($1, xdg_config_type, xdg_config_type)
+	relabel_files_pattern($1, xdg_config_type, xdg_config_type)
+	relabel_lnk_files_pattern($1, xdg_config_type, xdg_config_type)
+	relabel_fifo_files_pattern($1, xdg_config_type, xdg_config_type)
+	relabel_sock_files_pattern($1, xdg_config_type, xdg_config_type)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_all_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the xdg data home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_data_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_data_files'($*)) dnl
+	
+	gen_require(`
+		type xdg_data_t;
+	')
+
+	read_files_pattern($1, xdg_data_t, xdg_data_t)
+	allow $1 xdg_data_t:file map;
+	list_dirs_pattern($1, xdg_data_t, xdg_data_t)
+	read_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_data_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all xdg_data_type files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_all_data_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_all_data_files'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_data_type;
+	')
+
+	read_files_pattern($1, xdg_data_type, xdg_data_type)
+	allow $1 xdg_data_type:file map;
+	list_dirs_pattern($1, xdg_data_type, xdg_data_type)
+	read_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_all_data_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in an xdg_data directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Optional name of the file or directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_data_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_data_filetrans'($*)) dnl
+	
+	gen_require(`
+		type xdg_data_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+
+	filetrans_pattern($1, xdg_data_t, $2, $3, $4)
+
+	xdg_create_data_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_data_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_data_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_data'($*)) dnl
+	
+	gen_require(`
+		type xdg_data_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xdg_data_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create xdg data home directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_create_data_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_create_data_dirs'($*)) dnl
+	
+	gen_require(`
+		type xdg_data_t;
+	')
+
+	allow $1 xdg_data_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_create_data_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the xdg data home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_data'($*)) dnl
+	
+	gen_require(`
+		type xdg_data_t;
+	')
+
+	manage_dirs_pattern($1, xdg_data_t, xdg_data_t)
+	manage_files_pattern($1, xdg_data_t, xdg_data_t)
+	allow $1 xdg_data_t:file map;
+	manage_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
+	manage_fifo_files_pattern($1, xdg_data_t, xdg_data_t)
+	manage_sock_files_pattern($1, xdg_data_t, xdg_data_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all the xdg data home files, regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_all_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_all_data'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_data_type;
+	')
+
+	manage_dirs_pattern($1, xdg_data_type, xdg_data_type)
+	manage_files_pattern($1, xdg_data_type, xdg_data_type)
+	allow $1 xdg_data_type:file map;
+	manage_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
+	manage_fifo_files_pattern($1, xdg_data_type, xdg_data_type)
+	manage_sock_files_pattern($1, xdg_data_type, xdg_data_type)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_all_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg data home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_data'($*)) dnl
+	
+	gen_require(`
+		type xdg_data_t;
+	')
+
+	relabel_dirs_pattern($1, xdg_data_t, xdg_data_t)
+	relabel_files_pattern($1, xdg_data_t, xdg_data_t)
+	relabel_lnk_files_pattern($1, xdg_data_t, xdg_data_t)
+	relabel_fifo_files_pattern($1, xdg_data_t, xdg_data_t)
+	relabel_sock_files_pattern($1, xdg_data_t, xdg_data_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg data home files, regardless of their type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_all_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_all_data'($*)) dnl
+	
+	gen_require(`
+		attribute xdg_data_type;
+	')
+
+	relabel_dirs_pattern($1, xdg_data_type, xdg_data_type)
+	relabel_files_pattern($1, xdg_data_type, xdg_data_type)
+	relabel_lnk_files_pattern($1, xdg_data_type, xdg_data_type)
+	relabel_fifo_files_pattern($1, xdg_data_type, xdg_data_type)
+	relabel_sock_files_pattern($1, xdg_data_type, xdg_data_type)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_all_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_documents_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_documents',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_documents'($*)) dnl
+	
+	gen_require(`
+		type xdg_documents_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xdg_documents_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_documents'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage documents content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_documents',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_documents'($*)) dnl
+	
+	gen_require(`
+		type xdg_documents_t;
+	')
+
+	manage_dirs_pattern($1, xdg_documents_t, xdg_documents_t)
+	manage_files_pattern($1, xdg_documents_t, xdg_documents_t)
+	allow $1 xdg_documents_t:file map;
+	manage_lnk_files_pattern($1, xdg_documents_t, xdg_documents_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_documents'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the documents resources
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_documents',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_documents'($*)) dnl
+	
+	gen_require(`
+		type xdg_documents_t;
+	')
+
+	relabel_dirs_pattern($1, xdg_documents_t, xdg_documents_t)
+	relabel_files_pattern($1, xdg_documents_t, xdg_documents_t)
+	relabel_lnk_files_pattern($1, xdg_documents_t, xdg_documents_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_documents'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read downloaded content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_downloads',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_downloads'($*)) dnl
+	
+	gen_require(`
+		type xdg_downloads_t;
+	')
+
+	read_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	allow $1 xdg_downloads_t:file map;
+	list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_downloads'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Create downloaded content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_create_downloads',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_create_downloads'($*)) dnl
+	
+	gen_require(`
+		type xdg_downloads_t;
+	')
+
+	create_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	allow $1 xdg_downloads_t:file map;
+	create_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	create_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_create_downloads'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Write downloaded content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_write_downloads',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_write_downloads'($*)) dnl
+	
+	gen_require(`
+		type xdg_downloads_t;
+	')
+
+	write_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	allow $1 xdg_downloads_t:file map;
+	list_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	read_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_write_downloads'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_downloads_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_downloads',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_downloads'($*)) dnl
+	
+	gen_require(`
+		type xdg_downloads_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xdg_downloads_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_downloads'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage downloaded content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_downloads',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_downloads'($*)) dnl
+	
+	gen_require(`
+		type xdg_downloads_t;
+	')
+
+	manage_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	manage_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	allow $1 xdg_downloads_t:file map;
+	manage_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_downloads'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the downloads resources
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_downloads',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_downloads'($*)) dnl
+	
+	gen_require(`
+		type xdg_downloads_t;
+	')
+
+	relabel_dirs_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	relabel_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+	relabel_lnk_files_pattern($1, xdg_downloads_t, xdg_downloads_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_downloads'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read user pictures content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_pictures',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_pictures'($*)) dnl
+	
+	gen_require(`
+		type xdg_pictures_t;
+	')
+
+	read_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+	allow $1 xdg_pictures_t:file map;
+	list_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
+	read_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_pictures'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_pictures_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_pictures',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_pictures'($*)) dnl
+	
+	gen_require(`
+		type xdg_pictures_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xdg_pictures_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_pictures'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage pictures content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_pictures',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_pictures'($*)) dnl
+	
+	gen_require(`
+		type xdg_pictures_t;
+	')
+
+	manage_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
+	manage_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+	allow $1 xdg_pictures_t:file map;
+	manage_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_pictures'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the pictures resources
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_pictures',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_pictures'($*)) dnl
+	
+	gen_require(`
+		type xdg_pictures_t;
+	')
+
+	relabel_dirs_pattern($1, xdg_pictures_t, xdg_pictures_t)
+	relabel_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+	relabel_lnk_files_pattern($1, xdg_pictures_t, xdg_pictures_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_pictures'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read user music content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_music',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_music'($*)) dnl
+	
+	gen_require(`
+		type xdg_music_t;
+	')
+
+	read_files_pattern($1, xdg_music_t, xdg_music_t)
+	allow $1 xdg_music_t:file map;
+	list_dirs_pattern($1, xdg_music_t, xdg_music_t)
+	read_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_music'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_pictures_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_music',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_music'($*)) dnl
+	
+	gen_require(`
+		type xdg_music_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xdg_music_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_music'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage music content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_music',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_music'($*)) dnl
+	
+	gen_require(`
+		type xdg_music_t;
+	')
+
+	manage_dirs_pattern($1, xdg_music_t, xdg_music_t)
+	manage_files_pattern($1, xdg_music_t, xdg_music_t)
+	allow $1 xdg_music_t:file map;
+	manage_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_music'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the music resources
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_music',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_music'($*)) dnl
+	
+	gen_require(`
+		type xdg_music_t;
+	')
+
+	relabel_dirs_pattern($1, xdg_music_t, xdg_music_t)
+	relabel_files_pattern($1, xdg_music_t, xdg_music_t)
+	relabel_lnk_files_pattern($1, xdg_music_t, xdg_music_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_music'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read user video content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_videos',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_videos'($*)) dnl
+	
+	gen_require(`
+		type xdg_videos_t;
+	')
+
+	read_files_pattern($1, xdg_videos_t, xdg_videos_t)
+	allow $1 xdg_videos_t:file map;
+	list_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
+	read_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_videos'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_videos_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_videos',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_videos'($*)) dnl
+	
+	gen_require(`
+		type xdg_videos_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, xdg_videos_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_videos'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage video content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_videos',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_videos'($*)) dnl
+	
+	gen_require(`
+		type xdg_videos_t;
+	')
+
+	manage_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
+	manage_files_pattern($1, xdg_videos_t, xdg_videos_t)
+	allow $1 xdg_videos_t:file map;
+	manage_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_videos'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the videos resources
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_videos',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_videos'($*)) dnl
+	
+	gen_require(`
+		type xdg_videos_t;
+	')
+
+	relabel_dirs_pattern($1, xdg_videos_t, xdg_videos_t)
+	relabel_files_pattern($1, xdg_videos_t, xdg_videos_t)
+	relabel_lnk_files_pattern($1, xdg_videos_t, xdg_videos_t)
+
+	userdom_search_user_home_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_videos'($*)) dnl
+	')
+
+
+
+# Gentoo specific under here
+# Compat interfaces for old names that were upstreamed
+
+########################################
+## <summary>
+##	Mark the selected type as an xdg_cache_home_type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to give the xdg_cache_home_type attribute to
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_cache_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_cache_home_content'($*)) dnl
+	
+	xdg_cache_content($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_cache_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mark the selected type as an xdg_config_home_type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to give the xdg_config_home_type attribute to
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_config_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_config_home_content'($*)) dnl
+	
+	xdg_config_content($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_config_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mark the selected type as an xdg_data_home_type
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to give the xdg_data_home_type attribute to
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_data_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_data_home_content'($*)) dnl
+	
+	xdg_data_content($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_data_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the xdg cache home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_cache_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_cache_home_files'($*)) dnl
+	
+	xdg_read_cache_files($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_cache_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all xdg_cache_home_type files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_all_cache_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_all_cache_home_files'($*)) dnl
+	
+	xdg_read_all_cache_files($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_all_cache_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in an xdg_cache_home directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the file or directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_cache_home_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_cache_home_filetrans'($*)) dnl
+	
+	xdg_cache_filetrans($1, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_cache_home_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_cache_home_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_cache_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_cache_home'($*)) dnl
+	
+	xdg_generic_user_home_dir_filetrans_cache($1, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_cache_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create xdg cache home directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_create_cache_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_create_cache_home_dirs'($*)) dnl
+	
+	xdg_create_cache_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_create_cache_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the xdg cache home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_cache_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_cache_home'($*)) dnl
+	
+	xdg_manage_cache($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_cache_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all the xdg cache home files regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_all_cache_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_all_cache_home'($*)) dnl
+	
+	xdg_manage_all_cache($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_all_cache_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg cache home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_cache_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_cache_home'($*)) dnl
+	
+	xdg_relabel_cache($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_cache_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg cache home files, regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_all_cache_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_all_cache_home'($*)) dnl
+	
+	xdg_relabel_all_cache($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_all_cache_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search through the xdg config home directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_search_config_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_search_config_home_dirs'($*)) dnl
+	
+	xdg_search_config_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_search_config_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the xdg config home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_config_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_config_home_files'($*)) dnl
+	
+	xdg_read_config_files($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_config_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all xdg_config_home_type files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_all_config_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_all_config_home_files'($*)) dnl
+	
+	xdg_read_all_config_files($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_all_config_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in an xdg_config_home directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the file or directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_config_home_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_config_home_filetrans'($*)) dnl
+	
+	xdg_config_filetrans($1, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_config_home_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_config_home_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_config_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_config_home'($*)) dnl
+	
+	xdg_generic_user_home_dir_filetrans_config($1, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_config_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create xdg config home directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_create_config_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_create_config_home_dirs'($*)) dnl
+	
+	xdg_create_config_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_create_config_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the xdg config home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_config_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_config_home'($*)) dnl
+	
+	xdg_manage_config($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_config_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all the xdg config home files regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_all_config_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_all_config_home'($*)) dnl
+	
+	xdg_manage_all_config($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_all_config_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg config home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_config_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_config_home'($*)) dnl
+	
+	xdg_relabel_config($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_config_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg config home files, regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_all_config_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_all_config_home'($*)) dnl
+	
+	xdg_relabel_all_config($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_all_config_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the xdg data home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_data_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_data_home_files'($*)) dnl
+	
+	xdg_read_data_files($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_data_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all xdg_data_home_type files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_all_data_home_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_all_data_home_files'($*)) dnl
+	
+	xdg_read_all_data_files($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_all_data_home_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in an xdg_data_home directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Optional name of the file or directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_data_home_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_data_home_filetrans'($*)) dnl
+	
+	xdg_data_filetrans($1, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_data_home_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user home dir with an automatic type transition to
+##	the xdg_data_home_t type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the directory created
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_generic_user_home_dir_filetrans_data_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_generic_user_home_dir_filetrans_data_home'($*)) dnl
+	
+	xdg_generic_user_home_dir_filetrans_data($1, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_generic_user_home_dir_filetrans_data_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create xdg data home directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_create_data_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_create_data_home_dirs'($*)) dnl
+	
+	xdg_create_data_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_create_data_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the xdg data home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_data_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_data_home'($*)) dnl
+	
+	xdg_manage_data($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_data_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all the xdg data home files, regardless of their specific type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_all_data_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_all_data_home'($*)) dnl
+	
+	xdg_manage_all_data($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_all_data_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg data home files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_data_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_data_home'($*)) dnl
+	
+	xdg_relabel_data($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_data_home'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling the xdg data home files, regardless of their type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_relabel_all_data_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_relabel_all_data_home'($*)) dnl
+	
+	xdg_relabel_all_data($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_relabel_all_data_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read downloaded content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_downloads_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_downloads_home'($*)) dnl
+	
+	xdg_read_downloads($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_downloads_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read user video content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_videos_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_videos_home'($*)) dnl
+	
+	xdg_read_videos($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_videos_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read user pictures content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_pictures_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_pictures_home'($*)) dnl
+	
+	xdg_read_pictures($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_pictures_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Read user music content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_read_music_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_read_music_home'($*)) dnl
+	
+	xdg_read_music($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_read_music_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Create downloaded content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_create_downloads_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_create_downloads_home'($*)) dnl
+	
+	xdg_create_downloads($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_create_downloads_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Write downloaded content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_write_downloads_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_write_downloads_home'($*)) dnl
+	
+	xdg_write_downloads($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_write_downloads_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage downloaded content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_downloads_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_downloads_home'($*)) dnl
+	
+	xdg_manage_downloads($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_downloads_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage documents content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_documents_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_documents_home'($*)) dnl
+	
+	xdg_manage_documents($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_documents_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage music content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_music_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_music_home'($*)) dnl
+	
+	xdg_manage_music($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_music_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage pictures content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_pictures_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_pictures_home'($*)) dnl
+	
+	xdg_manage_pictures($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_pictures_home'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Manage video content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`xdg_manage_videos_home',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xdg_manage_videos_home'($*)) dnl
+	
+	xdg_manage_videos($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xdg_manage_videos_home'($*)) dnl
+	')
+
+## <summary>Policy for mount.</summary>
+
+########################################
+## <summary>
+##	Execute mount in the mount domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mount_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_domtrans'($*)) dnl
+	
+	gen_require(`
+		type mount_t, mount_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mount_exec_t, mount_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mount in the mount domain, and
+##	allow the specified role the mount domain,
+##	and use the caller's terminal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mount_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role mount_roles;
+	')
+
+	mount_domtrans($1)
+	roleattribute $2 mount_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mount in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mount_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_exec'($*)) dnl
+	
+	gen_require(`
+		type mount_exec_t;
+	')
+
+	# cjp: this should be removed:
+	allow $1 mount_exec_t:dir list_dir_perms;
+
+	allow $1 mount_exec_t:lnk_file read_lnk_file_perms;
+	corecmd_search_bin($1)
+	can_exec($1, mount_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a generic signal to mount.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mount_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_signal'($*)) dnl
+	
+	gen_require(`
+		type mount_t;
+	')
+
+	allow $1 mount_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use file descriptors for mount.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+ 	 	define(`mount_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_use_fds'($*)) dnl
+	
+	gen_require(`
+		type mount_t;
+	')
+
+	allow $1 mount_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mount in the unconfined mount domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`mount_domtrans_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_domtrans_unconfined'($*)) dnl
+	
+	gen_require(`
+		type unconfined_mount_t, mount_exec_t;
+	')
+
+	domtrans_pattern($1, mount_exec_t, unconfined_mount_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_domtrans_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute mount in the unconfined mount domain, and
+##	allow the specified role the unconfined mount domain,
+##	and use the caller's terminal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`mount_run_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_run_unconfined'($*)) dnl
+	
+	gen_require(`
+		type unconfined_mount_t;
+	')
+
+	mount_domtrans_unconfined($1)
+	role $2 types unconfined_mount_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_run_unconfined'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read loopback filesystem image files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mount_read_loopback_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_read_loopback_files'($*)) dnl
+	
+	gen_require(`
+		type mount_loopback_t;
+	')
+
+	allow $1 mount_loopback_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_read_loopback_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write loopback filesystem image files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mount_rw_loopback_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_rw_loopback_files'($*)) dnl
+	
+	gen_require(`
+		type mount_loopback_t;
+	')
+
+	allow $1 mount_loopback_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_rw_loopback_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List mount runtime files.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`mount_list_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_list_runtime'($*)) dnl
+	
+	gen_require(`
+		type mount_runtime_t;
+	')
+
+	allow $1 mount_runtime_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_list_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch mount runtime dirs.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`mount_watch_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_watch_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type mount_runtime_t;
+	')
+
+	allow $1 mount_runtime_t:dir watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_watch_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Getattr on mount_runtime_t files
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`mount_getattr_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_getattr_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type mount_runtime_t;
+	')
+
+	allow $1 mount_runtime_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_getattr_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write mount runtime files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mount_rw_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_rw_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type mount_runtime_t;
+	')
+
+	rw_files_pattern($1, mount_runtime_t, mount_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_rw_runtime_files'($*)) dnl
+	')
+
+
+# gentoo specific under here
+
+########################################
+## <summary>
+##	Read and write mount unnamed pipes
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`mount_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `mount_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type mount_t;
+	')
+
+	allow $1 mount_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `mount_rw_pipes'($*)) dnl
+	')
+
+## <summary>System initialization programs (init and init scripts).</summary>
+
+######################################
+## <summary>
+##	Make the specified type usable as a mountpoint.
+## </summary>
+## <desc>
+##	Make the specified type usable as a mountpoint.
+##	This is normally used for systemd BindPaths options.
+## </desc>
+## <param name="file_type">
+##   <summary>
+##     Type to be used as a mountpoint.
+##   </summary>
+## </param>
+#
+ 	 	define(`init_mountpoint',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_mountpoint'($*)) dnl
+	
+	gen_require(`
+		attribute init_mountpoint_type;
+	')
+
+	typeattribute $1 init_mountpoint_type;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_mountpoint'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a file type monitored by a systemd path unit.
+## </summary>
+## <param name="script_file">
+##	<summary>
+##	Type to be used for a path unit monitored location.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_path_unit_location_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_path_unit_location_file'($*)) dnl
+	
+	gen_require(`
+		attribute init_path_unit_loc_type;
+	')
+
+	typeattribute $1 init_path_unit_loc_type;
+	files_type($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_path_unit_location_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a file type used for init scripts.
+## </summary>
+## <desc>
+##	<p>
+##	Create a file type used for init scripts.  It can not be
+##	used in conjunction with init_script_domain(). These
+##	script files are typically stored in the /etc/init.d directory.
+##	</p>
+##	<p>
+##	Typically this is used to constrain what services an
+##	admin can start/stop.  For example, a policy writer may want
+##	to constrain a web administrator to only being able to
+##	restart the web server, not other services.  This special type
+##	will help address that goal.
+##	</p>
+##	<p>
+##	This also makes the type usable for files; thus an
+##	explicit call to files_type() is redundant.
+##	</p>
+## </desc>
+## <param name="script_file">
+##	<summary>
+##	Type to be used for a script file.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`init_script_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_script_file'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+		attribute init_script_file_type, init_run_all_scripts_domain;
+	')
+
+	typeattribute $1 init_script_file_type;
+
+	domain_entry_file(initrc_t, $1)
+
+	domtrans_pattern(init_run_all_scripts_domain, $1, initrc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_script_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##   Make the specified type usable for
+##   systemd unit files.
+## </summary>
+## <param name="type">
+##   <summary>
+##   Type to be used for systemd unit files.
+##   </summary>
+## </param>
+#
+ 	 	define(`init_unit_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_unit_file'($*)) dnl
+	
+	gen_require(`
+		attribute systemdunit;
+	')
+
+	files_type($1)
+	typeattribute $1 systemdunit;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_unit_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain used for init scripts.
+## </summary>
+## <desc>
+##	<p>
+##	Create a domain used for init scripts.
+##	Can not be used in conjunction with
+##	init_script_file().
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used as an init script domain.
+##	</summary>
+## </param>
+## <param name="script_file">
+##	<summary>
+##	Type of the script file used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_script_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_script_domain'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_domain_type, init_script_file_type;
+		attribute init_run_all_scripts_domain;
+	')
+
+	typeattribute $1 init_script_domain_type;
+	typeattribute $2 init_script_file_type;
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+
+	role system_r types $1;
+
+	domtrans_pattern(init_run_all_scripts_domain, $2, $1)
+
+	ifdef(`init_systemd',`
+		gen_require(`
+			type init_t;
+		')
+
+		allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+
+		allow init_t $1:process2 { nnp_transition nosuid_transition };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_script_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain which can be started by init.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_domain'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+		role system_r;
+	')
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+
+	role system_r types $1;
+
+	domtrans_pattern(init_t, $2, $1)
+
+	allow init_t $1:process rlimitinh;
+
+	ifdef(`init_systemd',`
+		allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+
+		allow init_t $1:process2 { nnp_transition nosuid_transition };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain which can be started by init,
+##	with a range transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+## <param name="range">
+##	<summary>
+##	Range for the domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_ranged_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_ranged_domain'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	init_domain($1, $2)
+
+	ifdef(`enable_mcs',`
+		range_transition init_t $2:process $3;
+	')
+
+	ifdef(`enable_mls',`
+		range_transition init_t $2:process $3;
+		mls_rangetrans_target($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_ranged_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Setup a domain which can be manually transitioned to from init.
+## </summary>
+## <desc>
+##	<p>
+##	Create a domain used for systemd services where the SELinuxContext
+##  option is specified in the .service file.  This allows for the
+##  manual transition from systemd into the new domain.  This is used
+##  when automatic transitions won't work.  Used for the case where the
+##  same binary is used for multiple target domains.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program being executed when starting this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_spec_daemon_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_spec_daemon_domain'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+		role system_r;
+		attribute daemon;
+	')
+
+	typeattribute $1 daemon;
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+
+	role system_r types $1;
+
+	spec_domtrans_pattern(init_t, $2, $1)
+
+	allow init_t $1:process rlimitinh;
+
+	ifdef(`init_systemd',`
+		allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+
+		allow init_t $1:process2 { nnp_transition nosuid_transition };
+	')
+
+	# daemons started from init will
+	# inherit fds from init for the console
+	init_dontaudit_use_fds($1)
+	term_dontaudit_use_console($1)
+
+	# init script ptys are the stdin/out/err
+	# when using run_init
+	init_use_script_ptys($1)
+
+	ifdef(`direct_sysadm_daemon',`
+		userdom_dontaudit_use_user_terminals($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_spec_daemon_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain for long running processes
+##	(daemons/services) which are started by init scripts.
+## </summary>
+## <desc>
+##	<p>
+##	Create a domain for long running processes (daemons/services)
+##	which are started by init scripts. Short running processes
+##	should use the init_system_domain() interface instead.
+##	Typically all long running processes started by an init
+##	script (usually in /etc/init.d) will need to use this
+##	interface.
+##	</p>
+##	<p>
+##	The types will be made usable as a domain and file, making
+##	calls to domain_type() and files_type() redundant.
+##	</p>
+##	<p>
+##	If the process must also run in a specific MLS/MCS level,
+##	the init_ranged_daemon_domain() should be used instead.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a daemon domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`init_daemon_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_daemon_domain'($*)) dnl
+	
+	gen_require(`
+		type init_t, initrc_t;
+		role system_r;
+		attribute daemon;
+	')
+
+	typeattribute $1 daemon;
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+
+	role system_r types $1;
+
+	domtrans_pattern(initrc_t, $2, $1)
+
+	# daemons started from init will
+	# inherit fds from init for the console
+	init_dontaudit_use_fds($1)
+	term_dontaudit_use_console($1)
+
+	# init script ptys are the stdin/out/err
+	# when using run_init
+	init_use_script_ptys($1)
+
+	allow init_t $1:process rlimitinh;
+
+	ifdef(`direct_sysadm_daemon',`
+		userdom_dontaudit_use_user_terminals($1)
+	')
+
+	ifdef(`init_systemd',`
+		init_domain($1, $2)
+
+		allow $1 init_t:unix_dgram_socket sendto;
+	')
+
+	optional_policy(`
+		nscd_use($1)
+	')
+
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_daemon_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain for long running processes
+##	(daemons/services) which are started by init scripts,
+##	running at a specified MLS/MCS range.
+## </summary>
+## <desc>
+##	<p>
+##	Create a domain for long running processes (daemons/services)
+##	which are started by init scripts, running at a specified
+##	MLS/MCS range. Short running processes
+##	should use the init_ranged_system_domain() interface instead.
+##	Typically all long running processes started by an init
+##	script (usually in /etc/init.d) will need to use this
+##	interface if they need to run in a specific MLS/MCS range.
+##	</p>
+##	<p>
+##	The types will be made usable as a domain and file, making
+##	calls to domain_type() and files_type() redundant.
+##	</p>
+##	<p>
+##	If the policy build option TYPE is standard (MLS and MCS disabled),
+##	this interface has the same behavior as init_daemon_domain().
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a daemon domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+## <param name="range">
+##	<summary>
+##	MLS/MCS range for the domain.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`init_ranged_daemon_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_ranged_daemon_domain'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	ifdef(`init_systemd',`
+		init_ranged_domain($1, $2, $3)
+	',`
+		init_daemon_domain($1, $2)
+
+		ifdef(`enable_mcs',`
+			range_transition initrc_t $2:process $3;
+		')
+
+		ifdef(`enable_mls',`
+			range_transition initrc_t $2:process $3;
+			mls_rangetrans_target($1)
+		')
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_ranged_daemon_domain'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Abstract socket service activation (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain to be started by systemd socket activation.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_abstract_socket_activation',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_abstract_socket_activation'($*)) dnl
+	
+	ifdef(`init_systemd',`
+		gen_require(`
+			type init_t;
+		')
+
+		allow init_t $1:unix_stream_socket create_stream_socket_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_abstract_socket_activation'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Named socket service activation (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain to be started by systemd socket activation.
+##	</summary>
+## </param>
+## <param name="sock_file">
+##	<summary>
+##	The domain socket file type.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_named_socket_activation',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_named_socket_activation'($*)) dnl
+	
+	ifdef(`init_systemd',`
+		gen_require(`
+			type init_t;
+		')
+
+		allow init_t $1:unix_dgram_socket create_socket_perms;
+		allow init_t $1:unix_stream_socket create_stream_socket_perms;
+		allow init_t $2:dir manage_dir_perms;
+		allow init_t $2:fifo_file manage_fifo_file_perms;
+		allow init_t $2:sock_file manage_sock_file_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_named_socket_activation'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain for short running processes
+##	which are started by init scripts.
+## </summary>
+## <desc>
+##	<p>
+##	Create a domain for short running processes
+##	which are started by init scripts. These are generally applications that
+##	are used to initialize the system during boot.
+##	Long running processes, such as daemons/services
+##	should use the init_daemon_domain() interface instead.
+##	Typically all short running processes started by an init
+##	script (usually in /etc/init.d) will need to use this
+##	interface.
+##	</p>
+##	<p>
+##	The types will be made usable as a domain and file, making
+##	calls to domain_type() and files_type() redundant.
+##	</p>
+##	<p>
+##	If the process must also run in a specific MLS/MCS level,
+##	the init_ranged_system_domain() should be used instead.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a system domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`init_system_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_system_domain'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+		role system_r;
+		attribute systemprocess;
+	')
+
+	typeattribute $1 systemprocess;
+	application_domain($1, $2)
+
+	role system_r types $1;
+
+	domtrans_pattern(initrc_t, $2, $1)
+
+	ifdef(`init_systemd',`
+		init_domain($1, $2)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_system_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain for short running processes
+##	which are started by init scripts.
+## </summary>
+## <desc>
+##	<p>
+##	Create a domain for long running processes (daemons/services)
+##	which are started by init scripts.
+##	These are generally applications that
+##	are used to initialize the system during boot.
+##	Long running processes
+##	should use the init_ranged_system_domain() interface instead.
+##	Typically all short running processes started by an init
+##	script (usually in /etc/init.d) will need to use this
+##	interface if they need to run in a specific MLS/MCS range.
+##	</p>
+##	<p>
+##	The types will be made usable as a domain and file, making
+##	calls to domain_type() and files_type() redundant.
+##	</p>
+##	<p>
+##	If the policy build option TYPE is standard (MLS and MCS disabled),
+##	this interface has the same behavior as init_system_domain().
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a system domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+## <param name="range">
+##	<summary>
+##	Range for the domain.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`init_ranged_system_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_ranged_system_domain'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	ifdef(`init_systemd',`
+		init_ranged_domain($1, $2, $3)
+	',`
+		init_system_domain($1, $2)
+
+		ifdef(`enable_mcs',`
+			range_transition initrc_t $2:process $3;
+		')
+
+		ifdef(`enable_mls',`
+			range_transition initrc_t $2:process $3;
+			mls_rangetrans_target($1)
+		')
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_ranged_system_domain'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Allow domain dyntransition to init_t domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dyntrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dyntrans'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	dyntrans_pattern($1, init_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dyntrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mark the file type as a daemon pid file, allowing initrc_t
+##	to create it
+## </summary>
+## <param name="filetype">
+##	<summary>
+##	Type to mark as a daemon pid file
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Class on which the type is applied
+##	</summary>
+## </param>
+## <param name="filename">
+##	<summary>
+##	Filename of the file that the init script creates
+##	</summary>
+## </param>
+#
+ 	 	define(`init_daemon_pid_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_daemon_pid_file'($*)) dnl
+	
+	gen_require(`
+		attribute daemonpidfile;
+		type initrc_t;
+	')
+
+	typeattribute $1 daemonpidfile;
+
+	files_pid_file($1)
+	files_pid_filetrans(initrc_t, $1, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_daemon_pid_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mark the file type as a daemon lock file, allowing initrc_t
+##	to create it
+## </summary>
+## <param name="filetype">
+##	<summary>
+##	Type to mark as a daemon lock file
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Class on which the type is applied
+##	</summary>
+## </param>
+## <param name="filename">
+##	<summary>
+##	Filename of the file that the init script creates
+##	</summary>
+## </param>
+#
+ 	 	define(`init_daemon_lock_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_daemon_lock_file'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	files_lock_file($1)
+	files_lock_filetrans(initrc_t, $1, $2, $3)
+
+	allow initrc_t $1:dir manage_dir_perms;
+	allow initrc_t $1:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_daemon_lock_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute init (/sbin/init) with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_domtrans'($*)) dnl
+	
+	gen_require(`
+		type init_t, init_exec_t;
+	')
+
+	domtrans_pattern($1, init_exec_t, init_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute init (/sbin/init) with a domain transition
+##	to the provided domain.
+## </summary>
+## <desc>
+##	Execute init (/sbin/init) with a domain transition
+##	to the provided domain.  This is used by systemd
+##	to execute the systemd user session.
+## </desc>
+## <param name="domain">
+##	<summary>
+##	The type to be used as a systemd --user domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_pgm_spec_user_daemon_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_pgm_spec_user_daemon_domain'($*)) dnl
+	
+	gen_require(`
+		type init_t, init_exec_t;
+	')
+
+	domain_type($1)
+	domain_entry_file($1, init_exec_t)
+
+	spec_domtrans_pattern(init_t, init_exec_t, $1)
+
+	allow init_t $1:process { setsched rlimitinh noatsecure };
+
+	ifdef(`init_systemd',`
+		allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_pgm_spec_user_daemon_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the init program in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`init_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_exec'($*)) dnl
+	
+	gen_require(`
+		type init_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, init_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the init program to be an entrypoint
+##	for the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`init_pgm_entrypoint',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_pgm_entrypoint'($*)) dnl
+	
+	gen_require(`
+		type init_exec_t;
+	')
+
+	allow $1 init_exec_t:file entrypoint;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_pgm_entrypoint'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the rc application in the caller domain.
+## </summary>
+## <desc>
+## <p>
+##	This is only applicable to Gentoo or distributions that use the OpenRC
+##	init system.
+## </p>
+## <p>
+##	The OpenRC /sbin/rc binary is used for both init scripts as well as
+##	management applications and tools. When used for management purposes,
+##	calling /sbin/rc should never cause a transition to initrc_t.
+## </p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_exec_rc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_exec_rc'($*)) dnl
+	
+	gen_require(`
+		type rc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, rc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_exec_rc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the process group of init.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_getpgid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_getpgid'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:process getpgid;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_getpgid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send init a generic signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_signal'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send init a null signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_signull'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send init a SIGCHLD signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_sigchld'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to init with a unix socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type init_t, init_runtime_t;
+	')
+
+	stream_connect_pattern($1, init_runtime_t, init_runtime_t, init_t)
+	files_search_pids($1)
+	allow $1 init_t:unix_stream_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use file descriptors from init.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to inherit file
+##	descriptors from the init program (process ID 1).
+##	Typically the only file descriptors to be
+##	inherited from init are for the console.
+##	This does not allow the domain any access to
+##	the object to which the file descriptors references.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>init_dontaudit_use_fds()</li>
+##		<li>term_dontaudit_use_console()</li>
+##		<li>term_use_console()</li>
+##	</ul>
+##	<p>
+##	Example usage:
+##	</p>
+##	<p>
+##	init_use_fds(mydomain_t)
+##	term_use_console(mydomain_t)
+##	</p>
+##	<p>
+##	Normally, processes that can inherit these file
+##	descriptors (usually services) write messages to the
+##	system log instead of writing to the console.
+##	Therefore, in many cases, this access should
+##	dontaudited instead.
+##	</p>
+##	<p>
+##	Example dontaudit usage:
+##	</p>
+##	<p>
+##	init_dontaudit_use_fds(mydomain_t)
+##	term_dontaudit_use_console(mydomain_t)
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="1"/>
+#
+ 	 	define(`init_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_use_fds'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit file
+##	descriptors from init.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	dontaudit $1 init_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send messages to init unix datagram sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`init_dgram_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dgram_send'($*)) dnl
+	
+	gen_require(`
+		type init_t, init_runtime_t;
+	')
+
+	dgram_send_pattern($1, init_runtime_t, init_runtime_t, init_t)
+	files_search_pids($1)
+	allow $1 init_t:unix_stream_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dgram_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write to inherited init unix streams.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_rw_inherited_stream_socket',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rw_inherited_stream_socket'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rw_inherited_stream_socket'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to read/write to
+##	init with unix domain stream sockets.
+##	</summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:unix_stream_socket rw_stream_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	start service (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_start_system',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_start_system'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:system start;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_start_system'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	stop service (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_stop_system',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_stop_system'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:system stop;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_stop_system'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get all service status (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_get_system_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_get_system_status'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:system status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_get_system_status'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Enable all systemd services (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_enable',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_enable'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:system enable;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_enable'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Disable all services (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_disable',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_disable'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:system disable;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_disable'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Reload all services (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_reload',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_reload'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:system reload;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_reload'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Reboot the system (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_reboot_system',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_reboot_system'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:system reboot;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_reboot_system'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Shutdown (halt) the system (systemd).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_shutdown_system',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_shutdown_system'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:system halt;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_shutdown_system'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Allow specified domain to get init status
+## </summary>
+## <param name="domain">
+## <summary>
+## 	Domain to allow access.
+## </summary>
+## </param>
+#
+ 	 	define(`init_service_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_service_status'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+		class service status;
+	')
+
+	allow $1 init_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_service_status'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Allow specified domain to get init start
+## </summary>
+## <param name="domain">
+## <summary>
+## 	Domain to allow access.
+## </summary>
+## </param>
+#
+ 	 	define(`init_service_start',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_service_start'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+		class service start;
+	')
+
+	allow $1 init_t:service start;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_service_start'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	systemd over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+		class dbus send_msg;
+	')
+
+	allow $1 init_t:dbus send_msg;
+	allow init_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      read/follow symlinks under /var/lib/systemd/
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`init_read_var_lib_links',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_var_lib_links'($*)) dnl
+	
+	gen_require(`
+		type init_var_lib_t;
+	')
+
+	allow $1 init_var_lib_t:dir list_dir_perms;
+	allow $1 init_var_lib_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_var_lib_links'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      List /var/lib/systemd/ dir
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`init_list_var_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_list_var_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type init_var_lib_t;
+	')
+
+	allow $1 init_var_lib_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_list_var_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel dirs in /var/lib/systemd/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_relabel_var_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_relabel_var_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type init_var_lib_t;
+	')
+
+	allow $1 init_var_lib_t:dir { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_relabel_var_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage files in /var/lib/systemd/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_manage_var_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_manage_var_lib_files'($*)) dnl
+	
+	gen_require(`
+		type init_var_lib_t;
+	')
+
+	manage_files_pattern($1, init_var_lib_t, init_var_lib_t)
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_manage_var_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create files in /var/lib/systemd
+##	with an automatic type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="type">
+##	<summary>
+##	The type of object to be created
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The object class.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_var_lib_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_var_lib_filetrans'($*)) dnl
+	
+	gen_require(`
+		type init_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	filetrans_pattern($1, init_var_lib_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_var_lib_filetrans'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Allow search  directory in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_search_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_search_pids'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_search_pids'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##  Allow listing of the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`init_list_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_list_pids'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:dir list_dir_perms;
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_list_pids'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##  Create symbolic links in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`init_manage_pid_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_manage_pid_symlinks'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:lnk_file create_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_manage_pid_symlinks'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##  Create files in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`init_create_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_create_pid_files'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:file create_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_create_pid_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##  Write files in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`init_write_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_write_pid_files'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_write_pid_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##  Create, read, write, and delete
+##  directories in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`init_manage_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_manage_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	manage_dirs_pattern($1, init_runtime_t, init_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_manage_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create files in an init PID directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	The type of the object to be created
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The object class.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_pid_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_pid_filetrans'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	files_search_pids($1)
+	filetrans_pattern($1, init_runtime_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_pid_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of initctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_getattr_initctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_getattr_initctl'($*)) dnl
+	
+	gen_require(`
+		type initctl_t;
+	')
+
+	files_search_pids($1)
+	dev_list_all_dev_nodes($1)
+	allow $1 initctl_t:fifo_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_getattr_initctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the
+##	attributes of initctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_getattr_initctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_getattr_initctl'($*)) dnl
+	
+	gen_require(`
+		type initctl_t;
+	')
+
+	dontaudit $1 initctl_t:fifo_file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_getattr_initctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to initctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_write_initctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_write_initctl'($*)) dnl
+	
+	gen_require(`
+		type initctl_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	files_search_pids($1)
+	allow $1 initctl_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_write_initctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use telinit (Read and write initctl).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`init_telinit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_telinit'($*)) dnl
+	
+	gen_require(`
+		type initctl_t, init_t;
+	')
+
+	ps_process_pattern($1, init_t)
+	allow $1 init_t:process signal;
+	# upstart uses a datagram socket instead of initctl pipe
+	allow $1 self:unix_dgram_socket create_socket_perms;
+	allow $1 init_t:unix_dgram_socket sendto;
+	#576913
+	allow $1 init_t:unix_stream_socket connectto;
+
+	allow $1 initctl_t:fifo_file rw_fifo_file_perms;
+
+	corecmd_exec_bin($1)
+
+	dev_list_all_dev_nodes($1)
+	files_search_pids($1)
+
+	init_exec($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_telinit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write initctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_rw_initctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rw_initctl'($*)) dnl
+	
+	gen_require(`
+		type initctl_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	files_search_pids($1)
+	allow $1 initctl_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rw_initctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write initctl.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_rw_initctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_rw_initctl'($*)) dnl
+	
+	gen_require(`
+		type initctl_t;
+	')
+
+	dontaudit $1 initctl_t:fifo_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_rw_initctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make init scripts an entry point for
+##	the specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+# cjp: added for gentoo integrated run_init
+ 	 	define(`init_script_file_entry_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_script_file_entry_type'($*)) dnl
+	
+	gen_require(`
+		type initrc_exec_t;
+	')
+
+	# /sbin/runscript is a wrapper for /sbin/rc, so run_init_t
+	# wants to execute initrc_exec_t (no transition needed anymore) whereas
+	# runscript previously was a binary
+	# allow $1 initrc_exec_t:file execute_no_trans;
+
+	domain_entry_file($1, initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_script_file_entry_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute init scripts with a specified domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_spec_domtrans_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_spec_domtrans_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t, initrc_exec_t;
+	')
+
+	files_list_etc($1)
+	spec_domtrans_pattern($1, initrc_exec_t, initrc_t)
+
+	ifdef(`enable_mcs',`
+		range_transition $1 initrc_exec_t:process s0;
+	')
+
+	ifdef(`enable_mls',`
+		range_transition $1 initrc_exec_t:process s0 - mls_systemhigh;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_spec_domtrans_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute init scripts with an automatic domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_domtrans_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_domtrans_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t, initrc_exec_t;
+	')
+
+	files_list_etc($1)
+	domtrans_pattern($1, initrc_exec_t, initrc_t)
+
+	ifdef(`enable_mcs',`
+		range_transition $1 initrc_exec_t:process s0;
+	')
+
+	ifdef(`enable_mls',`
+		range_transition $1 initrc_exec_t:process s0 - mls_systemhigh;
+	')
+
+	ifdef(`distro_gentoo',`
+		gen_require(`
+			type rc_exec_t;
+		')
+
+		domtrans_pattern($1, rc_exec_t, initrc_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_domtrans_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute labelled init scripts with an automatic domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_domtrans_labeled_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_domtrans_labeled_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+		attribute init_script_file_type;
+		attribute initrc_transition_domain;
+	')
+
+	typeattribute $1 initrc_transition_domain;
+
+	files_list_etc($1)
+	domtrans_pattern($1, init_script_file_type, initrc_t)
+
+	ifdef(`enable_mcs',`
+		range_transition $1 init_script_file_type:process s0;
+	')
+
+	ifdef(`enable_mls',`
+		range_transition $1 init_script_file_type:process s0 - mls_systemhigh;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_domtrans_labeled_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a init script in a specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute a init script in a specified domain.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="source_domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	Domain to transition to.
+##	</summary>
+## </param>
+# cjp: added for gentoo integrated run_init
+ 	 	define(`init_script_file_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_script_file_domtrans'($*)) dnl
+	
+	gen_require(`
+		type initrc_exec_t;
+	')
+
+	files_list_etc($1)
+	domain_auto_transition_pattern($1, initrc_exec_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_script_file_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Send a kill signal to init scripts.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`init_kill_scripts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_kill_scripts'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_kill_scripts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Allow manage service for initrc_exec_t scripts
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Target domain
+##      </summary>
+## </param>
+#
+ 	 	define(`init_manage_script_service',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_manage_script_service'($*)) dnl
+	
+	gen_require(`
+		type initrc_exec_t;
+		class service { status start stop };
+	')
+
+	allow $1 initrc_exec_t:service { start stop status };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_manage_script_service'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transition to the init script domain
+##	on a specified labeled init script.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="init_script_file">
+##	<summary>
+##	Labeled init script file.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_labeled_script_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_labeled_script_domtrans'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+		attribute initrc_transition_domain;
+	')
+
+	typeattribute $1 initrc_transition_domain;
+	domtrans_pattern($1, $2, initrc_t)
+	files_search_etc($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_labeled_script_domtrans'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Transition to the init script domain
+## 	for all labeled init script types
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_all_labeled_script_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_all_labeled_script_domtrans'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type;
+	')
+
+	init_labeled_script_domtrans($1, init_script_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_all_labeled_script_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Allow getting service status of initrc_exec_t scripts
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Target domain
+##      </summary>
+## </param>
+#
+ 	 	define(`init_get_script_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_get_script_status'($*)) dnl
+	
+	gen_require(`
+		type initrc_exec_t;
+		class service status;
+	')
+
+	allow $1 initrc_exec_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_get_script_status'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the role to start and stop
+##	labeled services.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be performing this action.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a daemon domain.
+##	</summary>
+## </param>
+## <param name="init_script_file">
+##	<summary>
+##	Labeled init script file.
+##	</summary>
+## </param>
+## <param name="unit" optional="true">
+##	<summary>
+##	Systemd unit file type.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_startstop_service',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_startstop_service'($*)) dnl
+	
+	gen_require(`
+		role system_r;
+	')
+
+	# sysvinit/upstart systems will need to use run_init
+	# if not using direct_sysadm_daemon.
+	ifdef(`direct_sysadm_daemon',`
+		init_labeled_script_domtrans($1, $4)
+		domain_system_change_exemption($1)
+		role_transition $2 $4 system_r;
+		allow $2 system_r;
+	')
+
+	ifdef(`distro_gentoo',`
+		# for OpenRC
+		seutil_labeled_init_script_run_runinit($1, $2, $4)
+	')
+
+	ifdef(`init_systemd',`
+		# This ifelse condition is temporary, until
+		# all callers are updated to provide unit files.
+		ifelse(`$5',`',`',`
+			gen_require(`
+				class service { start status stop };
+			')
+
+			allow $1 $5:service { start status stop };
+		')
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_startstop_service'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Start and stop daemon programs directly.
+## </summary>
+## <desc>
+##	<p>
+##	Start and stop daemon programs directly
+##	in the traditional "/etc/init.d/daemon start"
+##	style, and do not require run_init.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be performing this action.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_run_daemon',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_run_daemon'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type;
+		role system_r;
+	')
+
+	allow $2 system_r;
+
+	init_all_labeled_script_domtrans($1)
+	role_transition $2 init_script_file_type system_r;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_run_daemon'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Start and stop init_script_file_type services
+## </summary>
+## <param name="domain">
+##     <summary>
+##     domain that can start and stop the services
+##     </summary>
+## </param>
+#
+ 	 	define(`init_startstop_all_script_services',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_startstop_all_script_services'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type;
+		class service { start status stop };
+	')
+
+	allow $1 init_script_file_type:service { start status stop };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_startstop_all_script_services'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the process state (/proc/pid) of init.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_state'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:dir search_dir_perms;
+	allow $1 init_t:file read_file_perms;
+	allow $1 init_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dontaudit read the process state (/proc/pid) of init.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_read_state'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	dontaudit $1 init_t:dir search_dir_perms;
+	dontaudit $1 init_t:file read_file_perms;
+	dontaudit $1 init_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Ptrace init
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`init_ptrace',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_ptrace'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:process ptrace;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_ptrace'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	get init process stats
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`init_getattr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_getattr'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:process getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_getattr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read an init script unnamed pipe.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_script_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_script_pipes'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_script_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write an init script unnamed pipe.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_write_script_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_write_script_pipes'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:fifo_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_write_script_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attribute of init script entrypoint files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_getattr_script_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_getattr_script_files'($*)) dnl
+	
+	gen_require(`
+		type initrc_exec_t;
+	')
+
+	files_list_etc($1)
+	allow $1 initrc_exec_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_getattr_script_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read init scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_script_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_script_files'($*)) dnl
+	
+	gen_require(`
+		type initrc_exec_t;
+	')
+
+	files_search_etc($1)
+	allow $1 initrc_exec_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_script_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute init scripts in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_exec_script_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_exec_script_files'($*)) dnl
+	
+	gen_require(`
+		type initrc_exec_t;
+	')
+
+	files_list_etc($1)
+	can_exec($1, initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_exec_script_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attribute of all init script entrypoint files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_getattr_all_script_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_getattr_all_script_files'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type;
+	')
+
+	files_list_etc($1)
+	allow $1 init_script_file_type:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_getattr_all_script_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all init script files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_all_script_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_all_script_files'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type;
+	')
+
+	files_search_etc($1)
+	allow $1 init_script_file_type:file read_file_perms;
+
+	ifdef(`distro_gentoo',`
+		# Bug 554514
+		allow $1 init_script_file_type:lnk_file read_lnk_file_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_all_script_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Dontaudit read all init script files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_read_all_script_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_read_all_script_files'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type;
+	')
+
+	dontaudit $1 init_script_file_type:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_read_all_script_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute all init scripts in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_exec_all_script_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_exec_all_script_files'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type;
+	')
+
+	files_list_etc($1)
+	can_exec($1, init_script_file_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_exec_all_script_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the process state (/proc/pid) of the init scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_script_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_script_state'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	kernel_search_proc($1)
+	ps_process_pattern($1, initrc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_script_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use init script file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_use_script_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_use_script_fds'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_use_script_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit
+##	init script file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_use_script_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_use_script_fds'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	dontaudit $1 initrc_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_use_script_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search init script keys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_search_script_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_search_script_keys'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:key search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_search_script_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the process group ID of init scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_getpgid_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_getpgid_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:process getpgid;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_getpgid_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send SIGCHLD signals to init scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_sigchld_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_sigchld_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_sigchld_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to init scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_signal_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_signal_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_signal_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to init scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_signull_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_signull_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_signull_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write init script unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_rw_script_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rw_script_pipes'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:fifo_file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rw_script_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to connect to
+##	init scripts with a unix socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_stream_connect_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_stream_connect_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:unix_stream_socket connectto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_stream_connect_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to read/write to
+##	init scripts with a unix domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_rw_script_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rw_script_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	allow $1 initrc_t:unix_stream_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rw_script_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Dont audit the specified domain connecting to
+##	init scripts with a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_stream_connect_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_stream_connect_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+	')
+
+	dontaudit $1 initrc_t:unix_stream_socket connectto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_stream_connect_script'($*)) dnl
+	')
+
+########################################
+## <summary>
+##	Send messages to init scripts over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dbus_send_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dbus_send_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+		class dbus send_msg;
+	')
+
+	allow $1 initrc_t:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dbus_send_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	init scripts over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dbus_chat_script',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dbus_chat_script'($*)) dnl
+	
+	gen_require(`
+		type initrc_t;
+		class dbus send_msg;
+	')
+
+	allow $1 initrc_t:dbus send_msg;
+	allow initrc_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dbus_chat_script'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the init script pty.
+## </summary>
+## <desc>
+##	<p>
+##	Read and write the init script pty.  This
+##	pty is generally opened by the open_init_pty
+##	portion of the run_init program so that the
+##	daemon does not require direct access to
+##	the administrator terminal.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_use_script_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_use_script_ptys'($*)) dnl
+	
+	gen_require(`
+		type initrc_devpts_t;
+	')
+
+	term_list_ptys($1)
+	allow $1 initrc_devpts_t:chr_file { rw_term_perms lock append };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_use_script_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write inherited init script ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_use_inherited_script_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_use_inherited_script_ptys'($*)) dnl
+	
+	gen_require(`
+		type initrc_devpts_t;
+	')
+
+	term_list_ptys($1)
+	allow $1 initrc_devpts_t:chr_file { getattr read write ioctl };
+
+	init_use_fds($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_use_inherited_script_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write the init script pty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_use_script_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_use_script_ptys'($*)) dnl
+	
+	gen_require(`
+		type initrc_devpts_t;
+	')
+
+	dontaudit $1 initrc_devpts_t:chr_file { rw_term_perms lock append };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_use_script_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of init script
+##	status files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_getattr_script_status_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_getattr_script_status_files'($*)) dnl
+	
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	getattr_files_pattern($1, initrc_state_t, initrc_state_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_getattr_script_status_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read init script
+##	status files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_read_script_status_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_read_script_status_files'($*)) dnl
+	
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	dontaudit $1 initrc_state_t:dir search_dir_perms;
+	dontaudit $1 initrc_state_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_read_script_status_files'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Search the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_search_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_search_run'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 init_runtime_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_search_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read init script temporary data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_script_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_script_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type initrc_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, initrc_tmp_t, initrc_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_script_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write init script inherited temporary data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_rw_inherited_script_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rw_inherited_script_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type initrc_tmp_t;
+	')
+
+	allow $1 initrc_tmp_t:file rw_inherited_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rw_inherited_script_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write init script temporary data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_rw_script_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rw_script_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type initrc_tmp_t;
+	')
+
+	files_search_tmp($1)
+	rw_files_pattern($1, initrc_tmp_t, initrc_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rw_script_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create files in a init script
+##	temporary data directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	The type of the object to be created
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The object class.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_script_tmp_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_script_tmp_filetrans'($*)) dnl
+	
+	gen_require(`
+		type initrc_tmp_t;
+	')
+
+	files_search_tmp($1)
+	filetrans_pattern($1, initrc_tmp_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_script_tmp_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of init script process id files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_getattr_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_getattr_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	allow $1 initrc_runtime_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_getattr_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read utmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	files_list_pids($1)
+	allow $1 initrc_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write utmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_write_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_write_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	dontaudit $1 initrc_runtime_t:file { write lock };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_write_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to utmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_write_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_write_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	files_list_pids($1)
+	allow $1 initrc_runtime_t:file { getattr open write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_write_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to lock
+##	init script pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_lock_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_lock_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	dontaudit $1 initrc_runtime_t:file lock;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_lock_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write utmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_rw_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rw_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	files_list_pids($1)
+	allow $1 initrc_runtime_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rw_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write utmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_dontaudit_rw_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_dontaudit_rw_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	dontaudit $1 initrc_runtime_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_dontaudit_rw_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete utmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_manage_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_manage_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 initrc_runtime_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_manage_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel utmp.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_relabel_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_relabel_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	allow $1 initrc_runtime_t:file { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_relabel_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create files in /var/run with the
+##	utmp file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_pid_filetrans_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_pid_filetrans_utmp'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use init_runtime_filetrans_utmp() instead.')
+	init_runtime_filetrans_utmp($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_pid_filetrans_utmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create files in /var/run with the
+##	utmp file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_runtime_filetrans_utmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_runtime_filetrans_utmp'($*)) dnl
+	
+	gen_require(`
+		type initrc_runtime_t;
+	')
+
+	files_pid_filetrans($1, initrc_runtime_t, file, "utmp")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_runtime_filetrans_utmp'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create a directory in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_create_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_create_pid_dirs'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use init_create_runtime_dirs() instead.')
+	init_create_runtime_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_create_pid_dirs'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create a directory in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_create_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_create_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:dir list_dir_perms;
+	create_dirs_pattern($1, init_runtime_t, init_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_create_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Rename init_runtime_t files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      domain
+##      </summary>
+## </param>
+#
+ 	 	define(`init_rename_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rename_pid_files'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use init_rename_runtime_files() instead.')
+	init_rename_runtime_files($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rename_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Rename init_runtime_t files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      domain
+##      </summary>
+## </param>
+#
+ 	 	define(`init_rename_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_rename_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	rename_files_pattern($1, init_runtime_t, init_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_rename_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Delete init_runtime_t files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      domain
+##      </summary>
+## </param>
+#
+ 	 	define(`init_delete_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_delete_pid_files'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use init_delete_runtime_files() instead.')
+	init_delete_runtime_files($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_delete_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Delete init_runtime_t files
+## </summary>
+## <param name="domain">
+##      <summary>
+##      domain
+##      </summary>
+## </param>
+#
+ 	 	define(`init_delete_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_delete_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	delete_files_pattern($1, init_runtime_t, init_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_delete_runtime_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Allow the specified domain to write to
+##  init sock file.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`init_write_pid_socket',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_write_pid_socket'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use init_write_runtime_socket() instead.')
+	init_write_runtime_socket($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_write_pid_socket'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Allow the specified domain to write to
+##  init sock file.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`init_write_runtime_socket',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_write_runtime_socket'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:sock_file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_write_runtime_socket'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read init unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_pid_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_pid_pipes'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use init_read_runtime_pipes() instead.')
+	init_read_runtime_pipes($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_pid_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read init unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_runtime_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_runtime_pipes'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	read_fifo_files_pattern($1, init_runtime_t, init_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_runtime_pipes'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	read systemd unit symlinks (usually under /run/systemd/units/)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_runtime_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_runtime_symlinks'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	read_lnk_files_pattern($1, init_runtime_t, init_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_runtime_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to connect to daemon with a tcp socket
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_tcp_recvfrom_all_daemons',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_tcp_recvfrom_all_daemons'($*)) dnl
+	
+	gen_require(`
+		attribute daemon;
+	')
+
+	corenet_tcp_recvfrom_labeled($1, daemon)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_tcp_recvfrom_all_daemons'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the specified domain to connect to daemon with a udp socket
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_udp_recvfrom_all_daemons',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_udp_recvfrom_all_daemons'($*)) dnl
+	
+	gen_require(`
+		attribute daemon;
+	')
+	corenet_udp_recvfrom_labeled($1, daemon)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_udp_recvfrom_all_daemons'($*)) dnl
+	')
+
+
+# This should be behind an ifdef distro_gentoo but this is not allowed here
+
+#########################################
+## <summary>
+##	Allow reading the init script state files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_script_status_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_script_status_files'($*)) dnl
+	
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	read_files_pattern($1, initrc_state_t, initrc_state_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_script_status_files'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Label to init script status files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`init_relabelto_script_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_relabelto_script_state'($*)) dnl
+	
+	gen_require(`
+		type initrc_state_t;
+	')
+
+	relabelto_files_pattern($1, initrc_state_t, initrc_state_t)
+	relabelto_dirs_pattern($1, initrc_state_t, initrc_state_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_relabelto_script_state'($*)) dnl
+	')
+
+
+#########################################
+## <summary>
+##	Mark as a readable type for the initrc_t domain
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type that initrc_t needs read access to
+##	</summary>
+## </param>
+#
+ 	 	define(`init_script_readable_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_script_readable_type'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_readable;
+	')
+
+	typeattribute $1 init_script_readable;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_script_readable_type'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Search systemd unit dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_search_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_search_units'($*)) dnl
+	
+	gen_require(`
+		type init_runtime_t, systemd_unit_t;
+	')
+
+	search_dirs_pattern($1, init_runtime_t, systemd_unit_t)
+
+	# Units are in /etc/systemd/system, /usr/lib/systemd/system and /run/systemd
+	files_search_etc($1)
+	files_search_usr($1)
+	libs_search_lib($1)
+
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_search_units'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	List systemd unit dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_list_unit_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_list_unit_dirs'($*)) dnl
+	
+	gen_require(`
+		type systemd_unit_t;
+	')
+
+	allow $1 systemd_unit_t:dir list_dir_perms;
+
+	init_search_units($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_list_unit_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read systemd unit links
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_read_generic_units_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_read_generic_units_symlinks'($*)) dnl
+	
+	gen_require(`
+		type systemd_unit_t;
+	')
+
+	allow $1 systemd_unit_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_read_generic_units_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get status of generic systemd units.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_get_generic_units_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_get_generic_units_status'($*)) dnl
+	
+	gen_require(`
+		type systemd_unit_t;
+		class service status;
+	')
+
+	allow $1 systemd_unit_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_get_generic_units_status'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Start generic systemd units.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_start_generic_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_start_generic_units'($*)) dnl
+	
+	gen_require(`
+		type systemd_unit_t;
+		class service start;
+	')
+
+	allow $1 systemd_unit_t:service start;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_start_generic_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Stop generic systemd units.
+## </summary>
+## <param name="domain">
+##	<summary>
+## 	Domain to not audit.
+## </summary>
+## </param>
+#
+ 	 	define(`init_stop_generic_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_stop_generic_units'($*)) dnl
+	
+	gen_require(`
+		type systemd_unit_t;
+		class service stop;
+	')
+
+	allow $1 systemd_unit_t:service stop;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_stop_generic_units'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Reload generic systemd units.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_reload_generic_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_reload_generic_units'($*)) dnl
+	
+	gen_require(`
+		type systemd_unit_t;
+		class service reload;
+	')
+
+	allow $1 systemd_unit_t:service reload;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_reload_generic_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get status of all systemd units.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_get_all_units_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_get_all_units_status'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type, systemdunit;
+		class service status;
+	')
+
+	allow $1 { init_script_file_type systemdunit }:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_get_all_units_status'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##      All perms on all systemd units.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`init_manage_all_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_manage_all_units'($*)) dnl
+	
+	gen_require(`
+		attribute systemdunit;
+		class service all_service_perms;
+	')
+
+	allow $1 systemdunit:service all_service_perms;
+	allow $1 systemdunit:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_manage_all_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Start all systemd units.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_start_all_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_start_all_units'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type, systemdunit;
+		class service start;
+	')
+
+	allow $1 { init_script_file_type systemdunit }:service start;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_start_all_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Stop all systemd units.
+## </summary>
+## <param name="domain">
+##	<summary>
+## 	Domain to not audit.
+## </summary>
+## </param>
+#
+ 	 	define(`init_stop_all_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_stop_all_units'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type, systemdunit;
+		class service stop;
+	')
+
+	allow $1 { init_script_file_type systemdunit }:service stop;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_stop_all_units'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Reload all systemd units.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`init_reload_all_units',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_reload_all_units'($*)) dnl
+	
+	gen_require(`
+		attribute init_script_file_type, systemdunit;
+		class service reload;
+	')
+
+	allow $1 { init_script_file_type systemdunit }:service reload;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_reload_all_units'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Allow unconfined access to send instructions to init
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Target domain
+##      </summary>
+## </param>
+#
+ 	 	define(`init_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_admin'($*)) dnl
+	
+	dev_manage_null_service($1)
+	init_disable($1)
+	init_enable($1)
+	init_get_all_units_status($1)
+	init_get_generic_units_status($1)
+	init_get_system_status($1)
+	init_manage_all_units($1)
+	init_manage_script_service($1)
+	init_reboot_system($1)
+	init_reload($1)
+	init_reload_all_units($1)
+	init_shutdown_system($1)
+	init_start_system($1)
+	init_start_all_units($1)
+	init_start_generic_units($1)
+	init_stop_all_units($1)
+	init_stop_generic_units($1)
+	init_stop_system($1)
+	init_telinit($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_admin'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Allow getting init_t rlimit
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Source domain
+##      </summary>
+## </param>
+#
+ 	 	define(`init_getrlimit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `init_getrlimit'($*)) dnl
+	
+	gen_require(`
+		type init_t;
+	')
+
+	allow $1 init_t:process getrlimit;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `init_getrlimit'($*)) dnl
+	')
+
+## <summary>Policy for local logins.</summary>
+
+########################################
+## <summary>
+##	Execute local logins in the local login domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`locallogin_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `locallogin_domtrans'($*)) dnl
+	
+	gen_require(`
+		type local_login_t;
+	')
+
+	auth_domtrans_login_program($1, local_login_t)
+
+	ifdef(`enable_mcs',`
+		auth_ranged_domtrans_login_program($1, local_login_t, s0 - mcs_systemhigh)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `locallogin_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow calling domain to read locallogin state.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed permission.
+##	</summary>
+## </param>
+#
+ 	 	define(`locallogin_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `locallogin_read_state'($*)) dnl
+	
+	gen_require(`
+		type local_login_t;
+	')
+
+	kernel_search_proc($1)
+	allow $1 local_login_t:file read_file_perms;
+	allow $1 local_login_t:lnk_file read_lnk_file_perms;
+	allow $1 local_login_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `locallogin_read_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow processes to inherit local login file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`locallogin_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `locallogin_use_fds'($*)) dnl
+	
+	gen_require(`
+		type local_login_t;
+	')
+
+	allow $1 local_login_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `locallogin_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit local login file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`locallogin_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `locallogin_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type local_login_t;
+	')
+
+	dontaudit $1 local_login_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `locallogin_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a null signal to local login processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`locallogin_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `locallogin_signull'($*)) dnl
+	
+	gen_require(`
+		type local_login_t;
+	')
+
+	allow $1 local_login_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `locallogin_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search for key.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`locallogin_search_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `locallogin_search_keys'($*)) dnl
+	
+	gen_require(`
+		type local_login_t;
+	')
+
+	allow $1 local_login_t:key search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `locallogin_search_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow link to the local_login key ring.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`locallogin_link_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `locallogin_link_keys'($*)) dnl
+	
+	gen_require(`
+		type local_login_t;
+	')
+
+	allow $1 local_login_t:key link;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `locallogin_link_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute single-user logins in the single-user login domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`locallogin_domtrans_sulogin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `locallogin_domtrans_sulogin'($*)) dnl
+	
+	gen_require(`
+		type sulogin_exec_t, sulogin_t;
+	')
+
+	domtrans_pattern($1, sulogin_exec_t, sulogin_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `locallogin_domtrans_sulogin'($*)) dnl
+	')
+
+## <summary>PCMCIA card management services.</summary>
+
+########################################
+## <summary>
+##	PCMCIA stub interface.  No access allowed.
+## </summary>
+## <param name="domain" unused="true">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcmcia_stub',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcmcia_stub'($*)) dnl
+	
+	gen_require(`
+		type cardmgr_t;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcmcia_stub'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cardmgr in the cardmgr domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcmcia_domtrans_cardmgr',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcmcia_domtrans_cardmgr'($*)) dnl
+	
+	gen_require(`
+		type cardmgr_t, cardmgr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cardmgr_exec_t, cardmgr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcmcia_domtrans_cardmgr'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use cardmgr file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcmcia_use_cardmgr_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcmcia_use_cardmgr_fds'($*)) dnl
+	
+	gen_require(`
+		type cardmgr_t;
+	')
+
+	allow $1 cardmgr_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcmcia_use_cardmgr_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cardctl in the cardmgr domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcmcia_domtrans_cardctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcmcia_domtrans_cardctl'($*)) dnl
+	
+	gen_require(`
+		type cardmgr_t, cardctl_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cardctl_exec_t, cardmgr_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcmcia_domtrans_cardctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute cardctl in the cardmgr
+##	domain, and allow the specified
+##	role the cardmgr domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`pcmcia_run_cardctl',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcmcia_run_cardctl'($*)) dnl
+	
+	gen_require(`
+		attribute_role cardmgr_roles;
+	')
+
+	pcmcia_domtrans_cardctl($1)
+	roleattribute $2 cardmgr_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcmcia_run_cardctl'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read cardmgr pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcmcia_read_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcmcia_read_pid'($*)) dnl
+	
+	gen_require(`
+		type cardmgr_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, cardmgr_runtime_t, cardmgr_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcmcia_read_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	cardmgr pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcmcia_manage_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcmcia_manage_pid'($*)) dnl
+	
+	gen_require(`
+		type cardmgr_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, cardmgr_runtime_t, cardmgr_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcmcia_manage_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	cardmgr runtime character nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`pcmcia_manage_pid_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `pcmcia_manage_pid_chr_files'($*)) dnl
+	
+	gen_require(`
+		type cardmgr_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_chr_files_pattern($1, cardmgr_runtime_t, cardmgr_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `pcmcia_manage_pid_chr_files'($*)) dnl
+	')
+
+## <summary>Tools for filesystem management, such as mkfs and fsck.</summary>
+
+########################################
+## <summary>
+##	Execute fs tools in the fstools domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_domtrans'($*)) dnl
+	
+	gen_require(`
+		type fsadm_t, fsadm_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, fsadm_exec_t, fsadm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute fs tools in the fstools domain, and
+##	allow the specified role the fs tools domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`fstools_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_run'($*)) dnl
+	
+	gen_require(`
+		type fsadm_t;
+	')
+
+	fstools_domtrans($1)
+	role $2 types fsadm_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute fsadm in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_exec'($*)) dnl
+	
+	gen_require(`
+		type fsadm_exec_t;
+	')
+
+	can_exec($1, fsadm_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send signal to fsadm process
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_signal'($*)) dnl
+	
+	gen_require(`
+		type fsadm_t;
+	')
+
+	allow $1 fsadm_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit fstools file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_use_fds'($*)) dnl
+	
+	gen_require(`
+		type fsadm_t;
+	')
+
+	allow $1 fsadm_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read fstools unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_read_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_read_pipes'($*)) dnl
+	
+	gen_require(`
+		type fsadm_t;
+	')
+
+	allow $1 fsadm_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_read_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel a file to the type used by the
+##	filesystem tools programs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_relabelto_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_relabelto_entry_files'($*)) dnl
+	
+	gen_require(`
+		type fsadm_exec_t;
+	')
+
+	allow $1 fsadm_exec_t:file relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_relabelto_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete a file used by the
+##	filesystem tools programs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_manage_entry_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_manage_entry_files'($*)) dnl
+	
+	gen_require(`
+		type fsadm_exec_t;
+	')
+
+	allow $1 fsadm_exec_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_manage_entry_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to fsadm_log_t
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_write_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_write_log'($*)) dnl
+	
+	gen_require(`
+		type fsadm_log_t;
+	')
+
+	allow $1 fsadm_log_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_write_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete filesystem tools
+##	runtime files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_manage_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_manage_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type fsadm_run_t;
+	')
+
+	manage_files_pattern($1, fsadm_run_t, fsadm_run_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_manage_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Getattr swapfile
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_getattr_swap_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_getattr_swap_files'($*)) dnl
+	
+	gen_require(`
+		type swapfile_t;
+	')
+
+	allow $1 swapfile_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_getattr_swap_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Ignore access to a swapfile.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_dontaudit_getattr_swap_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_dontaudit_getattr_swap_files'($*)) dnl
+	
+	gen_require(`
+		type swapfile_t;
+	')
+
+	dontaudit $1 swapfile_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_dontaudit_getattr_swap_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to swapfile.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_relabelto_swap_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_relabelto_swap_files'($*)) dnl
+	
+	gen_require(`
+		type swapfile_t;
+	')
+
+	allow $1 swapfile_t:file relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_relabelto_swap_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage swapfile.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`fstools_manage_swap_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `fstools_manage_swap_files'($*)) dnl
+	
+	gen_require(`
+		type swapfile_t;
+	')
+
+	allow $1 swapfile_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `fstools_manage_swap_files'($*)) dnl
+	')
+
+## <summary>NetLabel/CIPSO labeled networking management</summary>
+
+########################################
+## <summary>
+##	Execute netlabel_mgmt in the netlabel_mgmt domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`netlabel_domtrans_mgmt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netlabel_domtrans_mgmt'($*)) dnl
+	
+	gen_require(`
+		type netlabel_mgmt_t, netlabel_mgmt_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, netlabel_mgmt_exec_t, netlabel_mgmt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netlabel_domtrans_mgmt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute netlabel_mgmt in the netlabel_mgmt domain, and
+##	allow the specified role the netlabel_mgmt domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`netlabel_run_mgmt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `netlabel_run_mgmt'($*)) dnl
+	
+	gen_require(`
+		type netlabel_mgmt_t;
+	')
+
+	netlabel_domtrans_mgmt($1)
+	role $2 types netlabel_mgmt_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `netlabel_run_mgmt'($*)) dnl
+	')
+
+## <summary>Collection of tools for managing UNIX services.</summary>
+
+########################################
+## <summary>
+##	An ipc channel between the
+##	supervised domain and svc_start_t.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`daemontools_ipc_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemontools_ipc_domain'($*)) dnl
+	
+	gen_require(`
+		type svc_start_t;
+	')
+
+	allow $1 svc_start_t:process sigchld;
+	allow $1 svc_start_t:fd use;
+	allow $1 svc_start_t:fifo_file rw_fifo_file_perms;
+	allow svc_start_t $1:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemontools_ipc_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain which can be
+##	started by daemontools.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`daemontools_service_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemontools_service_domain'($*)) dnl
+	
+	gen_require(`
+		type svc_run_t;
+	')
+
+	domain_auto_transition_pattern(svc_run_t, $2, $1)
+	daemontools_ipc_domain($1)
+
+	allow svc_run_t $1:process signal;
+	allow $1 svc_run_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemontools_service_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute svc start in the svc
+##	start domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`daemontools_domtrans_start',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemontools_domtrans_start'($*)) dnl
+	
+	gen_require(`
+		type svc_start_t, svc_start_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, svc_start_exec_t, svc_start_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemontools_domtrans_start'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute svc start in the svc
+##	start domain, and allow the
+##	specified role the svc start domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`daemonstools_run_start',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemonstools_run_start'($*)) dnl
+	
+	gen_require(`
+		attribute_role svc_start_roles;
+	')
+
+	daemontools_domtrans_start($1)
+	roleattribute $2 svc_start_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemonstools_run_start'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute avc run in the svc run domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`daemontools_domtrans_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemontools_domtrans_run'($*)) dnl
+	
+	gen_require(`
+		type svc_run_t, svc_run_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, svc_run_exec_t, svc_run_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemontools_domtrans_run'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Send child terminated signals
+##	to svc run.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`daemontools_sigchld_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemontools_sigchld_run'($*)) dnl
+	
+	gen_require(`
+		type svc_run_t;
+	')
+
+	allow $1 svc_run_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemontools_sigchld_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute avc multilog in the svc
+##	multilog domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`daemontools_domtrans_multilog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemontools_domtrans_multilog'($*)) dnl
+	
+	gen_require(`
+		type svc_multilog_t, svc_multilog_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, svc_multilog_exec_t, svc_multilog_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemontools_domtrans_multilog'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Search svc svc directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`daemontools_search_svc_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemontools_search_svc_dir'($*)) dnl
+	
+	gen_require(`
+		type svc_svc_t;
+	')
+
+	files_search_var($1)
+	allow $1 svc_svc_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemontools_search_svc_dir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read svc avc files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`daemontools_read_svc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemontools_read_svc'($*)) dnl
+	
+	gen_require(`
+		type svc_svc_t;
+	')
+
+	files_search_var($1)
+	allow $1 svc_svc_t:dir list_dir_perms;
+	allow $1 svc_svc_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemontools_read_svc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write and delete
+##	svc svc content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`daemontools_manage_svc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `daemontools_manage_svc'($*)) dnl
+	
+	gen_require(`
+		type svc_svc_t;
+	')
+
+	files_search_var($1)
+	allow $1 svc_svc_t:dir manage_dir_perms;
+	allow $1 svc_svc_t:fifo_file manage_fifo_file_perms;
+	allow $1 svc_svc_t:file manage_file_perms;
+	allow $1 svc_svc_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `daemontools_manage_svc'($*)) dnl
+	')
+
+## <summary>Policy for changing the system host name.</summary>
+
+########################################
+## <summary>
+##	Execute hostname in the hostname domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hostname_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hostname_domtrans'($*)) dnl
+	
+	gen_require(`
+		type hostname_t, hostname_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, hostname_exec_t, hostname_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hostname_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute hostname in the hostname domain, and
+##	allow the specified role the hostname domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hostname_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hostname_run'($*)) dnl
+	
+	gen_require(`
+		type hostname_t;
+	')
+
+	hostname_domtrans($1)
+	role $2 types hostname_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hostname_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute hostname in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`hostname_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hostname_exec'($*)) dnl
+	
+	gen_require(`
+		type hostname_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, hostname_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hostname_exec'($*)) dnl
+	')
+
+## <summary>Policy for kernel module utilities</summary>
+
+######################################
+## <summary>
+##	Getattr the dependencies of kernel modules.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_getattr_module_deps',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_getattr_module_deps'($*)) dnl
+	
+	gen_require(`
+		type modules_dep_t, modules_object_t;
+	')
+
+	getattr_files_pattern($1, modules_object_t, modules_dep_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_getattr_module_deps'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the dependencies of kernel modules.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_read_module_deps',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_read_module_deps'($*)) dnl
+	
+	gen_require(`
+		type modules_dep_t;
+	')
+
+	files_list_kernel_modules($1)
+	allow $1 modules_dep_t:file { read_file_perms map };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_read_module_deps'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the kernel modules.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_read_module_objects',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_read_module_objects'($*)) dnl
+	
+	gen_require(`
+		type modules_object_t;
+	')
+
+	files_list_kernel_modules($1)
+	allow $1 modules_object_t:file { read_file_perms map };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_read_module_objects'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the configuration options used when
+##	loading modules.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`modutils_read_module_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_read_module_config'($*)) dnl
+	
+	gen_require(`
+		type modules_conf_t;
+	')
+
+	# This file type can be in /etc or
+	# /lib(64)?/modules
+	files_search_etc($1)
+	files_search_boot($1)
+
+	allow $1 modules_conf_t:dir list_dir_perms;
+	allow $1 modules_conf_t:file read_file_perms;
+	allow $1 modules_conf_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_read_module_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Rename a file with the configuration options used when
+##	loading modules.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_rename_module_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_rename_module_config'($*)) dnl
+	
+	gen_require(`
+		type modules_conf_t;
+	')
+
+	rename_files_pattern($1, modules_conf_t, modules_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_rename_module_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unlink a file with the configuration options used when
+##	loading modules.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_delete_module_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_delete_module_config'($*)) dnl
+	
+	gen_require(`
+		type modules_conf_t;
+	')
+
+	delete_files_pattern($1, modules_conf_t, modules_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_delete_module_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage files with the configuration options used when
+##	loading modules.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_manage_module_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_manage_module_config'($*)) dnl
+	
+	gen_require(`
+		type modules_conf_t;
+	')
+
+	manage_files_pattern($1, modules_conf_t, modules_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_manage_module_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute any modutil,
+##	like insmod, kmod, depmod or updates-modules,
+##	in the kmod domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_domtrans'($*)) dnl
+	
+	gen_require(`
+		type kmod_t, kmod_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, kmod_exec_t, kmod_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute any modutil,
+##	like insmod, kmod, depmod or updates-modules,
+##	in the kmod domain, and allow the specified role
+##	the kmod domain, and use the caller's terminal.
+##	Has a sigchld backchannel.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`modutils_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role kmod_roles;
+	')
+
+	modutils_domtrans($1)
+	roleattribute $2 kmod_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute any modutil,
+##	like insmod, kmod, depmod or updates-modules,
+##	in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_exec'($*)) dnl
+	
+	gen_require(`
+		type kmod_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, kmod_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconditionally execute insmod in the insmod domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+# cjp: this is added for pppd, due to nested
+# conditionals not working.
+ 	 	define(`modutils_domtrans_insmod_uncond',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_domtrans_insmod_uncond'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_domtrans() instead.')
+	modutils_domtrans($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_domtrans_insmod_uncond'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute insmod in the insmod domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_domtrans_insmod',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_domtrans_insmod'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_domtrans() instead.')
+	modutils_domtrans($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_domtrans_insmod'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute insmod in the insmod domain, and
+##	allow the specified role the insmod domain,
+##	and use the caller's terminal.  Has a sigchld
+##	backchannel.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`modutils_run_insmod',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_run_insmod'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_run() instead.')
+	modutils_run($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_run_insmod'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute insmod in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_exec_insmod',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_exec_insmod'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_exec() instead.')
+	modutils_exec($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_exec_insmod'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute depmod in the depmod domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_domtrans_depmod',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_domtrans_depmod'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_domtrans() instead.')
+	modutils_domtrans($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_domtrans_depmod'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute depmod in the depmod domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`modutils_run_depmod',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_run_depmod'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_run() instead.')
+	modutils_run($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_run_depmod'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute depmod in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_exec_depmod',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_exec_depmod'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_exec() instead.')
+	modutils_exec($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_exec_depmod'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute update_modules in the update_modules domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_domtrans_update_mods',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_domtrans_update_mods'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_domtrans() instead.')
+	modutils_domtrans($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_domtrans_update_mods'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute update_modules in the update_modules domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`modutils_run_update_mods',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_run_update_mods'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_run() instead.')
+	modutils_run($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_run_update_mods'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute update_modules in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_exec_update_mods',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_exec_update_mods'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated, please use modutils_exec() instead.')
+	modutils_exec($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_exec_update_mods'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read kmod lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`modutils_read_var_run_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `modutils_read_var_run_files'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `modutils_read_var_run_files'($*)) dnl
+	')
+
+## <summary>Policy for user domains</summary>
+
+#######################################
+## <summary>
+##	The template containing the most basic rules common to all users.
+## </summary>
+## <desc>
+##	<p>
+##	The template containing the most basic rules common to all users.
+##	</p>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty and pty.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <rolebase/>
+#
+ 	 	define(`userdom_base_user_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_base_user_template'($*)) dnl
+	
+
+	gen_require(`
+		attribute userdomain;
+		type user_devpts_t, user_tty_device_t;
+		class context contains;
+		role $1_r;
+	')
+
+	attribute $1_file_type;
+
+	type $1_t, userdomain;
+	domain_type($1_t)
+	corecmd_shell_entry_type($1_t)
+	corecmd_bin_entry_type($1_t)
+	domain_user_exemption_target($1_t)
+	ubac_constrained($1_t)
+	role $1_r types $1_t;
+	allow system_r $1_r;
+
+	term_user_pty($1_t, user_devpts_t)
+
+	term_user_tty($1_t, user_tty_device_t)
+
+	allow $1_t self:process { signal_perms getsched setsched share getpgid setpgid setcap getsession getattr };
+	allow $1_t self:fd use;
+	allow $1_t self:key manage_key_perms;
+	allow $1_t self:fifo_file rw_fifo_file_perms;
+	allow $1_t self:unix_dgram_socket { create_socket_perms sendto };
+	allow $1_t self:unix_stream_socket { create_stream_socket_perms connectto };
+	allow $1_t self:shm create_shm_perms;
+	allow $1_t self:sem create_sem_perms;
+	allow $1_t self:msgq create_msgq_perms;
+	allow $1_t self:msg { send receive };
+	allow $1_t self:context contains;
+	dontaudit $1_t self:socket create;
+
+	allow $1_t user_devpts_t:chr_file { setattr rw_chr_file_perms };
+	term_create_pty($1_t, user_devpts_t)
+	# avoid annoying messages on terminal hangup on role change
+	dontaudit $1_t user_devpts_t:chr_file ioctl;
+
+	allow $1_t user_tty_device_t:chr_file { setattr rw_chr_file_perms };
+	# avoid annoying messages on terminal hangup on role change
+	dontaudit $1_t user_tty_device_t:chr_file ioctl;
+
+	kernel_read_kernel_sysctls($1_t)
+	kernel_dontaudit_list_unlabeled($1_t)
+	kernel_dontaudit_getattr_unlabeled_files($1_t)
+	kernel_dontaudit_getattr_unlabeled_symlinks($1_t)
+	kernel_dontaudit_getattr_unlabeled_pipes($1_t)
+	kernel_dontaudit_getattr_unlabeled_sockets($1_t)
+	kernel_dontaudit_getattr_unlabeled_blk_files($1_t)
+	kernel_dontaudit_getattr_unlabeled_chr_files($1_t)
+
+	dev_dontaudit_getattr_all_blk_files($1_t)
+	dev_dontaudit_getattr_all_chr_files($1_t)
+
+	# for X session unlock
+	allow $1_t self:netlink_audit_socket { create_socket_perms nlmsg_relay };
+
+	# for KDE
+	allow $1_t self:netlink_kobject_uevent_socket connected_socket_perms;
+
+	# When the user domain runs ps, there will be a number of access
+	# denials when ps tries to search /proc. Do not audit these denials.
+	domain_dontaudit_read_all_domains_state($1_t)
+	domain_dontaudit_getattr_all_domains($1_t)
+	domain_dontaudit_getsession_all_domains($1_t)
+
+	files_read_etc_files($1_t)
+	files_read_etc_runtime_files($1_t)
+	files_read_usr_files($1_t)
+	# Read directories and files with the readable_t type.
+	# This type is a general type for "world"-readable files.
+	files_list_world_readable($1_t)
+	files_read_world_readable_files($1_t)
+	files_read_world_readable_symlinks($1_t)
+	files_read_world_readable_pipes($1_t)
+	files_read_world_readable_sockets($1_t)
+	# old broswer_domain():
+	files_dontaudit_list_non_security($1_t)
+	files_dontaudit_getattr_non_security_files($1_t)
+	files_dontaudit_getattr_non_security_symlinks($1_t)
+	files_dontaudit_getattr_non_security_pipes($1_t)
+	files_dontaudit_getattr_non_security_sockets($1_t)
+
+	libs_exec_ld_so($1_t)
+
+	miscfiles_read_localization($1_t)
+	miscfiles_read_generic_certs($1_t)
+
+	sysnet_read_config($1_t)
+
+	# kdeinit wants systemd status
+	init_get_system_status($1_t)
+
+	optional_policy(`
+		apt_read_cache($1_t)
+		apt_read_db($1_t)
+	')
+
+	tunable_policy(`allow_execmem',`
+		# Allow loading DSOs that require executable stack.
+		allow $1_t self:process execmem;
+	')
+
+	tunable_policy(`allow_execmem && allow_execstack',`
+		# Allow making the stack executable via mprotect.
+		allow $1_t self:process execstack;
+	')
+
+	optional_policy(`
+		devicekit_dbus_chat_disk($1_t)
+		devicekit_dbus_chat_power($1_t)
+	')
+
+	optional_policy(`
+		kerneloops_dbus_chat($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_base_user_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Template for handling user content through standard tunables
+## </summary>
+## <desc>
+##	<p>
+##	This template generates the tunable blocks for accessing
+##	end user content, either the generic one (user_home_t)
+##	or the complete one (based on user_home_content_type).
+##	</p>
+##	<p>
+##	It calls the *_read_generic_user_content,
+##	*_read_all_user_content, *_manage_generic_user_content, and
+##	*_manage_all_user_content booleans.
+##	</p>
+## </desc>
+## <param name="prefix">
+##	<summary>
+##	The application domain prefix to use, meant for the boolean
+##	calls
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	The application domain which is granted the necessary privileges
+##	</summary>
+## </param>
+## <rolebase/>
+#
+ 	 	define(`userdom_user_content_access_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_content_access_template'($*)) dnl
+	
+	## <desc>
+	##	<p>
+	##	Grant the $1 domains read access to generic user content
+	##	</p>
+	## </desc>
+	gen_tunable(`$1_read_generic_user_content', true)
+
+	## <desc>
+	##	<p>
+	##	Grant the $1 domains read access to all user content
+	##	</p>
+	## </desc>
+	gen_tunable(`$1_read_all_user_content', false)
+
+	## <desc>
+	##	<p>
+	##	Grant the $1 domains manage rights on generic user content
+	##	</p>
+	## </desc>
+	gen_tunable(`$1_manage_generic_user_content', false)
+
+	## <desc>
+	##	<p>
+	##	Grant the $1 domains manage rights on all user content
+	##	</p>
+	## </desc>
+	gen_tunable(`$1_manage_all_user_content', false)
+
+	tunable_policy(`$1_read_generic_user_content',`
+		userdom_list_user_tmp($2)
+		userdom_list_user_home_content($2)
+		userdom_read_user_home_content_files($2)
+		userdom_read_user_home_content_symlinks($2)
+		userdom_read_user_tmp_files($2)
+		userdom_read_user_tmp_symlinks($2)
+	',`
+		files_dontaudit_list_home($2)
+		files_dontaudit_list_tmp($2)
+
+		userdom_dontaudit_list_user_home_dirs($2)
+		userdom_dontaudit_list_user_tmp($2)
+		userdom_dontaudit_read_user_home_content_files($2)
+		userdom_dontaudit_read_user_tmp_files($2)
+	')
+
+	tunable_policy(`$1_read_all_user_content',`
+		userdom_list_user_tmp($2)
+		userdom_read_all_user_home_content($2)
+	')
+
+	tunable_policy(`$1_manage_generic_user_content',`
+		userdom_manage_user_tmp_dirs($2)
+		userdom_manage_user_tmp_files($2)
+		userdom_manage_user_tmp_symlinks($2)
+		userdom_manage_user_home_content_dirs($2)
+		userdom_manage_user_home_content_files($2)
+		userdom_manage_user_home_content_symlinks($2)
+	')
+
+	tunable_policy(`$1_manage_all_user_content',`
+		userdom_manage_all_user_home_content($2)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_content_access_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow a home directory for which the
+##	role has read-only access.
+## </summary>
+## <desc>
+##	<p>
+##	Allow a home directory for which the
+##	role has read-only access.
+##	</p>
+##	<p>
+##	This does not allow execute access.
+##	</p>
+## </desc>
+## <param name="role" unused="true">
+##	<summary>
+##	The user role
+##	</summary>
+## </param>
+## <param name="userdomain">
+##	<summary>
+##	The user domain
+##	</summary>
+## </param>
+## <rolebase/>
+#
+ 	 	define(`userdom_ro_home_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_ro_home_role'($*)) dnl
+	
+	gen_require(`
+		type user_home_t, user_home_dir_t;
+	')
+
+	##############################
+	#
+	# Domain access to home dir
+	#
+
+	type_member $2 user_home_dir_t:dir user_home_dir_t;
+
+	# read-only home directory
+	allow $2 user_home_dir_t:dir list_dir_perms;
+	allow $2 user_home_t:dir list_dir_perms;
+	allow $2 user_home_t:file entrypoint;
+	read_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
+	read_lnk_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
+	read_fifo_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
+	read_sock_files_pattern($2, { user_home_t user_home_dir_t }, user_home_t)
+	files_list_home($2)
+
+	tunable_policy(`use_nfs_home_dirs',`
+		fs_list_nfs($2)
+		fs_read_nfs_files($2)
+		fs_read_nfs_symlinks($2)
+		fs_read_nfs_named_sockets($2)
+		fs_read_nfs_named_pipes($2)
+	',`
+		fs_dontaudit_list_nfs($2)
+		fs_dontaudit_read_nfs_files($2)
+	')
+
+	tunable_policy(`use_samba_home_dirs',`
+		fs_list_cifs($2)
+		fs_read_cifs_files($2)
+		fs_read_cifs_symlinks($2)
+		fs_read_cifs_named_sockets($2)
+		fs_read_cifs_named_pipes($2)
+	',`
+		fs_dontaudit_list_cifs($2)
+		fs_dontaudit_read_cifs_files($2)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_ro_home_role'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Allow a home directory for which the
+##	role has full access.
+## </summary>
+## <desc>
+##	<p>
+##	Allow a home directory for which the
+##	role has full access.
+##	</p>
+##	<p>
+##	This does not allow execute access.
+##	</p>
+## </desc>
+## <param name="role" unused="true">
+##	<summary>
+##	The user role
+##	</summary>
+## </param>
+## <param name="userdomain">
+##	<summary>
+##	The user domain
+##	</summary>
+## </param>
+## <rolebase/>
+#
+ 	 	define(`userdom_manage_home_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_home_role'($*)) dnl
+	
+	gen_require(`
+		type user_home_t, user_home_dir_t, user_cert_t;
+	')
+
+	##############################
+	#
+	# Domain access to home dir
+	#
+
+	type_member $2 user_home_dir_t:dir user_home_dir_t;
+
+	# full control of the home directory
+	allow $2 user_home_t:file entrypoint;
+	manage_dirs_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	manage_files_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	manage_lnk_files_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	manage_sock_files_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	manage_fifo_files_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	relabel_dirs_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	relabel_files_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	relabel_lnk_files_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	relabel_sock_files_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	relabel_fifo_files_pattern($2, { user_home_dir_t user_home_t }, user_home_t)
+	filetrans_pattern($2, user_home_dir_t, user_home_t, { dir file lnk_file sock_file fifo_file })
+	files_list_home($2)
+
+	# cjp: this should probably be removed:
+	allow $2 user_home_dir_t:dir { manage_dir_perms relabel_dir_perms };
+
+	userdom_manage_user_certs($2)
+	userdom_user_home_dir_filetrans($2, user_cert_t, dir, ".pki")
+
+	tunable_policy(`use_nfs_home_dirs',`
+		fs_manage_nfs_dirs($2)
+		fs_manage_nfs_files($2)
+		fs_manage_nfs_symlinks($2)
+		fs_manage_nfs_named_sockets($2)
+		fs_manage_nfs_named_pipes($2)
+	',`
+		fs_dontaudit_manage_nfs_dirs($2)
+		fs_dontaudit_manage_nfs_files($2)
+	')
+
+	tunable_policy(`use_samba_home_dirs',`
+		fs_manage_cifs_dirs($2)
+		fs_manage_cifs_files($2)
+		fs_manage_cifs_symlinks($2)
+		fs_manage_cifs_named_sockets($2)
+		fs_manage_cifs_named_pipes($2)
+	',`
+		fs_dontaudit_manage_cifs_dirs($2)
+		fs_dontaudit_manage_cifs_files($2)
+	')
+
+	ifdef(`distro_gentoo',`
+
+		optional_policy(`
+			flash_manage_home($2)
+			flash_relabel_home($2)
+		')
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_home_role'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Manage user temporary files
+## </summary>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolebase/>
+#
+ 	 	define(`userdom_manage_tmp_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_tmp_role'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	files_poly_member_tmp($2, user_tmp_t)
+
+	manage_dirs_pattern($2, user_tmp_t, user_tmp_t)
+	manage_files_pattern($2, user_tmp_t, user_tmp_t)
+	manage_lnk_files_pattern($2, user_tmp_t, user_tmp_t)
+	manage_sock_files_pattern($2, user_tmp_t, user_tmp_t)
+	manage_fifo_files_pattern($2, user_tmp_t, user_tmp_t)
+	files_tmp_filetrans($2, user_tmp_t, { dir file lnk_file sock_file fifo_file })
+	userdom_user_runtime_filetrans_user_tmp($2, { dir file lnk_file sock_file fifo_file })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_tmp_role'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The execute access user temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolebase/>
+#
+ 	 	define(`userdom_exec_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_exec_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	exec_files_pattern($1, user_tmp_t, user_tmp_t)
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_exec_user_tmp_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Role access for the user tmpfs type
+##	that the user has full access.
+## </summary>
+## <desc>
+##	<p>
+##	Role access for the user tmpfs type
+##	that the user has full access.
+##	</p>
+##	<p>
+##	This does not allow execute access.
+##	</p>
+## </desc>
+## <param name="role" unused="true">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`userdom_manage_tmpfs_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_tmpfs_role'($*)) dnl
+	
+	gen_require(`
+		type user_tmpfs_t;
+	')
+
+	manage_dirs_pattern($2, user_tmpfs_t, user_tmpfs_t)
+	manage_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
+	manage_lnk_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
+	manage_sock_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
+	manage_fifo_files_pattern($2, user_tmpfs_t, user_tmpfs_t)
+	fs_tmpfs_filetrans($2, user_tmpfs_t, { dir file lnk_file sock_file fifo_file })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_tmpfs_role'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template allowing the user basic
+##	network permissions
+## </summary>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <rolebase/>
+#
+ 	 	define(`userdom_basic_networking_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_basic_networking_template'($*)) dnl
+	
+	gen_require(`
+		type $1_t;
+	')
+
+	allow $1_t self:tcp_socket create_stream_socket_perms;
+	allow $1_t self:udp_socket create_socket_perms;
+
+	corenet_all_recvfrom_unlabeled($1_t)
+	corenet_all_recvfrom_netlabel($1_t)
+	corenet_tcp_sendrecv_generic_if($1_t)
+	corenet_udp_sendrecv_generic_if($1_t)
+	corenet_tcp_sendrecv_generic_node($1_t)
+	corenet_udp_sendrecv_generic_node($1_t)
+	corenet_tcp_connect_all_ports($1_t)
+	corenet_sendrecv_all_client_packets($1_t)
+
+	corenet_all_recvfrom_labeled($1_t, $1_t)
+
+	optional_policy(`
+		init_tcp_recvfrom_all_daemons($1_t)
+		init_udp_recvfrom_all_daemons($1_t)
+	')
+
+	optional_policy(`
+		ipsec_match_default_spd($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_basic_networking_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template for allowing the user to change passwords.
+## </summary>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <rolebase/>
+#
+ 	 	define(`userdom_change_password_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_change_password_template'($*)) dnl
+	
+	gen_require(`
+		type $1_t;
+		role $1_r;
+	')
+
+	optional_policy(`
+		usermanage_run_chfn($1_t, $1_r)
+		usermanage_run_passwd($1_t, $1_r)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_change_password_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template containing rules common to unprivileged
+##	users and administrative users.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, tmp, and tmpfs files.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_common_user_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_common_user_template'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	userdom_basic_networking_template($1)
+
+	##############################
+	#
+	# User domain Local policy
+	#
+
+	# evolution and gnome-session try to create a netlink socket
+	dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
+	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
+
+	# gnome-settings-daemon and some applications create a netlink socket
+	allow $1_t self:netlink_kobject_uevent_socket create_socket_perms;
+
+	allow $1_t unpriv_userdomain:fd use;
+
+	kernel_read_system_state($1_t)
+	kernel_read_network_state($1_t)
+	kernel_read_net_sysctls($1_t)
+	# Very permissive allowing every domain to see every type:
+	kernel_get_sysvipc_info($1_t)
+	# Find CDROM devices:
+	kernel_read_device_sysctls($1_t)
+
+	corecmd_exec_bin($1_t)
+
+	corenet_udp_bind_generic_node($1_t)
+	corenet_udp_bind_generic_port($1_t)
+
+	dev_read_rand($1_t)
+	dev_write_sound($1_t)
+	dev_read_sound($1_t)
+	dev_read_sound_mixer($1_t)
+	dev_write_sound_mixer($1_t)
+	dev_rw_wireless($1_t)
+
+	files_exec_etc_files($1_t)
+	files_search_locks($1_t)
+	# List mounted filesystems (cdrom, FAT, NTFS and so on)
+	files_list_mnt($1_t)
+	# cjp: perhaps should cut back on file reads:
+	files_read_var_files($1_t)
+	files_read_var_symlinks($1_t)
+	files_read_generic_spool($1_t)
+	files_read_var_lib_files($1_t)
+	# Stat lost+found.
+	files_getattr_lost_found_dirs($1_t)
+
+	fs_rw_cgroup_files($1_t)
+
+	# cjp: some of this probably can be removed
+	selinux_get_fs_mount($1_t)
+	selinux_validate_context($1_t)
+	selinux_compute_access_vector($1_t)
+	selinux_compute_create_context($1_t)
+	selinux_compute_relabel_context($1_t)
+	selinux_compute_user_contexts($1_t)
+
+	# for eject
+	storage_getattr_fixed_disk_dev($1_t)
+
+	auth_use_nsswitch($1_t)
+	auth_read_login_records($1_t)
+	auth_search_pam_console_data($1_t)
+	auth_run_pam($1_t, $1_r)
+	auth_run_utempter($1_t, $1_r)
+
+	init_read_utmp($1_t)
+
+	seutil_read_file_contexts($1_t)
+	seutil_read_default_contexts($1_t)
+	seutil_run_newrole($1_t, $1_r)
+	seutil_exec_checkpolicy($1_t)
+	seutil_exec_setfiles($1_t)
+	# for when the network connection is killed
+	# this is needed when a login role can change
+	# to this one.
+	seutil_dontaudit_signal_newrole($1_t)
+
+	ifndef(`enable_mls',`
+		tunable_policy(`user_write_removable',`
+			# Read/write floppies and other removable devices
+			storage_raw_read_removable_device($1_t)
+			storage_raw_write_removable_device($1_t)
+		',`
+			# Read floppies
+			storage_raw_read_removable_device($1_t)
+		')
+	')
+
+	tunable_policy(`user_direct_mouse',`
+		dev_read_mouse($1_t)
+	')
+
+	tunable_policy(`user_rw_noexattrfile',`
+		fs_manage_noxattr_fs_dirs($1_t)
+		fs_manage_noxattr_fs_files($1_t)
+		fs_manage_noxattr_fs_symlinks($1_t)
+	',`
+		fs_read_noxattr_fs_files($1_t)
+		fs_read_noxattr_fs_symlinks($1_t)
+	')
+
+	tunable_policy(`user_ttyfile_stat',`
+		term_getattr_all_ttys($1_t)
+	')
+
+	tunable_policy(`user_write_removable',`
+		# Read/write USB devices (e.g. external removable USB mass storage devices)
+		dev_rw_generic_usb_dev($1_t)
+	',`
+		# Read USB devices (e.g. external removable USB mass storage devices)
+		dev_read_generic_usb_dev($1_t)
+	')
+
+
+	optional_policy(`
+		alsa_home_filetrans_alsa_home($1_t, file, ".asoundrc")
+		alsa_manage_home_files($1_t)
+		alsa_read_config($1_t)
+		alsa_relabel_home_files($1_t)
+	')
+
+	optional_policy(`
+		# Allow graphical boot to check battery lifespan
+		acpi_stream_connect($1_t)
+	')
+
+	optional_policy(`
+		canna_stream_connect($1_t)
+	')
+
+	optional_policy(`
+		dbus_system_bus_client($1_t)
+
+		optional_policy(`
+			accountsd_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			bluetooth_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			colord_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			consolekit_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			cups_dbus_chat_config($1_t)
+		')
+
+		optional_policy(`
+			devicekit_dbus_chat_disk($1_t)
+			devicekit_dbus_chat_power($1_t)
+		')
+
+		optional_policy(`
+			hal_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			networkmanager_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			policykit_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			rtkit_daemon_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			xserver_dbus_chat_xdm($1_t)
+		')
+	')
+
+	optional_policy(`
+		dpkg_read_db($1_t)
+	')
+
+	optional_policy(`
+		gssproxy_stream_connect($1_t)
+	')
+
+	optional_policy(`
+		hwloc_exec_dhwd($1_t)
+		hwloc_read_runtime_files($1_t)
+	')
+
+	optional_policy(`
+		inetd_use_fds($1_t)
+		inetd_rw_tcp_sockets($1_t)
+	')
+
+	optional_policy(`
+		inn_read_config($1_t)
+		inn_read_news_lib($1_t)
+		inn_read_news_spool($1_t)
+	')
+
+	optional_policy(`
+		kerberos_manage_krb5_home_files($1_t)
+		kerberos_relabel_krb5_home_files($1_t)
+		kerberos_home_filetrans_krb5_home($1_t, file, ".k5login")
+	')
+
+	optional_policy(`
+		locate_read_lib_files($1_t)
+	')
+
+	optional_policy(`
+		mpd_manage_user_data_content($1_t)
+		mpd_relabel_user_data_content($1_t)
+	')
+
+	# for running depmod as part of the kernel packaging process
+	optional_policy(`
+		modutils_read_module_config($1_t)
+	')
+
+	optional_policy(`
+		mta_rw_spool($1_t)
+	')
+
+	optional_policy(`
+		mysql_manage_mysqld_home_files($1_t)
+		mysql_relabel_mysqld_home_files($1_t)
+		mysql_home_filetrans_mysqld_home($1_t, file, ".my.cnf")
+
+		tunable_policy(`allow_user_mysql_connect',`
+			mysql_stream_connect($1_t)
+		')
+	')
+
+	optional_policy(`
+		oident_manage_user_content($1_t)
+		oident_relabel_user_content($1_t)
+		oident_home_filetrans_oidentd_home($1_t, file, ".oidentd.conf")
+	')
+
+	optional_policy(`
+		# to allow monitoring of pcmcia status
+		pcmcia_read_pid($1_t)
+	')
+
+	optional_policy(`
+		pcscd_read_pid_files($1_t)
+		pcscd_stream_connect($1_t)
+	')
+
+	optional_policy(`
+		tunable_policy(`allow_user_postgresql_connect',`
+			postgresql_stream_connect($1_t)
+			postgresql_tcp_connect($1_t)
+		')
+	')
+
+	optional_policy(`
+		ppp_manage_home_files($1_t)
+		ppp_relabel_home_files($1_t)
+		ppp_home_filetrans_ppp_home($1_t, file, ".ppprc")
+	')
+
+	optional_policy(`
+		resmgr_stream_connect($1_t)
+	')
+
+	optional_policy(`
+		rpc_dontaudit_getattr_exports($1_t)
+		rpc_manage_nfs_rw_content($1_t)
+	')
+
+	optional_policy(`
+		samba_stream_connect_winbind($1_t)
+	')
+
+	optional_policy(`
+		slrnpull_search_spool($1_t)
+	')
+
+	optional_policy(`
+		systemd_role_template($1, $1_r, $1_t)
+	')
+
+	optional_policy(`
+		usernetctl_run($1_t, $1_r)
+	')
+
+	optional_policy(`
+		virt_home_filetrans_virt_home($1_t, dir, ".libvirt")
+		virt_home_filetrans_virt_home($1_t, dir, ".virtinst")
+		virt_home_filetrans_virt_content($1_t, dir, "isos")
+		virt_home_filetrans_svirt_home($1_t, dir, "qemu")
+		virt_home_filetrans_virt_home($1_t, dir, "VirtualMachines")
+	')
+
+	ifdef(`distro_gentoo',`
+		domain_dontaudit_getsched_all_domains($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_common_user_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template for creating a login user.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, home directories,
+##	tmp, and tmpfs files.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_login_user_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_login_user_template'($*)) dnl
+	
+	gen_require(`
+		class context contains;
+	')
+
+	userdom_base_user_template($1)
+
+	userdom_manage_home_role($1_r, $1_t)
+
+	userdom_manage_tmp_role($1_r, $1_t)
+	userdom_manage_tmpfs_role($1_r, $1_t)
+
+	userdom_exec_user_tmp_files($1_t)
+	userdom_exec_user_home_content_files($1_t)
+
+	userdom_map_user_tmpfs_files($1_t)
+
+	userdom_change_password_template($1)
+
+	##############################
+	#
+	# User domain Local policy
+	#
+
+	allow $1_t self:capability { chown fowner setgid };
+	dontaudit $1_t self:capability { fsetid sys_nice };
+
+	allow $1_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit };
+	dontaudit $1_t self:process setrlimit;
+	dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
+
+	allow $1_t self:context contains;
+
+	kernel_dontaudit_read_system_state($1_t)
+
+	dev_read_sysfs($1_t)
+	dev_read_urand($1_t)
+
+	domain_use_interactive_fds($1_t)
+	# Command completion can fire hundreds of denials
+	domain_dontaudit_exec_all_entry_files($1_t)
+
+	files_dontaudit_list_default($1_t)
+	files_dontaudit_read_default_files($1_t)
+	# Stat lost+found.
+	files_getattr_lost_found_dirs($1_t)
+
+	fs_get_all_fs_quotas($1_t)
+	fs_getattr_all_fs($1_t)
+	fs_getattr_all_dirs($1_t)
+	fs_search_auto_mountpoints($1_t)
+	fs_list_cgroup_dirs($1_t)
+	fs_list_inotifyfs($1_t)
+	fs_rw_anon_inodefs_files($1_t)
+	fs_dontaudit_rw_cgroup_files($1_t)
+
+	auth_dontaudit_write_login_records($1_t)
+
+	application_exec_all($1_t)
+
+	# The library functions always try to open read-write first,
+	# then fall back to read-only if it fails.
+	init_dontaudit_rw_utmp($1_t)
+	# Stop warnings about access to /dev/console
+	init_dontaudit_use_fds($1_t)
+	init_dontaudit_use_script_fds($1_t)
+
+	libs_exec_lib_files($1_t)
+
+	logging_dontaudit_getattr_all_logs($1_t)
+
+	miscfiles_read_man_pages($1_t)
+	# map is needed for man-dbs apropos program
+	miscfiles_map_man_cache($1_t)
+	miscfiles_read_public_files($1_t)
+	# for running TeX programs
+	miscfiles_read_tetex_data($1_t)
+	miscfiles_exec_tetex_data($1_t)
+
+	seutil_read_config($1_t)
+
+	optional_policy(`
+		cups_read_config($1_t)
+		cups_stream_connect($1_t)
+		cups_stream_connect_ptal($1_t)
+	')
+
+	optional_policy(`
+		kerberos_use($1_t)
+	')
+
+	optional_policy(`
+		mta_dontaudit_read_spool_symlinks($1_t)
+	')
+
+	optional_policy(`
+		quota_dontaudit_getattr_db($1_t)
+	')
+
+	optional_policy(`
+		rpm_read_db($1_t)
+		rpm_dontaudit_manage_db($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_login_user_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template for creating a unprivileged login user.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, home directories,
+##	tmp, and tmpfs files.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_restricted_user_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_restricted_user_template'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	userdom_login_user_template($1)
+
+	typeattribute $1_t unpriv_userdomain;
+	domain_interactive_fd($1_t)
+
+	##############################
+	#
+	# Local policy
+	#
+
+	optional_policy(`
+		loadkeys_run($1_t, $1_r)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_restricted_user_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template for creating a unprivileged xwindows login user.
+## </summary>
+## <desc>
+##	<p>
+##	The template for creating a unprivileged xwindows login user.
+##	</p>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, home directories,
+##	tmp, and tmpfs files.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_restricted_xwindows_user_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_restricted_xwindows_user_template'($*)) dnl
+	
+
+	userdom_restricted_user_template($1)
+
+	##############################
+	#
+	# Local policy
+	#
+
+	auth_role($1_r, $1_t)
+	auth_search_pam_console_data($1_t)
+
+	dev_read_sound($1_t)
+	dev_write_sound($1_t)
+	# gnome keyring wants to read this.
+	dev_dontaudit_read_rand($1_t)
+
+	logging_send_syslog_msg($1_t)
+	logging_dontaudit_send_audit_msgs($1_t)
+
+	# Need to to this just so screensaver will work. Should be moved to screensaver domain
+	logging_send_audit_msgs($1_t)
+	selinux_get_enforce_mode($1_t)
+
+	xserver_restricted_role($1_r, $1_t)
+
+	optional_policy(`
+		alsa_read_config($1_t)
+	')
+
+	optional_policy(`
+		dbus_role_template($1, $1_r, $1_t)
+		dbus_system_bus_client($1_t)
+
+		optional_policy(`
+			consolekit_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			cups_dbus_chat($1_t)
+		')
+
+		optional_policy(`
+			gnome_role_template($1, $1_r, $1_t)
+		')
+
+		optional_policy(`
+			wm_role_template($1, $1_r, $1_t)
+		')
+	')
+
+	optional_policy(`
+		java_role($1_r, $1_t)
+	')
+
+	optional_policy(`
+		pulseaudio_role($1_r, $1_t)
+	')
+
+	optional_policy(`
+		setroubleshoot_dontaudit_stream_connect($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_restricted_xwindows_user_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template for creating a unprivileged user roughly
+##	equivalent to a regular linux user.
+## </summary>
+## <desc>
+##	<p>
+##	The template for creating a unprivileged user roughly
+##	equivalent to a regular linux user.
+##	</p>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, home directories,
+##	tmp, and tmpfs files.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_unpriv_user_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_unpriv_user_template'($*)) dnl
+	
+
+	##############################
+	#
+	# Declarations
+	#
+
+	# Inherit rules for ordinary users.
+	userdom_restricted_user_template($1)
+	userdom_common_user_template($1)
+
+	##############################
+	#
+	# Local policy
+	#
+
+	# port access is audited even if dac would not have allowed it, so dontaudit it here
+	corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
+	# Need the following rule to allow users to run vpnc
+	corenet_tcp_bind_xserver_port($1_t)
+
+	files_exec_usr_files($1_t)
+
+	miscfiles_manage_public_files($1_t)
+
+	tunable_policy(`user_dmesg',`
+		kernel_read_ring_buffer($1_t)
+	',`
+		kernel_dontaudit_read_ring_buffer($1_t)
+	')
+
+	tunable_policy(`user_exec_noexattrfile',`
+		fs_exec_noxattr($1_t)
+	')
+
+	# Allow users to run TCP servers (bind to ports and accept connection from
+	# the same domain and outside users) disabling this forces FTP passive mode
+	# and may change other protocols
+	tunable_policy(`user_tcp_server',`
+		corenet_tcp_bind_generic_node($1_t)
+		corenet_tcp_bind_generic_port($1_t)
+	')
+
+	# Allow users to run UDP servers (bind to ports and accept connection from
+	# the same domain and outside users)
+	tunable_policy(`user_udp_server',`
+		corenet_udp_bind_generic_node($1_t)
+		corenet_udp_bind_generic_port($1_t)
+	')
+
+	optional_policy(`
+		netutils_run_ping_cond($1_t, $1_r)
+		netutils_run_traceroute_cond($1_t, $1_r)
+	')
+
+	# Run pppd in pppd_t by default for user
+	optional_policy(`
+		ppp_run_cond($1_t, $1_r)
+	')
+
+	optional_policy(`
+		setroubleshoot_stream_connect($1_t)
+	')
+
+	optional_policy(`
+		systemd_dbus_chat_logind($1_t)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_unpriv_user_template'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	The template for creating an administrative user.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, home directories,
+##	tmp, and tmpfs files.
+##	</p>
+##	<p>
+##	The privileges given to administrative users are:
+##	<ul>
+##		<li>Raw disk access</li>
+##		<li>Set all sysctls</li>
+##		<li>All kernel ring buffer controls</li>
+##		<li>Create, read, write, and delete all files but shadow</li>
+##		<li>Manage source and binary format SELinux policy</li>
+##		<li>Run insmod</li>
+##	</ul>
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., sysadm
+##	is the prefix for sysadm_t).
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_admin_user_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_admin_user_template'($*)) dnl
+	
+	gen_require(`
+		attribute admindomain;
+		class passwd { passwd chfn chsh rootok };
+	')
+
+	##############################
+	#
+	# Declarations
+	#
+
+	# Inherit rules for ordinary users.
+	userdom_login_user_template($1)
+	userdom_common_user_template($1)
+
+	domain_obj_id_change_exemption($1_t)
+	role system_r types $1_t;
+
+	typeattribute $1_t admindomain;
+
+	ifdef(`direct_sysadm_daemon',`
+		domain_system_change_exemption($1_t)
+	')
+
+	##############################
+	#
+	# $1_t local policy
+	#
+
+	allow $1_t self:capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease setfcap };
+	allow $1_t self:process { setexec setfscreate };
+	allow $1_t self:netlink_audit_socket nlmsg_readpriv;
+	allow $1_t self:tun_socket create;
+	# Set password information for other users.
+	allow $1_t self:passwd { passwd chfn chsh };
+	# Skip authentication when pam_rootok is specified.
+	allow $1_t self:passwd rootok;
+
+	kernel_read_software_raid_state($1_t)
+	kernel_getattr_core_if($1_t)
+	kernel_getattr_message_if($1_t)
+	kernel_change_ring_buffer_level($1_t)
+	kernel_clear_ring_buffer($1_t)
+	kernel_read_ring_buffer($1_t)
+	kernel_get_sysvipc_info($1_t)
+	kernel_rw_all_sysctls($1_t)
+	# signal unlabeled processes:
+	kernel_kill_unlabeled($1_t)
+	kernel_signal_unlabeled($1_t)
+	kernel_sigstop_unlabeled($1_t)
+	kernel_signull_unlabeled($1_t)
+	kernel_sigchld_unlabeled($1_t)
+
+	corenet_tcp_bind_generic_port($1_t)
+	# allow setting up tunnels
+	corenet_rw_tun_tap_dev($1_t)
+
+	dev_getattr_generic_blk_files($1_t)
+	dev_getattr_generic_chr_files($1_t)
+	# for lsof
+	dev_getattr_mtrr_dev($1_t)
+	# Allow MAKEDEV to work
+	dev_create_all_blk_files($1_t)
+	dev_create_all_chr_files($1_t)
+	dev_delete_all_blk_files($1_t)
+	dev_delete_all_chr_files($1_t)
+	dev_rename_all_blk_files($1_t)
+	dev_rename_all_chr_files($1_t)
+	dev_create_generic_symlinks($1_t)
+
+	domain_setpriority_all_domains($1_t)
+	domain_read_all_domains_state($1_t)
+	domain_getattr_all_domains($1_t)
+	domain_dontaudit_ptrace_all_domains($1_t)
+	# signal all domains:
+	domain_kill_all_domains($1_t)
+	domain_signal_all_domains($1_t)
+	domain_signull_all_domains($1_t)
+	domain_sigstop_all_domains($1_t)
+	domain_sigstop_all_domains($1_t)
+	domain_sigchld_all_domains($1_t)
+	# for lsof
+	domain_getattr_all_sockets($1_t)
+
+	files_exec_usr_src_files($1_t)
+
+	fs_getattr_all_fs($1_t)
+	fs_set_all_quotas($1_t)
+	fs_exec_noxattr($1_t)
+
+	storage_read_tape($1_t)
+	storage_write_tape($1_t)
+	storage_raw_read_removable_device($1_t)
+	storage_raw_write_removable_device($1_t)
+
+	term_use_all_terms($1_t)
+
+	auth_getattr_shadow($1_t)
+	# Manage almost all files
+	files_manage_non_auth_files($1_t)
+	files_map_non_auth_files($1_t)
+	# Relabel almost all files
+	files_relabel_non_auth_files($1_t)
+
+	init_telinit($1_t)
+
+	logging_send_syslog_msg($1_t)
+
+	modutils_domtrans($1_t)
+
+	# The following rule is temporary until such time that a complete
+	# policy management infrastructure is in place so that an administrator
+	# cannot directly manipulate policy files with arbitrary programs.
+	seutil_manage_src_policy($1_t)
+	# Violates the goal of limiting write access to checkpolicy.
+	# But presently necessary for installing the file_contexts file.
+	seutil_manage_bin_policy($1_t)
+
+	userdom_manage_user_home_content_dirs($1_t)
+	userdom_manage_user_home_content_files($1_t)
+	userdom_manage_user_home_content_symlinks($1_t)
+	userdom_manage_user_home_content_pipes($1_t)
+	userdom_manage_user_home_content_sockets($1_t)
+	userdom_user_home_dir_filetrans_user_home_content($1_t, { dir file lnk_file fifo_file sock_file })
+
+	optional_policy(`
+		postgresql_unconfined($1_t)
+	')
+
+	optional_policy(`
+		userhelper_exec($1_t)
+	')
+
+	ifdef(`distro_gentoo',`
+		# Grant block_suspend capability2 to administrators, this annoys the heck out of me
+		allow $1_t self:capability2 { block_suspend };
+		# Allow admins to interact with kernel, for instance using lsusb command
+		allow $1_t self:netlink_kobject_uevent_socket create_socket_perms;
+		# Moved out of files_relabel_non_auth_files as it cannot be used in tunable_policy otherwise
+		seutil_relabelto_bin_policy($1_t)
+		# allow to manage chr_files in user_tmp (for initrd's)
+		userdom_manage_user_tmp_chr_files($1_t)
+		# allow managing tun/tap interfaces (labeling)
+		# without this operations such as tunctl -d tap0 result in a TUNSETIFF: Device or resource busy
+		allow $1_t self:tun_socket { relabelfrom relabelto };
+	 dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_admin_user_template'($*)) dnl
+	')
+
+')
+
+########################################
+## <summary>
+##	Allow user to run as a secadm
+## </summary>
+## <desc>
+##	<p>
+##	Create objects in a user home directory
+##	with an automatic type transition to
+##	a specified private type.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role  of the object to create.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_security_admin_template',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_security_admin_template'($*)) dnl
+	
+	allow $1 self:capability { dac_override dac_read_search };
+
+	corecmd_exec_shell($1)
+
+	domain_obj_id_change_exemption($1)
+
+	dev_relabel_all_dev_nodes($1)
+
+	files_create_boot_flag($1)
+
+	# Necessary for managing /boot/efi
+	fs_manage_dos_files($1)
+
+	mls_process_read_all_levels($1)
+	mls_file_read_all_levels($1)
+	mls_file_upgrade($1)
+	mls_file_downgrade($1)
+
+	selinux_set_enforce_mode($1)
+	selinux_set_all_booleans($1)
+	selinux_set_parameters($1)
+
+	files_relabel_non_auth_files($1)
+	auth_relabel_shadow($1)
+
+	init_exec($1)
+
+	logging_send_syslog_msg($1)
+	logging_read_audit_log($1)
+	logging_read_generic_logs($1)
+	logging_read_audit_config($1)
+
+	seutil_manage_bin_policy($1)
+	seutil_run_checkpolicy($1, $2)
+	seutil_run_loadpolicy($1, $2)
+	seutil_run_semanage($1, $2)
+	seutil_run_setfiles($1, $2)
+
+	optional_policy(`
+		aide_run($1, $2)
+	')
+
+	optional_policy(`
+		consoletype_exec($1)
+	')
+
+	optional_policy(`
+		dmesg_exec($1)
+	')
+
+	optional_policy(`
+		ipsec_run_setkey($1, $2)
+	')
+
+	optional_policy(`
+		netlabel_run_mgmt($1, $2)
+	')
+
+	optional_policy(`
+		samhain_run($1, $2)
+	')
+
+	ifdef(`distro_gentoo',`
+		# Moved out of files_relabel_non_auth_files as it cannot be used in tunable_policy otherwise
+		seutil_relabelto_bin_policy($1)
+	')
+ dnl
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_security_admin_template'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable as
+##	a user application domain type.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a user application domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_application_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_application_type'($*)) dnl
+	
+	application_type($1)
+	ubac_constrained($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_application_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable as
+##	a user application domain.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a user application domain.
+##	</summary>
+## </param>
+## <param name="type">
+##	<summary>
+##	Type to be used as the domain entry point.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_application_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_application_domain'($*)) dnl
+	
+	application_domain($1, $2)
+	ubac_constrained($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_application_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable in a
+##	user home directory.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a file in the
+##	user home directory.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_home_content'($*)) dnl
+	
+	gen_require(`
+		attribute user_home_content_type;
+		type user_home_t;
+	')
+
+	typeattribute $1 user_home_content_type;
+
+	allow $1 user_home_t:filesystem associate;
+	files_type($1)
+	files_poly_member($1)
+	ubac_constrained($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable as a
+##	user temporary file.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a file in the
+##	temporary directories.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_tmp_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_tmp_file'($*)) dnl
+	
+	files_tmp_file($1)
+	ubac_constrained($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_tmp_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable as a
+##	user tmpfs file.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a file in
+##	tmpfs directories.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_tmpfs_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_tmpfs_file'($*)) dnl
+	
+	files_tmpfs_file($1)
+	ubac_constrained($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_tmpfs_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow domain to attach to TUN devices created by administrative users.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_attach_admin_tun_iface',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_attach_admin_tun_iface'($*)) dnl
+	
+	gen_require(`
+		attribute admindomain;
+	')
+
+	allow $1 admindomain:tun_socket relabelfrom;
+	allow $1 self:tun_socket relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_attach_admin_tun_iface'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of a user pty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_setattr_user_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_setattr_user_ptys'($*)) dnl
+	
+	gen_require(`
+		type user_devpts_t;
+	')
+
+	allow $1 user_devpts_t:chr_file setattr_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_setattr_user_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a user pty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_create_user_pty',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_create_user_pty'($*)) dnl
+	
+	gen_require(`
+		type user_devpts_t;
+	')
+
+	term_create_pty($1, user_devpts_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_create_user_pty'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of user home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_getattr_user_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_getattr_user_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	allow $1 user_home_dir_t:dir getattr_dir_perms;
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_getattr_user_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of user home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_getattr_user_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_getattr_user_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	dontaudit $1 user_home_dir_t:dir getattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_getattr_user_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search user home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_search_user_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_search_user_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	allow $1 user_home_dir_t:dir search_dir_perms;
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_search_user_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search user home directories.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to search user home directories.
+##	This will suppress SELinux denial messages when the specified
+##	domain is denied the permission to search these directories.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`userdom_dontaudit_search_user_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_search_user_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	dontaudit $1 user_home_dir_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_search_user_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List user home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_list_user_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_list_user_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	allow $1 user_home_dir_t:dir list_dir_perms;
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_list_user_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list user home subdirectories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_list_user_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_list_user_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	dontaudit $1 user_home_dir_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_list_user_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create user home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_create_user_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_create_user_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	allow $1 user_home_dir_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_create_user_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage user home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	allow $1 user_home_dir_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to user home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_relabelto_user_home_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_relabelto_user_home_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	allow $1 user_home_dir_t:dir relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_relabelto_user_home_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create directories in the home dir root with
+##	the user home directory type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_home_filetrans_user_home_dir',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_home_filetrans_user_home_dir'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	files_home_filetrans($1, user_home_dir_t, dir, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_home_filetrans_user_home_dir'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do a domain transition to the specified
+##	domain when executing a program in the
+##	user home directory.
+## </summary>
+## <desc>
+##	<p>
+##	Do a domain transition to the specified
+##	domain when executing a program in the
+##	user home directory.
+##	</p>
+##	<p>
+##	No interprocess communication (signals, pipes,
+##	etc.) is provided by this interface since
+##	the domains are not owned by this module.
+##	</p>
+## </desc>
+## <param name="source_domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	Domain to transition to.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_home_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_home_domtrans'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	domain_auto_transition_pattern($1, user_home_t, $2)
+	allow $1 user_home_dir_t:dir search_dir_perms;
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_home_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search user home content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_search_user_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_search_user_home_content'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	dontaudit $1 user_home_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_search_user_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List all users home content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_list_all_user_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_list_all_user_home_content'($*)) dnl
+	
+	gen_require(`
+		attribute user_home_content_type;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_home_content_type:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_list_all_user_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List contents of users home directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_list_user_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_list_user_home_content'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	allow $1 user_home_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_list_user_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete directories
+##	in a user home subdirectory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_home_content_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_home_content_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	manage_dirs_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_home_content_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete all user home content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_all_user_home_content_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_all_user_home_content_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute user_home_content_type;
+		type user_home_dir_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	delete_files_pattern($1, { user_home_dir_t user_home_content_type }, user_home_content_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_all_user_home_content_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete directories in a user home subdirectory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_home_content_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_home_content_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	allow $1 user_home_t:dir delete_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_home_content_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set attributes of all user home content directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_setattr_all_user_home_content_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_setattr_all_user_home_content_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute user_home_content_type;
+	')
+
+	userdom_search_user_home_dirs($1)
+	allow $1 user_home_content_type:dir setattr_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_setattr_all_user_home_content_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the
+##	attributes of user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_setattr_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_setattr_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	dontaudit $1 user_home_t:file setattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_setattr_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Map user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_map_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_map_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	allow $1 user_home_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_map_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mmap user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_mmap_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_mmap_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	mmap_exec_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_mmap_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_read_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_read_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_read_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_read_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_read_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	dontaudit $1 user_home_t:dir list_dir_perms;
+	dontaudit $1 user_home_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_read_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all user home content, including application-specific resources.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_read_all_user_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_read_all_user_home_content'($*)) dnl
+	
+	gen_require(`
+		attribute user_home_content_type;
+	')
+
+	list_dirs_pattern($1, user_home_content_type, user_home_content_type)
+	read_files_pattern($1, user_home_content_type, user_home_content_type)
+	read_lnk_files_pattern($1, user_home_content_type, user_home_content_type)
+	read_fifo_files_pattern($1, user_home_content_type, user_home_content_type)
+	read_sock_files_pattern($1, user_home_content_type, user_home_content_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_read_all_user_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage all user home content, including application-specific resources.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_all_user_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_all_user_home_content'($*)) dnl
+	
+	gen_require(`
+		attribute user_home_content_type;
+	')
+
+	manage_dirs_pattern($1, user_home_content_type, user_home_content_type)
+	manage_files_pattern($1, user_home_content_type, user_home_content_type)
+	manage_lnk_files_pattern($1, user_home_content_type, user_home_content_type)
+	manage_fifo_files_pattern($1, user_home_content_type, user_home_content_type)
+	manage_sock_files_pattern($1, user_home_content_type, user_home_content_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_all_user_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to append user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_append_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_append_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	dontaudit $1 user_home_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_append_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_write_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_write_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	dontaudit $1 user_home_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_write_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete all user home content files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_all_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_all_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		attribute user_home_content_type;
+		type user_home_dir_t;
+	')
+
+	userdom_search_user_home_content($1)
+	delete_files_pattern($1, { user_home_dir_t user_home_content_type }, user_home_content_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_all_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete files in a user home subdirectory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	allow $1 user_home_t:file delete_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to relabel user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_relabel_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_relabel_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	dontaudit $1 user_home_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_relabel_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read user home subdirectory symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_read_user_home_content_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_read_user_home_content_symlinks'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	read_lnk_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_read_user_home_content_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`userdom_exec_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_exec_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	files_search_home($1)
+	exec_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
+
+	tunable_policy(`use_nfs_home_dirs',`
+		fs_exec_nfs_files($1)
+	')
+
+	tunable_policy(`use_samba_home_dirs',`
+		fs_exec_cifs_files($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_exec_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to execute user home files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_exec_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_exec_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	dontaudit $1 user_home_t:file exec_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_exec_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete files
+##	in a user home subdirectory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_home_content_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_home_content_files'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	manage_files_pattern($1, user_home_t, user_home_t)
+	allow $1 user_home_dir_t:dir search_dir_perms;
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_home_content_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to create, read, write, and delete directories
+##	in a user home subdirectory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_manage_user_home_content_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_manage_user_home_content_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	dontaudit $1 user_home_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_manage_user_home_content_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete symbolic links
+##	in a user home subdirectory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_home_content_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_home_content_symlinks'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	manage_lnk_files_pattern($1, user_home_t, user_home_t)
+	allow $1 user_home_dir_t:dir search_dir_perms;
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_home_content_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete all user home content symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_all_user_home_content_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_all_user_home_content_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute user_home_content_type;
+		type user_home_dir_t;
+	')
+
+	userdom_search_user_home_dirs($1)
+	delete_lnk_files_pattern($1, { user_home_dir_t user_home_content_type }, user_home_content_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_all_user_home_content_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete symbolic links in a user home directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_home_content_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_home_content_symlinks'($*)) dnl
+	
+	gen_require(`
+		type user_home_t;
+	')
+
+	allow $1 user_home_t:lnk_file delete_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_home_content_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete named pipes
+##	in a user home subdirectory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_home_content_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_home_content_pipes'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	manage_fifo_files_pattern($1, user_home_t, user_home_t)
+	allow $1 user_home_dir_t:dir search_dir_perms;
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_home_content_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete named sockets
+##	in a user home subdirectory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_home_content_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_home_content_sockets'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	allow $1 user_home_dir_t:dir search_dir_perms;
+	manage_sock_files_pattern($1, user_home_t, user_home_t)
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_home_content_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in a user home directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_home_dir_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_home_dir_filetrans'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t;
+	')
+
+	filetrans_pattern($1, user_home_dir_t, $2, $3, $4)
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_home_dir_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in a directory located
+##	in a user home directory with an
+##	automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_home_content_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_home_content_filetrans'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	filetrans_pattern($1, user_home_t, $2, $3, $4)
+	allow $1 user_home_dir_t:dir search_dir_perms;
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_home_content_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Automatically use the user_cert_t label for selected resources
+##	created in a users home directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Resource type(s) for which the label should be used
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the resource that is being created
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_home_dir_filetrans_user_cert',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_home_dir_filetrans_user_cert'($*)) dnl
+	
+	gen_require(`
+		type user_cert_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, user_cert_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_home_dir_filetrans_user_cert'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in a user home directory
+##	with an automatic type transition to
+##	the user home file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_home_dir_filetrans_user_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_home_dir_filetrans_user_home_content'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	filetrans_pattern($1, user_home_dir_t, user_home_t, $2, $3)
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_home_dir_filetrans_user_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read user SSL certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`userdom_read_user_certs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_read_user_certs'($*)) dnl
+	
+	gen_require(`
+		type user_cert_t;
+	')
+
+	allow $1 user_cert_t:dir list_dir_perms;
+	read_files_pattern($1, user_cert_t, user_cert_t)
+	read_lnk_files_pattern($1, user_cert_t, user_cert_t)
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_read_user_certs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to manage
+##	the user SSL certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`userdom_dontaudit_manage_user_certs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_manage_user_certs'($*)) dnl
+	
+	gen_require(`
+		type user_cert_t;
+	')
+
+	dontaudit $1 user_cert_t:dir manage_dir_perms;
+	dontaudit $1 user_cert_t:file manage_file_perms;
+	dontaudit $1 user_cert_t:lnk_file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_manage_user_certs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage user SSL certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_certs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_certs'($*)) dnl
+	
+	gen_require(`
+		type user_cert_t;
+	')
+
+	manage_dirs_pattern($1, user_cert_t, user_cert_t)
+	manage_files_pattern($1, user_cert_t, user_cert_t)
+	manage_lnk_files_pattern($1, user_cert_t, user_cert_t)
+	files_search_home($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_certs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to user temporary named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_write_user_tmp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_write_user_tmp_sockets'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	allow $1 user_tmp_t:sock_file write_sock_file_perms;
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_write_user_tmp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List user temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_list_user_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_list_user_tmp'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t, user_runtime_t;
+	')
+
+	allow $1 user_tmp_t:dir list_dir_perms;
+	allow $1 user_runtime_t:dir list_dir_perms;
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_list_user_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to list user
+##	temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_list_user_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_list_user_tmp'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	dontaudit $1 user_tmp_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_list_user_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete users temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	delete_dirs_pattern($1, user_tmp_t, user_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to manage users
+##	temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_manage_user_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_manage_user_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	dontaudit $1 user_tmp_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_manage_user_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read user temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_read_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_read_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	read_files_pattern($1, user_tmp_t, user_tmp_t)
+	allow $1 user_tmp_t:dir list_dir_perms;
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_read_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Map user temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_map_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_map_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	allow $1 user_tmp_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_map_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read users
+##	temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_read_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_read_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	dontaudit $1 user_tmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_read_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to append users
+##	temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_append_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_append_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	dontaudit $1 user_tmp_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_append_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write user temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_rw_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_rw_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	allow $1 user_tmp_t:dir list_dir_perms;
+	rw_files_pattern($1, user_tmp_t, user_tmp_t)
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_rw_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete users temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	delete_files_pattern($1, user_tmp_t, user_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to manage users
+##	temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_manage_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_manage_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	dontaudit $1 user_tmp_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_manage_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read user temporary symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_read_user_tmp_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_read_user_tmp_symlinks'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	read_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
+	allow $1 user_tmp_t:dir list_dir_perms;
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_read_user_tmp_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete users temporary symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_tmp_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_tmp_symlinks'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	delete_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_tmp_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_tmp_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_tmp_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	manage_dirs_pattern($1, user_tmp_t, user_tmp_t)
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_tmp_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete users temporary named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_tmp_named_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_tmp_named_pipes'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	delete_fifo_files_pattern($1, user_tmp_t, user_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_tmp_named_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	manage_files_pattern($1, user_tmp_t, user_tmp_t)
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete users temporary named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_tmp_named_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_tmp_named_sockets'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	delete_sock_files_pattern($1, user_tmp_t, user_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_tmp_named_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary symbolic links.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_tmp_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_tmp_symlinks'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	manage_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_tmp_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary named pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_tmp_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_tmp_pipes'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	manage_fifo_files_pattern($1, user_tmp_t, user_tmp_t)
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_tmp_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary named sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_tmp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_tmp_sockets'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	manage_sock_files_pattern($1, user_tmp_t, user_tmp_t)
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_tmp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in a user temporary directory
+##	with an automatic type transition to
+##	a specified private type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_tmp_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_tmp_filetrans'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	filetrans_pattern($1, user_tmp_t, $2, $3, $4)
+	files_search_tmp($1)
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_tmp_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the temporary directory
+##	with an automatic type transition to
+##	the user temporary type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_tmp_filetrans_user_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_tmp_filetrans_user_tmp'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	files_tmp_filetrans($1, user_tmp_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_tmp_filetrans_user_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Map user tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_map_user_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_map_user_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmpfs_t;
+	')
+
+	allow $1 user_tmpfs_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_map_user_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read user tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_read_user_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_read_user_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmpfs_t;
+	')
+
+	read_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
+	allow $1 user_tmpfs_t:dir list_dir_perms;
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_read_user_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit Read attempts of user tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_read_user_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_read_user_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmpfs_t;
+	')
+
+	dontaudit $1 user_tmpfs_t:file read_file_perms;
+	dontaudit $1 user_tmpfs_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_read_user_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	relabel to/from user tmpfs dirs
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_relabel_user_tmpfs_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_relabel_user_tmpfs_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_tmpfs_t;
+	')
+
+	allow $1 user_tmpfs_t:dir { list_dir_perms relabelto relabelfrom };
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_relabel_user_tmpfs_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	relabel to/from user tmpfs files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_relabel_user_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_relabel_user_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmpfs_t;
+	')
+
+	allow $1 user_tmpfs_t:dir list_dir_perms;
+	allow $1 user_tmpfs_t:file { relabelto relabelfrom };
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_relabel_user_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable in 
+##	the directory /run/user/%{USERID}/.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a file in the
+##	user_runtime_content_dir_t.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_runtime_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_runtime_content'($*)) dnl
+	
+	gen_require(`
+		attribute user_runtime_content_type;
+	')
+
+	typeattribute $1 user_runtime_content_type;
+	files_type($1)
+	ubac_constrained($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_runtime_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search users runtime directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_search_user_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_search_user_runtime'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_t;
+	')
+
+	allow $1 user_runtime_t:dir search_dir_perms;
+	userdom_search_user_runtime_root($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_search_user_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search user runtime root directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_search_user_runtime_root',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_search_user_runtime_root'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_root_t;
+	')
+
+	allow $1 user_runtime_root_t:dir search_dir_perms;
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_search_user_runtime_root'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	runtime root dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_runtime_root_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_runtime_root_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_root_t;
+	')
+
+	allow $1 user_runtime_root_t:dir manage_dir_perms;
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_runtime_root_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from user runtime root dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_relabel_user_runtime_root_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_relabel_user_runtime_root_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_root_t;
+	')
+
+	allow $1 user_runtime_root_t:dir { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_relabel_user_runtime_root_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	runtime dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_t;
+	')
+
+	allow $1 user_runtime_t:dir manage_dir_perms;
+	userdom_search_user_runtime_root($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Mount a filesystem on user runtime dir
+##	directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_mounton_user_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_mounton_user_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_t;
+	')
+
+	allow $1 user_runtime_t:dir mounton;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_mounton_user_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to user runtime directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_relabelto_user_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_relabelto_user_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_t;
+	')
+
+	allow $1 user_runtime_t:dir relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_relabelto_user_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from user runtime directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_relabelfrom_user_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_relabelfrom_user_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_t;
+	')
+
+	allow $1 user_runtime_t:dir relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_relabelfrom_user_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	delete user runtime files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_t;
+	')
+
+	allow $1 user_runtime_t:dir list_dir_perms;
+	allow $1 user_runtime_t:file delete_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search users runtime directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_search_all_user_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_search_all_user_runtime'($*)) dnl
+	
+	gen_require(`
+		attribute user_runtime_content_type;
+	')
+
+	allow $1 user_runtime_content_type:dir search_dir_perms;
+	userdom_search_user_runtime_root($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_search_all_user_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List user runtime directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_list_all_user_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_list_all_user_runtime'($*)) dnl
+	
+	gen_require(`
+		attribute user_runtime_content_type;
+	')
+
+	allow $1 user_runtime_content_type:dir list_dir_perms;
+	userdom_search_user_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_list_all_user_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	delete user runtime directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_all_user_runtime_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_all_user_runtime_dirs'($*)) dnl
+	
+	gen_require(`
+		attribute user_runtime_content_type;
+	')
+
+	allow $1 user_runtime_content_type:dir { delete_dir_perms del_entry_dir_perms list_dir_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_all_user_runtime_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	delete user runtime files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_all_user_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_all_user_runtime_files'($*)) dnl
+	
+	gen_require(`
+		attribute user_runtime_content_type;
+	')
+
+	allow $1 user_runtime_content_type:dir list_dir_perms;
+	allow $1 user_runtime_content_type:file delete_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_all_user_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	delete user runtime symlink files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_all_user_runtime_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_all_user_runtime_symlinks'($*)) dnl
+	
+	gen_require(`
+		attribute user_runtime_content_type;
+	')
+
+	allow $1 user_runtime_content_type:dir list_dir_perms;
+	allow $1 user_runtime_content_type:fifo_file delete_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_all_user_runtime_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	delete user runtime fifo files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_all_user_runtime_named_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_all_user_runtime_named_pipes'($*)) dnl
+	
+	gen_require(`
+		attribute user_runtime_content_type;
+	')
+
+	allow $1 user_runtime_content_type:dir list_dir_perms;
+	allow $1 user_runtime_content_type:fifo_file delete_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_all_user_runtime_named_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	delete user runtime socket files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_all_user_runtime_named_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_all_user_runtime_named_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute user_runtime_content_type;
+	')
+
+	allow $1 user_runtime_content_type:dir list_dir_perms;
+	allow $1 user_runtime_content_type:file delete_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_all_user_runtime_named_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the pid directory
+##	with an automatic type transition to
+##	the user runtime root type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_pid_filetrans_user_runtime_root',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_pid_filetrans_user_runtime_root'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_root_t;
+	')
+
+	files_pid_filetrans($1, user_runtime_root_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_pid_filetrans_user_runtime_root'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in a user runtime
+##	directory with an automatic type
+##	transition to a specified private
+##	type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private_type">
+##	<summary>
+##	The type of the object to create.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_runtime_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_runtime_filetrans'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_t;
+	')
+
+	filetrans_pattern($1, user_runtime_t, $2, $3, $4)
+	userdom_search_user_runtime_root($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_runtime_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user runtime directory
+##	with an automatic type transition to
+##	the user temporary type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_runtime_filetrans_user_tmp',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_runtime_filetrans_user_tmp'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	userdom_user_runtime_filetrans($1, user_tmp_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_runtime_filetrans_user_tmp'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user runtime root
+##	directory with an automatic type transition
+##	to the user runtime dir type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_runtime_root_filetrans_user_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_runtime_root_filetrans_user_runtime'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_root_t, user_runtime_t;
+	')
+
+	filetrans_pattern($1, user_runtime_root_t, user_runtime_t, $2, $3)
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_runtime_root_filetrans_user_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create objects in the user runtime root
+##	directory with an automatic type transition
+##	to the user runtime dir type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The class of the object to be created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_user_run_filetrans_user_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_user_run_filetrans_user_runtime'($*)) dnl
+	
+	gen_require(`
+		type user_runtime_t;
+	')
+
+	fs_tmpfs_filetrans($1, user_runtime_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_user_run_filetrans_user_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write user tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_rw_user_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_rw_user_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmpfs_t;
+	')
+
+	rw_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
+	read_lnk_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
+	allow $1 user_tmpfs_t:dir list_dir_perms;
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_rw_user_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete user tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_delete_user_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_delete_user_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmpfs_t;
+	')
+
+	delete_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_delete_user_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete user tmpfs files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_tmpfs_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_tmpfs_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmpfs_t;
+	')
+
+	manage_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
+	allow $1 user_tmpfs_t:dir list_dir_perms;
+	fs_search_tmpfs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_tmpfs_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of a user domain tty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_getattr_user_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_getattr_user_ttys'($*)) dnl
+	
+	gen_require(`
+		type user_tty_device_t;
+	')
+
+	allow $1 user_tty_device_t:chr_file getattr_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_getattr_user_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes of a user domain tty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_getattr_user_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_getattr_user_ttys'($*)) dnl
+	
+	gen_require(`
+		type user_tty_device_t;
+	')
+
+	dontaudit $1 user_tty_device_t:chr_file getattr_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_getattr_user_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of a user domain tty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_setattr_user_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_setattr_user_ttys'($*)) dnl
+	
+	gen_require(`
+		type user_tty_device_t;
+	')
+
+	allow $1 user_tty_device_t:chr_file setattr_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_setattr_user_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes of a user domain tty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_setattr_user_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_setattr_user_ttys'($*)) dnl
+	
+	gen_require(`
+		type user_tty_device_t;
+	')
+
+	dontaudit $1 user_tty_device_t:chr_file setattr_chr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_setattr_user_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write a user domain tty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_use_user_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_use_user_ttys'($*)) dnl
+	
+	gen_require(`
+		type user_tty_device_t;
+	')
+
+	allow $1 user_tty_device_t:chr_file rw_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_use_user_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write a user domain pty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_use_user_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_use_user_ptys'($*)) dnl
+	
+	gen_require(`
+		type user_devpts_t;
+	')
+
+	term_list_ptys($1)
+	allow $1 user_devpts_t:chr_file rw_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_use_user_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write a user TTYs and PTYs.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read and write user
+##	TTYs and PTYs. This will allow the domain to
+##	interact with the user via the terminal. Typically
+##	all interactive applications will require this
+##	access.
+##	</p>
+##	<p>
+##	However, this also allows the applications to spy
+##	on user sessions or inject information into the
+##	user session.  Thus, this access should likely
+##	not be allowed for non-interactive domains.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`userdom_use_inherited_user_terminals',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_use_inherited_user_terminals'($*)) dnl
+	
+	gen_require(`
+		type user_devpts_t, user_tty_device_t;
+	')
+
+	term_list_ptys($1)
+	allow $1 { user_devpts_t user_tty_device_t }:chr_file rw_inherited_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_use_inherited_user_terminals'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read, write and open a user TTYs and PTYs.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read and write user
+##	TTYs and PTYs. This will allow the domain to
+##	interact with the user via the terminal. Typically
+##	all interactive applications will require this
+##	access.
+##	</p>
+##	<p>
+##	This interface will also allow to open these user
+##	terminals, which should not be necessary in general
+##	and userdom_use_inherited_user_terminals() should
+##	be sufficient.
+##	</p>
+##	<p>
+##	However, this also allows the applications to spy
+##	on user sessions or inject information into the
+##	user session.  Thus, this access should likely
+##	not be allowed for non-interactive domains.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`userdom_use_user_terminals',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_use_user_terminals'($*)) dnl
+	
+	userdom_use_user_ptys($1)
+	userdom_use_user_ttys($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_use_user_terminals'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	a user domain tty and pty.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_use_user_terminals',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_use_user_terminals'($*)) dnl
+	
+	gen_require(`
+		type user_tty_device_t, user_devpts_t;
+	')
+
+	dontaudit $1 user_tty_device_t:chr_file rw_term_perms;
+	dontaudit $1 user_devpts_t:chr_file rw_term_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_use_user_terminals'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a shell in all user domains.  This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_spec_domtrans_all_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_spec_domtrans_all_users'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	corecmd_shell_spec_domtrans($1, userdomain)
+	allow userdomain $1:fd use;
+	allow userdomain $1:fifo_file rw_file_perms;
+	allow userdomain $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_spec_domtrans_all_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute an Xserver session in all user domains.  This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_xsession_spec_domtrans_all_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_xsession_spec_domtrans_all_users'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	xserver_xsession_spec_domtrans($1, userdomain)
+	allow userdomain $1:fd use;
+	allow userdomain $1:fifo_file rw_file_perms;
+	allow userdomain $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_xsession_spec_domtrans_all_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a shell in all unprivileged user domains.  This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_spec_domtrans_unpriv_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_spec_domtrans_unpriv_users'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	corecmd_shell_spec_domtrans($1, unpriv_userdomain)
+	allow unpriv_userdomain $1:fd use;
+	allow unpriv_userdomain $1:fifo_file rw_file_perms;
+	allow unpriv_userdomain $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_spec_domtrans_unpriv_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute an Xserver session in all unprivileged user domains.  This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_xsession_spec_domtrans_unpriv_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_xsession_spec_domtrans_unpriv_users'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	xserver_xsession_spec_domtrans($1, unpriv_userdomain)
+	allow unpriv_userdomain $1:fd use;
+	allow unpriv_userdomain $1:fifo_file rw_file_perms;
+	allow unpriv_userdomain $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_xsession_spec_domtrans_unpriv_users'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write unpriviledged user SysV sempaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_rw_unpriv_user_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_rw_unpriv_user_semaphores'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	allow $1 unpriv_userdomain:sem rw_sem_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_rw_unpriv_user_semaphores'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage unpriviledged user SysV sempaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_unpriv_user_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_unpriv_user_semaphores'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	allow $1 unpriv_userdomain:sem create_sem_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_unpriv_user_semaphores'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write unpriviledged user SysV shared
+##	memory segments.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_rw_unpriv_user_shared_mem',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_rw_unpriv_user_shared_mem'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	allow $1 unpriv_userdomain:shm rw_shm_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_rw_unpriv_user_shared_mem'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage unpriviledged user SysV shared
+##	memory segments.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_unpriv_user_shared_mem',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_unpriv_user_shared_mem'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	allow $1 unpriv_userdomain:shm create_shm_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_unpriv_user_shared_mem'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute bin_t in the unprivileged user domains. This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_bin_spec_domtrans_unpriv_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_bin_spec_domtrans_unpriv_users'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	corecmd_bin_spec_domtrans($1, unpriv_userdomain)
+	allow unpriv_userdomain $1:fd use;
+	allow unpriv_userdomain $1:fifo_file rw_file_perms;
+	allow unpriv_userdomain $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_bin_spec_domtrans_unpriv_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute all entrypoint files in unprivileged user
+##	domains. This is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_entry_spec_domtrans_unpriv_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_entry_spec_domtrans_unpriv_users'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	domain_entry_file_spec_domtrans($1, unpriv_userdomain)
+	allow unpriv_userdomain $1:fd use;
+	allow unpriv_userdomain $1:fifo_file rw_file_perms;
+	allow unpriv_userdomain $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_entry_spec_domtrans_unpriv_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search users home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_search_user_home_content',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_search_user_home_content'($*)) dnl
+	
+	gen_require(`
+		type user_home_dir_t, user_home_t;
+	')
+
+	files_list_home($1)
+	allow $1 { user_home_dir_t user_home_t }:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_search_user_home_content'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send signull to unprivileged user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_signull_unpriv_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_signull_unpriv_users'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	allow $1 unpriv_userdomain:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_signull_unpriv_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send general signals to unprivileged user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_signal_unpriv_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_signal_unpriv_users'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	allow $1 unpriv_userdomain:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_signal_unpriv_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit the file descriptors from unprivileged user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_use_unpriv_users_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_use_unpriv_users_fds'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	allow $1 unpriv_userdomain:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_use_unpriv_users_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit the file descriptors
+##	from unprivileged user domains.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to inherit the file descriptors
+##	from unprivileged user domains. This will suppress
+##	SELinux denial messages when the specified domain is denied
+##	the permission to inherit these file descriptors.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`userdom_dontaudit_use_unpriv_user_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_use_unpriv_user_fds'($*)) dnl
+	
+	gen_require(`
+		attribute unpriv_userdomain;
+	')
+
+	dontaudit $1 unpriv_userdomain:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_use_unpriv_user_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use user ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_use_user_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_use_user_ptys'($*)) dnl
+	
+	gen_require(`
+		type user_devpts_t;
+	')
+
+	dontaudit $1 user_devpts_t:chr_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_use_user_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel files to unprivileged user pty types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_relabelto_user_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_relabelto_user_ptys'($*)) dnl
+	
+	gen_require(`
+		type user_devpts_t;
+	')
+
+	allow $1 user_devpts_t:chr_file relabelto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_relabelto_user_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to relabel files from
+##	user pty types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_relabelfrom_user_ptys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_relabelfrom_user_ptys'($*)) dnl
+	
+	gen_require(`
+		type user_devpts_t;
+	')
+
+	dontaudit $1 user_devpts_t:chr_file relabelfrom;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_relabelfrom_user_ptys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write all users files in /tmp
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_write_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_write_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	allow $1 user_tmp_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_write_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Do not audit attempts to write users
+##      temporary files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to not audit.
+##      </summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_write_user_tmp_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_write_user_tmp_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	dontaudit $1 user_tmp_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_write_user_tmp_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use user ttys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_use_user_ttys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_use_user_ttys'($*)) dnl
+	
+	gen_require(`
+		type user_tty_device_t;
+	')
+
+	dontaudit $1 user_tty_device_t:chr_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_use_user_ttys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the process state of all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_read_all_users_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_read_all_users_state'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	read_files_pattern($1, userdomain, userdomain)
+	kernel_search_proc($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_read_all_users_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_getattr_all_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_getattr_all_users'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	allow $1 userdomain:process getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_getattr_all_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit the file descriptors from all user domains
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_use_all_users_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_use_all_users_fds'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	allow $1 userdomain:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_use_all_users_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit the file
+##	descriptors from any user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_use_all_users_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_use_all_users_fds'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	dontaudit $1 userdomain:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_use_all_users_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send general signals to all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_signal_all_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_signal_all_users'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	allow $1 userdomain:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_signal_all_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGCHLD signal to all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_sigchld_all_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_sigchld_all_users'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	allow $1 userdomain:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_sigchld_all_users'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read keys for all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_read_all_users_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_read_all_users_keys'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	allow $1 userdomain:key read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_read_all_users_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write keys for all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_write_all_users_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_write_all_users_keys'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	allow $1 userdomain:key write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_write_all_users_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write keys for all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_rw_all_users_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_rw_all_users_keys'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	allow $1 userdomain:key { read view write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_rw_all_users_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create keys for all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_create_all_users_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_create_all_users_keys'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	allow $1 userdomain:key create;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_create_all_users_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage keys for all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_all_users_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_all_users_keys'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	allow $1 userdomain:key manage_key_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_all_users_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a dbus message to all user domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_dbus_send_all_users',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dbus_send_all_users'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+		class dbus send_msg;
+	')
+
+	allow $1 userdomain:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dbus_send_all_users'($*)) dnl
+	')
+
+
+# Gentoo added stuff, but cannot use an ifdef distro_gentoo for this
+
+########################################
+## <summary>
+##	Create, read, write, and delete user
+##	temporary character files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`userdom_manage_user_tmp_chr_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_manage_user_tmp_chr_files'($*)) dnl
+	
+	gen_require(`
+		type user_tmp_t;
+	')
+
+	manage_chr_files_pattern($1, user_tmp_t, user_tmp_t)
+	userdom_search_user_runtime($1)
+	files_search_tmp($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_manage_user_tmp_chr_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow relabeling resources to user_cert_t
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+
+ 	 	define(`userdom_relabel_user_certs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_relabel_user_certs'($*)) dnl
+	
+	gen_require(`
+		type user_cert_t;
+	')
+
+	relabel_dirs_pattern($1, user_cert_t, user_cert_t)
+	relabel_files_pattern($1, user_cert_t, user_cert_t)
+	relabel_lnk_files_pattern($1, user_cert_t, user_cert_t)
+	relabel_sock_files_pattern($1, user_cert_t, user_cert_t)
+	relabel_fifo_files_pattern($1, user_cert_t, user_cert_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_relabel_user_certs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Do not audit attempts to read and write
+##     unserdomain stream.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain to not audit.
+##     </summary>
+## </param>
+#
+ 	 	define(`userdom_dontaudit_rw_all_users_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `userdom_dontaudit_rw_all_users_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		attribute userdomain;
+	')
+
+	dontaudit $1 userdomain:unix_stream_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `userdom_dontaudit_rw_all_users_stream_sockets'($*)) dnl
+	')
+
+## <summary>Policy for tmpfiles, a boot-time temporary file handler</summary>
+
+########################################
+## <summary>
+##	Read resources in /run/tmpfiles.d/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tmpfiles_read_runtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tmpfiles_read_runtime'($*)) dnl
+	
+	gen_require(`
+		type tmpfiles_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 tmpfiles_runtime_t:dir list_dir_perms;
+	allow $1 tmpfiles_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tmpfiles_read_runtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create files in /run/tmpfiles.d/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tmpfiles_create_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tmpfiles_create_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfiles_runtime_t;
+	')
+
+	create_files_pattern($1, tmpfiles_runtime_t, tmpfiles_runtime_t)
+
+	tmpfiles_read_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tmpfiles_create_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to files in /run/tmpfiles.d/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tmpfiles_write_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tmpfiles_write_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfiles_runtime_t;
+	')
+
+	write_files_pattern($1, tmpfiles_runtime_t, tmpfiles_runtime_t)
+
+	tmpfiles_read_runtime($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tmpfiles_write_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage files in /run/tmpfiles.d/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tmpfiles_manage_runtime_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tmpfiles_manage_runtime_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfiles_runtime_t;
+	')
+
+	tmpfiles_read_runtime($1)
+
+	manage_files_pattern($1, tmpfiles_runtime_t, tmpfiles_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tmpfiles_manage_runtime_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files in /etc/tmpfiles.d/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`tmpfiles_read_conf',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tmpfiles_read_conf'($*)) dnl
+	
+	gen_require(`
+		type tmpfiles_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 tmpfiles_conf_t:dir list_dir_perms;
+	allow $1 tmpfiles_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tmpfiles_read_conf'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create files in /etc/tmpfiles.d/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tmpfiles_create_conf_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tmpfiles_create_conf_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfiles_conf_t;
+	')
+
+	create_files_pattern($1, tmpfiles_conf_t, tmpfiles_conf_t)
+
+	tmpfiles_read_conf($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tmpfiles_create_conf_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write to files in /etc/tmpfiles.d/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tmpfiles_write_conf_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tmpfiles_write_conf_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfiles_conf_t;
+	')
+
+	write_files_pattern($1, tmpfiles_conf_t, tmpfiles_conf_t)
+
+	tmpfiles_read_conf($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tmpfiles_write_conf_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage files in /etc/tmpfiles.d/.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`tmpfiles_manage_conf_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `tmpfiles_manage_conf_files'($*)) dnl
+	
+	gen_require(`
+		type tmpfiles_conf_t;
+	')
+
+	manage_files_pattern($1, tmpfiles_conf_t, tmpfiles_conf_t)
+
+	tmpfiles_read_conf($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `tmpfiles_manage_conf_files'($*)) dnl
+	')
+
+## <summary>Policy for network configuration: ifconfig and dhcp client.</summary>
+
+#######################################
+## <summary>
+##	Execute dhcp client in dhcpc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_domtrans_dhcpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_domtrans_dhcpc'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t, dhcpc_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dhcpc_exec_t, dhcpc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_domtrans_dhcpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute DHCP clients in the dhcpc domain, and
+##	allow the specified role the dhcpc domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysnet_run_dhcpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_run_dhcpc'($*)) dnl
+	
+	gen_require(`
+		attribute_role dhcpc_roles;
+	')
+
+	sysnet_domtrans_dhcpc($1)
+	roleattribute $2 dhcpc_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_run_dhcpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and
+##	write dhcpc udp socket descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_dontaudit_rw_dhcpc_udp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_dontaudit_rw_dhcpc_udp_sockets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	dontaudit $1 dhcpc_t:udp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_dontaudit_rw_dhcpc_udp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to use
+##	the dhcp file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_dontaudit_use_dhcpc_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_dontaudit_use_dhcpc_fds'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	dontaudit $1 dhcpc_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_dontaudit_use_dhcpc_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read/write to the
+##	dhcp unix stream socket descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_dontaudit_rw_dhcpc_unix_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_dontaudit_rw_dhcpc_unix_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	dontaudit $1 dhcpc_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_dontaudit_rw_dhcpc_unix_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGCHLD signal to the dhcp client.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_sigchld_dhcpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_sigchld_dhcpc'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	allow $1 dhcpc_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_sigchld_dhcpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a kill signal to the dhcp client.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysnet_kill_dhcpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_kill_dhcpc'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	allow $1 dhcpc_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_kill_dhcpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGSTOP signal to the dhcp client.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_sigstop_dhcpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_sigstop_dhcpc'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	allow $1 dhcpc_t:process sigstop;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_sigstop_dhcpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a null signal to the dhcp client.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_signull_dhcpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_signull_dhcpc'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	allow $1 dhcpc_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_signull_dhcpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a generic signal to the dhcp client.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysnet_signal_dhcpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_signal_dhcpc'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	allow $1 dhcpc_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_signal_dhcpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	dhcpc over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_dbus_chat_dhcpc',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_dbus_chat_dhcpc'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_t;
+		class dbus send_msg;
+	')
+
+	allow $1 dhcpc_t:dbus send_msg;
+	allow dhcpc_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_dbus_chat_dhcpc'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write dhcp configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_rw_dhcp_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_rw_dhcp_config'($*)) dnl
+	
+	gen_require(`
+		type dhcp_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 dhcp_etc_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_rw_dhcp_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the DHCP client state
+##	directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_search_dhcpc_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_search_dhcpc_state'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_state_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 dhcpc_state_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_search_dhcpc_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read dhcp client state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_read_dhcpc_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_read_dhcpc_state'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_state_t;
+	')
+
+	read_files_pattern($1, dhcpc_state_t, dhcpc_state_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_read_dhcpc_state'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Delete the dhcp client state files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_delete_dhcpc_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_delete_dhcpc_state'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_state_t;
+	')
+
+	delete_files_pattern($1, dhcpc_state_t, dhcpc_state_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_delete_dhcpc_state'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Set the attributes of network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_setattr_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_setattr_config'($*)) dnl
+	
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file setattr_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_setattr_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read network config files.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read the
+##	general network configuration files.  A
+##	common example of this is the
+##	/etc/resolv.conf file, which has domain
+##	name system (DNS) server IP addresses.
+##	Typically, most networking processes will
+##	require	the access provided by this interface.
+##	</p>
+##	<p>
+##	Higher-level interfaces which involve
+##	networking will generally call this interface,
+##	for example:
+##	</p>
+##	<ul>
+##		<li>sysnet_dns_name_resolve()</li>
+##		<li>sysnet_use_ldap()</li>
+##		<li>sysnet_use_portmap()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_read_config'($*)) dnl
+	
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file read_file_perms;
+
+	ifdef(`distro_debian',`
+		files_search_pids($1)
+		allow $1 net_conf_t:dir list_dir_perms;
+		read_files_pattern($1, net_conf_t, net_conf_t)
+	')
+
+	ifdef(`distro_redhat',`
+		allow $1 net_conf_t:dir list_dir_perms;
+		read_files_pattern($1, net_conf_t, net_conf_t)
+	')
+
+	ifdef(`init_systemd',`
+		systemd_read_resolved_runtime($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_read_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attempts to read network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_dontaudit_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_dontaudit_read_config'($*)) dnl
+	
+	gen_require(`
+		type net_conf_t;
+	')
+
+	dontaudit $1 net_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_dontaudit_read_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Write network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_write_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_write_config'($*)) dnl
+	
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file write_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_write_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_create_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_create_config'($*)) dnl
+	
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file create_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_create_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Relabel network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_relabel_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_relabel_config'($*)) dnl
+	
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_relabel_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create files in /etc with the type used for
+##	the network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_etc_filetrans_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_etc_filetrans_config'($*)) dnl
+	
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_etc_filetrans($1, net_conf_t, file, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_etc_filetrans_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_manage_config'($*)) dnl
+	
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file manage_file_perms;
+
+	ifdef(`distro_debian',`
+		files_search_pids($1)
+		manage_files_pattern($1, net_conf_t, net_conf_t)
+	')
+
+	ifdef(`distro_redhat',`
+		manage_files_pattern($1, net_conf_t, net_conf_t)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_manage_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read the dhcp client pid file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_read_dhcpc_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_read_dhcpc_pid'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_runtime_t;
+	')
+
+	files_list_pids($1)
+	allow $1 dhcpc_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_read_dhcpc_pid'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Delete the dhcp client pid file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_delete_dhcpc_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_delete_dhcpc_pid'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_runtime_t;
+	')
+
+	allow $1 dhcpc_runtime_t:file unlink;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_delete_dhcpc_pid'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute ifconfig in the ifconfig domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_domtrans_ifconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_domtrans_ifconfig'($*)) dnl
+	
+	gen_require(`
+		type ifconfig_t, ifconfig_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ifconfig_exec_t, ifconfig_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_domtrans_ifconfig'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ifconfig in the ifconfig domain, and
+##	allow the specified role the ifconfig domain,
+##	and use the caller's terminal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysnet_run_ifconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_run_ifconfig'($*)) dnl
+	
+	gen_require(`
+		type ifconfig_t;
+	')
+
+	corecmd_search_bin($1)
+	sysnet_domtrans_ifconfig($1)
+	role $2 types ifconfig_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_run_ifconfig'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute ifconfig in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_exec_ifconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_exec_ifconfig'($*)) dnl
+	
+	gen_require(`
+		type ifconfig_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, ifconfig_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_exec_ifconfig'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a generic signal to ifconfig.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysnet_signal_ifconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_signal_ifconfig'($*)) dnl
+	
+	gen_require(`
+		type ifconfig_t;
+	')
+
+	allow $1 ifconfig_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_signal_ifconfig'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to ifconfig.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysnet_signull_ifconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_signull_ifconfig'($*)) dnl
+	
+	gen_require(`
+		type ifconfig_t;
+	')
+
+	allow $1 ifconfig_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_signull_ifconfig'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the DHCP configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_read_dhcp_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_read_dhcp_config'($*)) dnl
+	
+	gen_require(`
+		type dhcp_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 dhcp_etc_t:dir list_dir_perms;
+	read_files_pattern($1, dhcp_etc_t, dhcp_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_read_dhcp_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the DHCP state data directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_search_dhcp_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_search_dhcp_state'($*)) dnl
+	
+	gen_require(`
+		type dhcp_state_t;
+	')
+
+	files_search_var_lib($1)
+	allow $1 dhcp_state_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_search_dhcp_state'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create DHCP state data.
+## </summary>
+## <desc>
+##	<p>
+##	Create DHCP state data.
+##	</p>
+##	<p>
+##	This is added for DHCP server, as
+##	the server and client put their state
+##	files in the same directory.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="file_type">
+##	<summary>
+##	The type of the object to be created
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	The object class.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_dhcp_state_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_dhcp_state_filetrans'($*)) dnl
+	
+	gen_require(`
+		type dhcp_state_t;
+	')
+
+	files_search_var_lib($1)
+	filetrans_pattern($1, dhcp_state_t, $2, $3, $4)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_dhcp_state_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Perform a DNS name resolution.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`sysnet_dns_name_resolve',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_dns_name_resolve'($*)) dnl
+	
+
+	allow $1 self:tcp_socket create_socket_perms;
+	allow $1 self:udp_socket create_socket_perms;
+	allow $1 self:netlink_route_socket r_netlink_socket_perms;
+
+	corenet_all_recvfrom_unlabeled($1)
+	corenet_all_recvfrom_netlabel($1)
+	corenet_tcp_sendrecv_generic_if($1)
+	corenet_udp_sendrecv_generic_if($1)
+	corenet_tcp_sendrecv_generic_node($1)
+	corenet_udp_sendrecv_generic_node($1)
+	corenet_tcp_connect_dns_port($1)
+	corenet_sendrecv_dns_client_packets($1)
+
+	sysnet_read_config($1)
+
+	optional_policy(`
+		avahi_stream_connect($1)
+	')
+
+	optional_policy(`
+	# for /etc/resolv.conf symlink
+		networkmanager_read_pid_files($1)
+	')
+
+	optional_policy(`
+		nscd_use($1)
+	')
+
+	ifdef(`init_systemd',`
+		optional_policy(`
+			systemd_dbus_chat_resolved($1)
+		')
+		# This seems needed when the mymachines NSS module is used
+		optional_policy(`
+			systemd_read_machines($1)
+		')
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_dns_name_resolve'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect and use a LDAP server.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_use_ldap',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_use_ldap'($*)) dnl
+	
+
+	allow $1 self:tcp_socket create_socket_perms;
+
+	corenet_all_recvfrom_unlabeled($1)
+	corenet_all_recvfrom_netlabel($1)
+	corenet_tcp_sendrecv_generic_if($1)
+	corenet_tcp_sendrecv_generic_node($1)
+	corenet_tcp_connect_ldap_port($1)
+	corenet_sendrecv_ldap_client_packets($1)
+
+	# Support for LDAPS
+	dev_read_rand($1)
+	dev_read_urand($1)
+
+	sysnet_read_config($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_use_ldap'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect and use remote port mappers.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_use_portmap',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_use_portmap'($*)) dnl
+	
+
+	allow $1 self:tcp_socket create_socket_perms;
+	allow $1 self:udp_socket create_socket_perms;
+
+	corenet_all_recvfrom_unlabeled($1)
+	corenet_all_recvfrom_netlabel($1)
+	corenet_tcp_sendrecv_generic_if($1)
+	corenet_udp_sendrecv_generic_if($1)
+	corenet_tcp_sendrecv_generic_node($1)
+	corenet_udp_sendrecv_generic_node($1)
+	corenet_tcp_connect_portmap_port($1)
+	corenet_sendrecv_portmap_client_packets($1)
+
+	sysnet_read_config($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_use_portmap'($*)) dnl
+	')
+
+
+# This should be after an ifdef distro_gentoo but that is not allowed in an if file
+
+########################################
+## <summary>
+##	Make the specified program domain
+##	accessable from the DHCP hooks/scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process to transition to.
+##	</summary>
+## </param>
+## <param name="entrypoint">
+##	<summary>
+##	The type of the file used as an entrypoint to this domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`sysnet_dhcpc_script_entry',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `sysnet_dhcpc_script_entry'($*)) dnl
+	
+	gen_require(`
+		type dhcpc_script_t;
+		attribute_role dhcpc_roles;
+	')
+
+	role dhcpc_roles types $1;
+
+	domtrans_pattern(dhcpc_script_t, $2, $1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `sysnet_dhcpc_script_entry'($*)) dnl
+	')
+
+## <summary>Policy for udev.</summary>
+
+########################################
+## <summary>
+##	Send generic signals to udev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_signal'($*)) dnl
+	
+	gen_require(`
+		type udev_t;
+	')
+
+	allow $1 udev_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute udev in the udev domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_domtrans'($*)) dnl
+	
+	gen_require(`
+		type udev_t, udev_exec_t;
+	')
+
+	domtrans_pattern($1, udev_exec_t, udev_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow udev to execute the specified program in
+##	the specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	This is a interface to support the UDEV 'RUN'
+##	command.  This will allow the command run by
+##	udev to be run in a domain other than udev_t.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to execute in.
+##	</summary>
+## </param>
+## <param name="entry_file">
+##	<summary>
+##	Domain entry point file.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_run_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_run_domain'($*)) dnl
+	
+	gen_require(`
+		type udev_t;
+	')
+
+	domtrans_pattern(udev_t,$2,$1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_run_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute udev in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_exec'($*)) dnl
+	
+	gen_require(`
+		type udev_exec_t;
+	')
+
+	can_exec($1, udev_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a udev helper in the udev domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_helper_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_helper_domtrans'($*)) dnl
+	
+	gen_require(`
+		type udev_t, udev_helper_exec_t;
+	')
+
+	domtrans_pattern($1, udev_helper_exec_t, udev_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_helper_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to read udev process state.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_read_state',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_read_state'($*)) dnl
+	
+	gen_require(`
+		type udev_t;
+	')
+
+	kernel_search_proc($1)
+	allow $1 udev_t:file read_file_perms;
+	allow $1 udev_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_read_state'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Allow domain to create uevent sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_create_kobject_uevent_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_create_kobject_uevent_sockets'($*)) dnl
+	
+	gen_require(`
+		type udev_t;
+	')
+
+	allow $1 udev_t:netlink_kobject_uevent_socket create_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_create_kobject_uevent_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit a
+##	udev file descriptor.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type udev_t;
+	')
+
+	dontaudit $1 udev_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	to a udev unix datagram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_dontaudit_rw_dgram_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_dontaudit_rw_dgram_sockets'($*)) dnl
+	
+	gen_require(`
+		type udev_t;
+	')
+
+	dontaudit $1 udev_t:unix_dgram_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_dontaudit_rw_dgram_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read udev rules files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_read_rules_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_read_rules_files'($*)) dnl
+	
+	gen_require(`
+		type udev_rules_t;
+	')
+
+	files_search_etc($1) # /etc/udev/rules.d
+	udev_search_pids($1) # /run/udev/rules.d
+	read_files_pattern($1, udev_rules_t, udev_rules_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_read_rules_files'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	Manage udev rules files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_manage_rules_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_manage_rules_files'($*)) dnl
+	
+	gen_require(`
+		type udev_rules_t;
+	')
+
+	manage_files_pattern($1, udev_rules_t, udev_rules_t)
+
+	files_search_etc($1)
+
+	udev_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_manage_rules_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit search of udev database directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_dontaudit_search_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_dontaudit_search_db'($*)) dnl
+	
+	gen_require(`
+		type udev_tbl_t;
+	')
+
+	dontaudit $1 udev_tbl_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_dontaudit_search_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the udev device table.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read the udev device table.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`udev_read_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_read_db'($*)) dnl
+	
+	gen_require(`
+		type udev_tbl_t;
+	')
+
+	allow $1 udev_tbl_t:dir list_dir_perms;
+
+	read_files_pattern($1, udev_tbl_t, udev_tbl_t)
+	read_lnk_files_pattern($1, udev_tbl_t, udev_tbl_t)
+
+	dev_list_all_dev_nodes($1)
+
+	files_search_etc($1)
+
+	# Device table files are beneith /run/udev
+	udev_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_read_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to modify list of devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_rw_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_rw_db'($*)) dnl
+	
+	gen_require(`
+		type udev_tbl_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 udev_tbl_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_rw_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create udev database directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_create_db_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_create_db_dirs'($*)) dnl
+	
+	gen_require(`
+		type udev_tbl_t;
+		type udev_runtime_t;
+	')
+
+	create_dirs_pattern($1, udev_runtime_t, udev_tbl_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_create_db_dirs'($*)) dnl
+	')
+
+
+
+
+########################################
+## <summary>
+##	Write in /var/run/udev with the udev_tbl_t (udev database) file type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="class">
+## 	<summary>
+##	Classes on which the file transition should occur
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	Name of the directory that the file transition will work on
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_pid_filetrans_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_pid_filetrans_db'($*)) dnl
+	
+	gen_require(`
+		type udev_tbl_t;
+		type udev_runtime_t;
+	')
+
+	filetrans_pattern($1, udev_runtime_t, udev_tbl_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_pid_filetrans_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Allow process to relabelto udev database
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`udev_relabelto_db',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_relabelto_db'($*)) dnl
+	
+	gen_require(`
+		type udev_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 udev_runtime_t:file relabelto_file_perms;
+	allow $1 udev_runtime_t:lnk_file relabelto_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_relabelto_db'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to relabelto sockets in /run/udev
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_relabelto_db_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_relabelto_db_sockets'($*)) dnl
+	
+	gen_require(`
+		type udev_runtime_t;
+	')
+
+	allow $1 udev_runtime_t:sock_file relabelto_sock_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_relabelto_db_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search through udev pid content
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_search_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_search_pids'($*)) dnl
+	
+	gen_require(`
+		type udev_runtime_t;
+	')
+
+	files_search_var_lib($1)
+	search_dirs_pattern($1, udev_runtime_t, udev_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_search_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      list udev pid content
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`udev_list_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_list_pids'($*)) dnl
+	
+	gen_require(`
+		type udev_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 udev_runtime_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_list_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	udev run directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_manage_pid_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_manage_pid_dirs'($*)) dnl
+	
+	gen_require(`
+		type udev_runtime_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, udev_runtime_t, udev_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_manage_pid_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read udev pid files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_read_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_read_pid_files'($*)) dnl
+	
+	gen_require(`
+		type udev_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, udev_runtime_t, udev_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_read_pid_files'($*)) dnl
+	')
+
+
+
+########################################
+## <summary>
+##	dontaudit attempts to read/write udev pidfiles
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_dontaudit_rw_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_dontaudit_rw_pid_files'($*)) dnl
+	
+	gen_require(`
+		type udev_runtime_t;
+	')
+
+	dontaudit $1 udev_runtime_t:file { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_dontaudit_rw_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	udev pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_manage_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_manage_pid_files'($*)) dnl
+	
+	gen_require(`
+		type udev_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, udev_runtime_t, udev_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_manage_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write dirs in /var/run with the udev_runtime file type.
+##	This method is deprecated in favor of the init_daemon_run_dir call.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	Name of the directory that the file transition will work on
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_generic_pid_filetrans_run_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_generic_pid_filetrans_run_dirs'($*)) dnl
+	
+	refpolicywarn(`$0($*) has been deprecated.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_generic_pid_filetrans_run_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute udev admin in the udevadm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`udevadm_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udevadm_domtrans'($*)) dnl
+	
+	gen_require(`
+		type udevadm_t, udevadm_exec_t;
+	')
+
+	domtrans_pattern($1, udevadm_exec_t, udevadm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udevadm_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute udevadm in the udevadm domain, and
+##	allow the specified role the udevadm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`udevadm_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udevadm_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role udevadm_roles;
+	')
+
+	udevadm_domtrans($1)
+	roleattribute $2 udevadm_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udevadm_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute udevadm in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udevadm_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udevadm_exec'($*)) dnl
+	
+	gen_require(`
+		type udevadm_exec_t;
+	')
+
+	can_exec($1, udevadm_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udevadm_exec'($*)) dnl
+	')
+
+
+# Gentoo specific but cannot add it within an ifdef distro_gentoo
+
+#########################################
+## <summary>
+##	Write in /var/run/udev with the udev_rules_t (udev rules) file type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="class">
+## 	<summary>
+##	Classes on which the file transition should occur
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	Name of the directory that the file transition will work on
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_pid_filetrans_rules',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_pid_filetrans_rules'($*)) dnl
+	
+	gen_require(`
+		type udev_rules_t;
+		type udev_runtime_t;
+	')
+
+	filetrans_pattern($1, udev_runtime_t, udev_rules_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_pid_filetrans_rules'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create udev rules directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`udev_create_rules_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `udev_create_rules_dirs'($*)) dnl
+	
+	gen_require(`
+		type udev_rules_t;
+		type udev_runtime_t;
+	')
+
+	create_dirs_pattern($1, udev_runtime_t, udev_rules_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `udev_create_rules_dirs'($*)) dnl
+	')
+
+
+## <summary>The unconfined domain.</summary>
+
+########################################
+## <summary>
+##	Make the specified domain unconfined.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to make unconfined.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_domain_noaudit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_domain_noaudit'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+		class dbus all_dbus_perms;
+		class nscd all_nscd_perms;
+		class passwd all_passwd_perms;
+		class service all_service_perms;
+	')
+
+	# Use most Linux capabilities
+	allow $1 self:{ capability cap_userns } { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
+	allow $1 self:{ capability2 cap2_userns } { syslog wake_alarm };
+	allow $1 self:fifo_file manage_fifo_file_perms;
+
+	# Transition to myself, to make get_ordered_context_list happy.
+	allow $1 self:process transition;
+
+	# Write access is for setting attributes under /proc/self/attr.
+	allow $1 self:file rw_file_perms;
+
+	# Userland object managers
+	allow $1 self:nscd { getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost getserv shmemserv };
+	allow $1 self:dbus { acquire_svc send_msg };
+	allow $1 self:passwd { passwd chfn chsh rootok crontab };
+	allow $1 self:association { sendto recvfrom setcontext polmatch };
+
+	kernel_unconfined($1)
+	corenet_unconfined($1)
+	dev_unconfined($1)
+	domain_unconfined($1)
+	domain_dontaudit_read_all_domains_state($1)
+	domain_dontaudit_ptrace_all_domains($1)
+	files_unconfined($1)
+	fs_unconfined($1)
+	selinux_unconfined($1)
+	files_get_etc_unit_status($1)
+	files_start_etc_service($1)
+	files_stop_etc_service($1)
+
+	tunable_policy(`allow_execheap',`
+		# Allow making the stack executable via mprotect.
+		allow $1 self:process execheap;
+	')
+
+	tunable_policy(`allow_execmem',`
+		# Allow making anonymous memory executable, e.g.
+		# for runtime-code generation or executable stack.
+		allow $1 self:process execmem;
+	')
+
+	tunable_policy(`allow_execstack',`
+		# Allow making the stack executable via mprotect;
+		# execstack implies execmem;
+		allow $1 self:process { execstack execmem };
+#		auditallow $1 self:process execstack;
+	')
+
+	optional_policy(`
+		auth_unconfined($1)
+	')
+
+	optional_policy(`
+		dbus_unconfined($1)
+	')
+
+	optional_policy(`
+		ipsec_setcontext_default_spd($1)
+		ipsec_match_default_spd($1)
+	')
+
+	optional_policy(`
+		nscd_unconfined($1)
+	')
+
+	optional_policy(`
+		postgresql_unconfined($1)
+	')
+
+	optional_policy(`
+		seutil_create_bin_policy($1)
+		seutil_relabelto_bin_policy($1)
+	')
+
+	optional_policy(`
+		storage_unconfined($1)
+	')
+
+	optional_policy(`
+		xserver_unconfined($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_domain_noaudit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified domain unconfined and
+##	audit executable heap usage.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified domain unconfined and
+##	audit executable heap usage.  With exception
+##	of memory protections, usage of this interface
+##	will result in the level of access the domain has
+##	is like SELinux	was not being used.
+##	</p>
+##	<p>
+##	Only completely trusted domains should use this interface.
+##	</p>
+##	<p>
+##	Does not allow return communications from confined
+##	domains via message based mechanisms such as dbus or
+##	SysV message queues.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to make unconfined.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_domain'($*)) dnl
+	
+	unconfined_domain_noaudit($1)
+
+	tunable_policy(`allow_execheap',`
+		auditallow $1 self:process execheap;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transition to the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_domtrans'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t, unconfined_exec_t;
+	')
+
+	domtrans_pattern($1, unconfined_exec_t, unconfined_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute specified programs in the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to allow the unconfined domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_run'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	unconfined_domtrans($1)
+	role $2 types unconfined_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Transition to the unconfined domain by executing a shell.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_shell_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_shell_domtrans'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	corecmd_shell_domtrans($1, unconfined_t)
+	allow unconfined_t $1:fd use;
+	allow unconfined_t $1:fifo_file rw_file_perms;
+	allow unconfined_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_shell_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow unconfined to execute the specified program in
+##	the specified domain.
+## </summary>
+## <desc>
+##	<p>
+##	Allow unconfined to execute the specified program in
+##	the specified domain.
+##	</p>
+##	<p>
+##	This is a interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to execute in.
+##	</summary>
+## </param>
+## <param name="entry_file">
+##	<summary>
+##	Domain entry point file.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_domtrans_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_domtrans_to'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	domtrans_pattern(unconfined_t,$2,$1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_domtrans_to'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow unconfined to execute the specified program in
+##	the specified domain.  Allow the specified domain the
+##	unconfined role and use of unconfined user terminals.
+## </summary>
+## <desc>
+##	<p>
+##	Allow unconfined to execute the specified program in
+##	the specified domain.  Allow the specified domain the
+##	unconfined role and use of unconfined user terminals.
+##	</p>
+##	<p>
+##	This is a interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to execute in.
+##	</summary>
+## </param>
+## <param name="entry_file">
+##	<summary>
+##	Domain entry point file.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_run_to',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_run_to'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+		role unconfined_r;
+	')
+
+	domtrans_pattern(unconfined_t,$2,$1)
+	role unconfined_r types $1;
+	userdom_use_user_terminals($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_run_to'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit file descriptors from the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_use_fds'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGCHLD signal to the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_sigchld',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_sigchld'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_sigchld'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGNULL signal to the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_signull'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_signal'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read unconfined domain unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_read_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_read_pipes'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:fifo_file read_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_read_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read unconfined domain unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_dontaudit_read_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_dontaudit_read_pipes'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	dontaudit $1 unconfined_t:fifo_file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_dontaudit_read_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write unconfined domain unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:fifo_file rw_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	unconfined domain unnamed pipes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_dontaudit_rw_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_dontaudit_rw_pipes'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	dontaudit $1 unconfined_t:fifo_file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_dontaudit_rw_pipes'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to the unconfined domain using
+##	a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:unix_stream_socket connectto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Do not audit attempts to read and write
+##      unconfined domain stream.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain to not audit.
+##      </summary>
+## </param>
+#
+ 	 	define(`unconfined_dontaudit_rw_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_dontaudit_rw_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	dontaudit $1 unconfined_t:unix_stream_socket rw_socket_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_dontaudit_rw_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read or write
+##	unconfined domain tcp sockets.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to read or write
+##	unconfined domain tcp sockets.
+##	</p>
+##	<p>
+##	This interface was added due to a broken
+##	symptom in ldconfig.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_dontaudit_rw_tcp_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_dontaudit_rw_tcp_sockets'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	dontaudit $1 unconfined_t:tcp_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_dontaudit_rw_tcp_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search keys for the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_search_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_search_keys'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:key search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_search_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create keys for the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_create_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_create_keys'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:key create;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_create_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Write keys for the unconfined domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_write_keys',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_write_keys'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+	')
+
+	allow $1 unconfined_t:key write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_write_keys'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send messages to the unconfined domain over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_dbus_send',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_dbus_send'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+		class dbus send_msg;
+	')
+
+	allow $1 unconfined_t:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_dbus_send'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send and receive messages from
+##	unconfined_t over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+		class dbus send_msg;
+	')
+
+	allow $1 unconfined_t:dbus send_msg;
+	allow unconfined_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to the the unconfined DBUS
+##	for service (acquire_svc).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`unconfined_dbus_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `unconfined_dbus_connect'($*)) dnl
+	
+	gen_require(`
+		type unconfined_t;
+		class dbus acquire_svc;
+	')
+
+	allow $1 unconfined_t:dbus acquire_svc;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `unconfined_dbus_connect'($*)) dnl
+	')
+
+## <summary>Manages physical or virtual terminals.</summary>
+
+########################################
+## <summary>
+##	Execute gettys in the getty domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`getty_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `getty_domtrans'($*)) dnl
+	
+	gen_require(`
+		type getty_t, getty_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, getty_exec_t, getty_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `getty_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit the use of getty file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`getty_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `getty_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type getty_t;
+	')
+
+	dontaudit $1 getty_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `getty_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use getty file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`getty_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `getty_use_fds'($*)) dnl
+	
+	gen_require(`
+		type getty_t;
+	')
+
+	allow $1 getty_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `getty_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to read getty log file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`getty_read_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `getty_read_log'($*)) dnl
+	
+	gen_require(`
+		type getty_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 getty_log_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `getty_read_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to read getty config file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`getty_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `getty_read_config'($*)) dnl
+	
+	gen_require(`
+		type getty_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 getty_conf_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `getty_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to edit getty config file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`getty_rw_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `getty_rw_config'($*)) dnl
+	
+	gen_require(`
+		type getty_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 getty_conf_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `getty_rw_config'($*)) dnl
+	')
+
+## <summary>Miscellaneous files.</summary>
+
+########################################
+## <summary>
+##	Make the specified type usable as a cert file.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable for cert files.
+##	This will also make the type usable for files, making
+##	calls to files_type() redundant.  Failure to use this interface
+##	for a temporary file may result in problems with
+##	cert management tools.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>files_type()</li>
+##	</ul>
+##	<p>
+##	Example:
+##	</p>
+##	<p>
+##	type mycertfile_t;
+##	cert_type(mycertfile_t)
+##	allow mydomain_t mycertfile_t:file read_file_perms;
+##	files_search_etc(mydomain_t)
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be used for files.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`miscfiles_cert_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_cert_type'($*)) dnl
+	
+	gen_require(`
+		attribute cert_type;
+	')
+
+	typeattribute $1 cert_type;
+	files_type($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_cert_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable
+##	as a SSL/TLS private key file.
+## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable for SSL/TLS private key files.
+##	This will also make the type usable for files, making
+##	calls to files_type() redundant.  Failure to use this interface
+##	for a temporary file may result in problems with
+##	SSL/TLS private key management tools.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>files_type()</li>
+##	</ul>
+##	<p>
+##	Example:
+##	</p>
+##	<p>
+##	type mytlsprivkeyfile_t;
+##	tls_privkey_type(mytlsprivkeyfile_t)
+##	allow mydomain_t mytlsprivkeyfile_t:file read_file_perms;
+##	files_search_etc(mydomain_t)
+##	</p>
+## </desc>
+## <param name="type">
+##	<summary>
+##	Type to be used for files.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`miscfiles_tls_privkey_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_tls_privkey_type'($*)) dnl
+	
+	gen_require(`
+		attribute tls_privkey_type;
+	')
+
+	typeattribute $1 tls_privkey_type;
+	files_type($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_tls_privkey_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read all SSL/TLS certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_read_all_certs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_all_certs'($*)) dnl
+	
+	gen_require(`
+		attribute cert_type;
+	')
+
+	allow $1 cert_type:dir list_dir_perms;
+	read_files_pattern($1, cert_type, cert_type)
+	read_lnk_files_pattern($1, cert_type, cert_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_all_certs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic SSL/TLS certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_read_generic_certs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_generic_certs'($*)) dnl
+	
+	gen_require(`
+		type cert_t;
+	')
+
+	allow $1 cert_t:dir list_dir_perms;
+	read_files_pattern($1, cert_t, cert_t)
+	read_lnk_files_pattern($1, cert_t, cert_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_generic_certs'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Manage user-managed SSL certificates
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_manage_user_certs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_user_certs'($*)) dnl
+	
+	userdom_manage_user_certs($1)
+	refpolicywarn(`$0() has been deprecated, please use userdom_manage_user_certs() instead.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_user_certs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read generic SSL/TLS certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_dontaudit_read_generic_certs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_dontaudit_read_generic_certs'($*)) dnl
+	
+	gen_require(`
+		type cert_t;
+	')
+
+	dontaudit $1 cert_t:dir list_dir_perms;
+	dontaudit $1 cert_t:file read_file_perms;
+	dontaudit $1 cert_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_dontaudit_read_generic_certs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel from/to user_cert_t (user-managed SSL certificates)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_relabel_user_certs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_relabel_user_certs'($*)) dnl
+	
+	userdom_relabel_user_certs($1)
+	refpolicywarn(`$0() has been deprecated, please use userdom_relabel_user_certs() instead.')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_relabel_user_certs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage generic SSL/TLS certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_manage_generic_cert_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_generic_cert_dirs'($*)) dnl
+	
+	gen_require(`
+		type cert_t;
+	')
+
+	manage_dirs_pattern($1, cert_t, cert_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_generic_cert_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage generic SSL/TLS certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_manage_generic_cert_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_generic_cert_files'($*)) dnl
+	
+	gen_require(`
+		type cert_t;
+	')
+
+	manage_files_pattern($1, cert_t, cert_t)
+	read_lnk_files_pattern($1, cert_t, cert_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_generic_cert_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read generic SSL/TLS private
+##	keys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_read_generic_tls_privkey',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_generic_tls_privkey'($*)) dnl
+	
+	gen_require(`
+		type tls_privkey_t;
+	')
+
+	allow $1 tls_privkey_t:dir list_dir_perms;
+	read_files_pattern($1, tls_privkey_t, tls_privkey_t)
+	read_lnk_files_pattern($1, tls_privkey_t, tls_privkey_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_generic_tls_privkey'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage generic SSL/TLS private
+##	keys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_manage_generic_tls_privkey_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_generic_tls_privkey_dirs'($*)) dnl
+	
+	gen_require(`
+		type tls_privkey_t;
+	')
+
+	manage_dirs_pattern($1, tls_privkey_t, tls_privkey_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_generic_tls_privkey_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage generic SSL/TLS private
+##	keys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_manage_generic_tls_privkey_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_generic_tls_privkey_files'($*)) dnl
+	
+	gen_require(`
+		type tls_privkey_t;
+	')
+
+	manage_files_pattern($1, tls_privkey_t, tls_privkey_t)
+	read_lnk_files_pattern($1, tls_privkey_t, tls_privkey_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_generic_tls_privkey_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read fonts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_read_fonts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_fonts'($*)) dnl
+	
+	gen_require(`
+		type fonts_t, fonts_cache_t;
+	')
+
+	# cjp: fonts can be in either of these dirs
+	files_search_usr($1)
+	libs_search_lib($1)
+
+	allow $1 fonts_t:dir list_dir_perms;
+	read_files_pattern($1, fonts_t, fonts_t)
+	allow $1 fonts_t:file map;
+	read_lnk_files_pattern($1, fonts_t, fonts_t)
+
+	allow $1 fonts_cache_t:dir list_dir_perms;
+	read_files_pattern($1, fonts_cache_t, fonts_cache_t)
+	allow $1 fonts_cache_t:file map;
+	read_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_fonts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes on a fonts directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_setattr_fonts_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_setattr_fonts_dirs'($*)) dnl
+	
+	gen_require(`
+		type fonts_t;
+	')
+
+	allow $1 fonts_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_setattr_fonts_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes
+##	on a fonts directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_dontaudit_setattr_fonts_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_dontaudit_setattr_fonts_dirs'($*)) dnl
+	
+	gen_require(`
+		type fonts_t;
+	')
+
+	dontaudit $1 fonts_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_dontaudit_setattr_fonts_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write fonts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_dontaudit_write_fonts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_dontaudit_write_fonts'($*)) dnl
+	
+	gen_require(`
+		type fonts_t;
+	')
+
+	dontaudit $1 fonts_t:dir { write setattr };
+	dontaudit $1 fonts_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_dontaudit_write_fonts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete fonts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_manage_fonts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_fonts'($*)) dnl
+	
+	gen_require(`
+		type fonts_t;
+	')
+
+	# cjp: fonts can be in either of these dirs
+	files_search_usr($1)
+	libs_search_lib($1)
+
+	manage_dirs_pattern($1, fonts_t, fonts_t)
+	manage_files_pattern($1, fonts_t, fonts_t)
+	manage_lnk_files_pattern($1, fonts_t, fonts_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_fonts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes on a fonts cache directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_setattr_fonts_cache_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_setattr_fonts_cache_dirs'($*)) dnl
+	
+	gen_require(`
+		type fonts_cache_t;
+	')
+
+	allow $1 fonts_cache_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_setattr_fonts_cache_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes
+##	on a fonts cache directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_dontaudit_setattr_fonts_cache_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_dontaudit_setattr_fonts_cache_dirs'($*)) dnl
+	
+	gen_require(`
+		type fonts_cache_t;
+	')
+
+	dontaudit $1 fonts_cache_t:dir setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_dontaudit_setattr_fonts_cache_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete fonts cache.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_manage_fonts_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_fonts_cache'($*)) dnl
+	
+	gen_require(`
+		type fonts_cache_t;
+	')
+
+	files_search_var($1)
+
+	manage_dirs_pattern($1, fonts_cache_t, fonts_cache_t)
+	manage_files_pattern($1, fonts_cache_t, fonts_cache_t)
+	manage_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_fonts_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read hardware identification data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_read_hwdata',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_hwdata'($*)) dnl
+	
+	gen_require(`
+		type hwdata_t;
+	')
+
+	allow $1 hwdata_t:dir list_dir_perms;
+	read_files_pattern($1, hwdata_t, hwdata_t)
+	read_lnk_files_pattern($1, hwdata_t, hwdata_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_hwdata'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to setattr localization info
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_setattr_localization',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_setattr_localization'($*)) dnl
+	
+	gen_require(`
+		type locale_t;
+	')
+
+	files_search_usr($1)
+	allow $1 locale_t:dir list_dir_perms;
+	allow $1 locale_t:file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_setattr_localization'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to read localization information.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read the localization files.
+##	This is typically for time zone configuration files, such as
+##	/etc/localtime and files in /usr/share/zoneinfo.
+##	Typically, any domain which needs to know the GMT/UTC
+##	offset of the current timezone will need access
+##	to these files. Generally, it should be safe for any
+##	domain to read these files.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+ 	 	define(`miscfiles_read_localization',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_localization'($*)) dnl
+	
+	gen_require(`
+		type locale_t;
+	')
+
+	files_read_etc_symlinks($1)
+	files_search_usr($1)
+	allow $1 locale_t:dir list_dir_perms;
+	read_files_pattern($1, locale_t, locale_t)
+	read_lnk_files_pattern($1, locale_t, locale_t)
+	allow $1 locale_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_localization'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to write localization info
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_rw_localization',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_rw_localization'($*)) dnl
+	
+	gen_require(`
+		type locale_t;
+	')
+
+	files_search_usr($1)
+	allow $1 locale_t:dir list_dir_perms;
+	rw_files_pattern($1, locale_t, locale_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_rw_localization'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to relabel localization info
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_relabel_localization',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_relabel_localization'($*)) dnl
+	
+	gen_require(`
+		type locale_t;
+	')
+
+	files_search_usr($1)
+	relabel_files_pattern($1, locale_t, locale_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_relabel_localization'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow process to read legacy time localization info
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_legacy_read_localization',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_legacy_read_localization'($*)) dnl
+	
+	gen_require(`
+		type locale_t;
+	')
+
+	miscfiles_read_localization($1)
+	allow $1 locale_t:file execute;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_legacy_read_localization'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Watch time localization info
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_watch_localization',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_watch_localization'($*)) dnl
+	
+	gen_require(`
+		type locale_t;
+	')
+
+	allow $1 locale_t:file watch;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_watch_localization'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search man pages.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_search_man_pages',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_search_man_pages'($*)) dnl
+	
+	gen_require(`
+		type man_t, man_cache_t;
+	')
+
+	allow $1 { man_cache_t man_t }:dir search_dir_perms;
+	files_search_usr($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_search_man_pages'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search man pages.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_dontaudit_search_man_pages',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_dontaudit_search_man_pages'($*)) dnl
+	
+	gen_require(`
+		type man_t, man_cache_t;
+	')
+
+	dontaudit $1 { man_cache_t man_t }:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_dontaudit_search_man_pages'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read man pages
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_read_man_pages',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_man_pages'($*)) dnl
+	
+	gen_require(`
+		type man_t, man_cache_t;
+	')
+
+	files_search_usr($1)
+	allow $1 { man_cache_t man_t }:dir list_dir_perms;
+	read_files_pattern($1, { man_cache_t man_t }, { man_cache_t man_t })
+	read_lnk_files_pattern($1, { man_cache_t man_t }, { man_cache_t man_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_man_pages'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete man pages
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+# cjp: added for tmpreaper
+#
+ 	 	define(`miscfiles_delete_man_pages',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_delete_man_pages'($*)) dnl
+	
+	gen_require(`
+		type man_t, man_cache_t;
+	')
+
+	files_search_usr($1)
+	allow $1 { man_cache_t man_t }:dir { setattr_dir_perms list_dir_perms };
+	delete_dirs_pattern($1, { man_cache_t man_t }, { man_cache_t man_t })
+	delete_files_pattern($1, { man_cache_t man_t }, { man_cache_t man_t })
+	delete_lnk_files_pattern($1, { man_cache_t man_t }, { man_cache_t man_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_delete_man_pages'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete man pages
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_manage_man_pages',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_man_pages'($*)) dnl
+	
+	gen_require(`
+		type man_t, man_cache_t;
+	')
+
+	files_search_usr($1)
+	manage_dirs_pattern($1, { man_cache_t man_t }, { man_cache_t man_t })
+	manage_files_pattern($1, { man_cache_t man_t }, { man_cache_t man_t })
+	read_lnk_files_pattern($1, { man_cache_t man_t }, { man_cache_t man_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_man_pages'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read man cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_read_man_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_man_cache'($*)) dnl
+	
+	gen_require(`
+		type man_cache_t;
+	')
+
+	files_search_var($1)
+	allow $1 man_cache_t:dir list_dir_perms;
+	allow $1 man_cache_t:file read_file_perms;
+	allow $1 man_cache_t:lnk_file read_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_man_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Map man cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_map_man_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_map_man_cache'($*)) dnl
+	
+	gen_require(`
+		type man_cache_t;
+	')
+
+	allow $1 man_cache_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_map_man_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	man cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_manage_man_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_man_cache'($*)) dnl
+	
+	gen_require(`
+		type man_cache_t;
+	')
+
+	files_search_var($1)
+	allow $1 man_cache_t:dir manage_dir_perms;
+	allow $1 man_cache_t:file manage_file_perms;
+	allow $1 man_cache_t:lnk_file manage_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_man_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Relabel from and to man cache.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`miscfiles_relabel_man_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_relabel_man_cache'($*)) dnl
+	
+	gen_require(`
+		type man_cache_t;
+	')
+
+	relabel_dirs_pattern($1, man_cache_t, man_cache_t)
+	relabel_files_pattern($1, man_cache_t, man_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_relabel_man_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read public files used for file
+##	transfer services.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_read_public_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_public_files'($*)) dnl
+	
+	gen_require(`
+		type public_content_t, public_content_rw_t;
+	')
+
+	allow $1 { public_content_t public_content_rw_t }:dir list_dir_perms;
+	read_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t })
+	read_lnk_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_public_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete public files
+##	and directories used for file transfer services.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_manage_public_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_public_files'($*)) dnl
+	
+	gen_require(`
+		type public_content_rw_t;
+	')
+
+	manage_dirs_pattern($1, public_content_rw_t, public_content_rw_t)
+	manage_files_pattern($1, public_content_rw_t, public_content_rw_t)
+	manage_lnk_files_pattern($1, public_content_rw_t, public_content_rw_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_public_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read TeX data
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_read_tetex_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_tetex_data'($*)) dnl
+	
+	gen_require(`
+		type tetex_data_t;
+	')
+
+	files_search_var($1)
+	files_search_var_lib($1)
+
+	# cjp: TeX data can be in either of the above dirs
+	allow $1 tetex_data_t:dir list_dir_perms;
+	read_files_pattern($1, tetex_data_t, tetex_data_t)
+	read_lnk_files_pattern($1, tetex_data_t, tetex_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_tetex_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute TeX data programs in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_exec_tetex_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_exec_tetex_data'($*)) dnl
+	
+	gen_require(`
+		type tetex_data_t;
+	')
+
+	files_search_var($1)
+	files_search_var_lib($1)
+
+	# cjp: TeX data can be in either of the above dirs
+	allow $1 tetex_data_t:dir list_dir_perms;
+	exec_files_pattern($1, tetex_data_t, tetex_data_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_exec_tetex_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Let test files be an entry point for
+##	a specified domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_domain_entry_test_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_domain_entry_test_files'($*)) dnl
+	
+	gen_require(`
+		type test_file_t;
+	')
+
+	domain_entry_file($1, test_file_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_domain_entry_test_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read test files and directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_read_test_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_read_test_files'($*)) dnl
+	
+	gen_require(`
+		type test_file_t;
+	')
+
+	read_files_pattern($1, test_file_t, test_file_t)
+	read_lnk_files_pattern($1, test_file_t, test_file_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_read_test_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute test files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_exec_test_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_exec_test_files'($*)) dnl
+	
+	gen_require(`
+		type test_file_t;
+	')
+
+	exec_files_pattern($1, test_file_t, test_file_t)
+	read_lnk_files_pattern($1, test_file_t, test_file_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_exec_test_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create files in etc directories
+##	with localization file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`miscfiles_etc_filetrans_localization',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_etc_filetrans_localization'($*)) dnl
+	
+	gen_require(`
+		type locale_t;
+	')
+
+	files_etc_filetrans($1, locale_t, file)
+
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_etc_filetrans_localization'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete localization
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`miscfiles_manage_localization',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `miscfiles_manage_localization'($*)) dnl
+	
+	gen_require(`
+		type locale_t;
+	')
+
+	manage_dirs_pattern($1, locale_t, locale_t)
+	manage_files_pattern($1, locale_t, locale_t)
+	manage_lnk_files_pattern($1, locale_t, locale_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `miscfiles_manage_localization'($*)) dnl
+	')
+
+
+## <summary>Policy for logical volume management programs.</summary>
+
+########################################
+## <summary>
+##	Execute lvm programs in the lvm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`lvm_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_domtrans'($*)) dnl
+	
+	gen_require(`
+		type lvm_t, lvm_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, lvm_exec_t, lvm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute lvm programs in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lvm_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_exec'($*)) dnl
+	
+	gen_require(`
+		type lvm_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, lvm_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute lvm programs in the lvm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to allow the LVM domain.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lvm_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_run'($*)) dnl
+	
+	gen_require(`
+		type lvm_t;
+	')
+
+	lvm_domtrans($1)
+	role $2 types lvm_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Send lvm a null signal.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`lvm_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_signull'($*)) dnl
+	
+	gen_require(`
+		type lvm_t;
+	')
+
+	allow $1 lvm_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read LVM configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lvm_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_read_config'($*)) dnl
+	
+	gen_require(`
+		type lvm_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 lvm_etc_t:dir list_dir_perms;
+	read_files_pattern($1, lvm_etc_t, lvm_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage LVM configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lvm_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_manage_config'($*)) dnl
+	
+	gen_require(`
+		type lvm_etc_t;
+	')
+
+	files_search_etc($1)
+	manage_dirs_pattern($1, lvm_etc_t, lvm_etc_t)
+	manage_files_pattern($1, lvm_etc_t, lvm_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create lvm_lock_t directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`lvm_create_lock_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_create_lock_dirs'($*)) dnl
+	
+	gen_require(`
+		type lvm_lock_t;
+	')
+
+	create_dirs_pattern($1, lvm_lock_t, lvm_lock_t)
+	files_add_entry_lock_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_create_lock_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##      Read and write a lvm unnamed pipe.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+ 	 	define(`lvm_rw_inherited_pid_pipes',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_rw_inherited_pid_pipes'($*)) dnl
+	
+	gen_require(`
+		type lvm_runtime_t;
+	')
+
+	allow $1 lvm_runtime_t:fifo_file rw_inherited_fifo_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_rw_inherited_pid_pipes'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute a domain transition to run clvmd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`lvm_domtrans_clvmd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_domtrans_clvmd'($*)) dnl
+	
+	gen_require(`
+		type clvmd_t, clvmd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, clvmd_exec_t, clvmd_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_domtrans_clvmd'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	All of the rules required to
+##	administrate an lvm environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`lvm_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `lvm_admin'($*)) dnl
+	
+	gen_require(`
+		type clvmd_t, clvmd_initrc_exec_t, lvm_t, lvm_unit_t;
+		type lvm_etc_t, lvm_lock_t, lvm_metadata_t;
+		type lvm_var_lib_t, lvm_runtime_t, clvmd_runtime_t, lvm_tmp_t;
+	')
+
+	admin_process_pattern($1, { clvmd_t lvm_t })
+
+	init_startstop_service($1, $2, clvmd_t, clvmd_initrc_exec_t, lvm_unit_t)
+
+	files_search_etc($1)
+	admin_pattern($1, { lvm_etc_t lvm_metadata_t })
+
+	files_search_locks($1)
+	admin_pattern($1, lvm_lock_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, lvm_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, { lvm_runtime_t clvmd_runtime_t })
+
+	files_search_tmp($1)
+	admin_pattern($1, lvm_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `lvm_admin'($*)) dnl
+	')
+
+## <summary>Xen hypervisor.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run xend.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_domtrans'($*)) dnl
+	
+	gen_require(`
+		type xend_t, xend_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, xend_exec_t, xend_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute xend in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_exec'($*)) dnl
+	
+	gen_require(`
+		type xend_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, xend_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use xen file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_use_fds'($*)) dnl
+	
+	gen_require(`
+		type xend_t;
+	')
+
+	allow $1 xend_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit
+##	xen file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type xend_t;
+	')
+
+	dontaudit $1 xend_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	xend image directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_manage_image_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_manage_image_dirs'($*)) dnl
+	
+	gen_require(`
+		type xend_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_dirs_pattern($1, xend_var_lib_t, xend_var_lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_manage_image_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read xend image files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_read_image_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_read_image_files'($*)) dnl
+	
+	gen_require(`
+		type xen_image_t, xend_var_lib_t;
+	')
+
+	files_list_var_lib($1)
+	list_dirs_pattern($1, xend_var_lib_t, xend_var_lib_t)
+	read_files_pattern($1, { xend_var_lib_t xen_image_t }, xen_image_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_read_image_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write xend image files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_rw_image_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_rw_image_files'($*)) dnl
+	
+	gen_require(`
+		type xen_image_t, xend_var_lib_t;
+	')
+
+	files_list_var_lib($1)
+	allow $1 xend_var_lib_t:dir search_dir_perms;
+	rw_files_pattern($1, xen_image_t, xen_image_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_rw_image_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Append xend log files.
+## </summary>
+## <param name="domain">
+## 	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+#
+ 	 	define(`xen_append_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_append_log'($*)) dnl
+	
+	gen_require(`
+		type xend_var_log_t;
+	')
+
+	logging_search_logs($1)
+	append_files_pattern($1, xend_var_log_t, xend_var_log_t)
+	dontaudit $1 xend_var_log_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_append_log'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	xend log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_manage_log',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_manage_log'($*)) dnl
+	
+	gen_require(`
+		type xend_var_log_t;
+	')
+
+	logging_search_logs($1)
+	manage_dirs_pattern($1, xend_var_log_t, xend_var_log_t)
+	manage_files_pattern($1, xend_var_log_t, xend_var_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_manage_log'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read xenstored pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_read_xenstored_pid_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_read_xenstored_pid_files'($*)) dnl
+	
+	gen_require(`
+		type xenstored_runtime_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, xenstored_runtime_t, xenstored_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_read_xenstored_pid_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	Xen unix domain stream sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_dontaudit_rw_unix_stream_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_dontaudit_rw_unix_stream_sockets'($*)) dnl
+	
+	gen_require(`
+		type xend_t;
+	')
+
+	dontaudit $1 xend_t:unix_stream_socket { read write };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_dontaudit_rw_unix_stream_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to xenstored with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_stream_connect_xenstore',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_stream_connect_xenstore'($*)) dnl
+	
+	gen_require(`
+		type xenstored_t, xenstored_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, xenstored_runtime_t, xenstored_runtime_t, xenstored_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_stream_connect_xenstore'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to xend with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type xend_t, xend_runtime_t, xend_var_lib_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, xend_runtime_t, xend_runtime_t, xend_t)
+
+	files_search_var_lib($1)
+	stream_connect_pattern($1, xend_var_lib_t, xend_var_lib_t, xend_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create in a xend_runtime_t directory
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="private type">
+##      <summary>
+##      The type of the object to be created.
+##      </summary>
+## </param>
+## <param name="object">
+##      <summary>
+##      The object class of the object being created.
+##      </summary>
+## </param>
+#
+ 	 	define(`xen_pid_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_pid_filetrans'($*)) dnl
+	
+	gen_require(`
+		type xend_runtime_t;
+	')
+
+	filetrans_pattern($1, xend_runtime_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_pid_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run xm.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`xen_domtrans_xm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_domtrans_xm'($*)) dnl
+	
+	gen_require(`
+		type xm_t, xm_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, xm_exec_t, xm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_domtrans_xm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to xm with a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`xen_stream_connect_xm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `xen_stream_connect_xm'($*)) dnl
+	
+	gen_require(`
+		type xm_t, xenstored_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, xenstored_runtime_t, xenstored_runtime_t, xm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `xen_stream_connect_xm'($*)) dnl
+	')
+
+## <summary>Administration tool for IP packet filtering and NAT.</summary>
+
+########################################
+## <summary>
+##	Execute iptables in the iptables domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_domtrans'($*)) dnl
+	
+	gen_require(`
+		type iptables_t, iptables_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, iptables_exec_t, iptables_t)
+
+	ifdef(`hide_broken_symptoms', `
+		dontaudit iptables_t $1:socket_class_set { read write };
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute iptables in the iptables domain, and
+##	allow the specified role the iptables domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`iptables_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_run'($*)) dnl
+	
+	gen_require(`
+		attribute_role iptables_roles;
+	')
+
+	iptables_domtrans($1)
+	roleattribute $2 iptables_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute iptables in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_exec'($*)) dnl
+	
+	gen_require(`
+		type iptables_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, iptables_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute iptables init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_initrc_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_initrc_domtrans'($*)) dnl
+	
+	gen_require(`
+		type iptables_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, iptables_initrc_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_initrc_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of iptables config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_setattr_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_setattr_config'($*)) dnl
+	
+	gen_require(`
+		type iptables_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 iptables_conf_t:file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_setattr_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read iptables config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_read_config'($*)) dnl
+	
+	gen_require(`
+		type iptables_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 iptables_conf_t:dir list_dir_perms;
+	read_files_pattern($1, iptables_conf_t, iptables_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create files in /etc with the type used for
+##	the iptables config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_etc_filetrans_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_etc_filetrans_config'($*)) dnl
+	
+	gen_require(`
+		type iptables_conf_t;
+	')
+
+	files_etc_filetrans($1, iptables_conf_t, file)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_etc_filetrans_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage iptables config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_manage_config'($*)) dnl
+	
+	gen_require(`
+		type iptables_conf_t;
+	')
+
+	files_search_etc($1)
+	manage_files_pattern($1, iptables_conf_t, iptables_conf_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_manage_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit reading iptables_runtime_t
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_dontaudit_read_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_dontaudit_read_pids'($*)) dnl
+	
+	gen_require(`
+		type iptables_runtime_t;
+	')
+
+	dontaudit $1 iptables_runtime_t:file read;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_dontaudit_read_pids'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to start and stop iptables service
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_startstop',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_startstop'($*)) dnl
+	
+	gen_require(`
+		type iptables_unit_t;
+		class service { start stop };
+	')
+
+	allow $1 iptables_unit_t:service { start stop };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_startstop'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow specified domain to get status of iptables service
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iptables_status',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_status'($*)) dnl
+	
+	gen_require(`
+		type iptables_unit_t;
+		class service status;
+	')
+
+	allow $1 iptables_unit_t:service status;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_status'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an iptables
+##	environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`iptables_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iptables_admin'($*)) dnl
+	
+	gen_require(`
+		type iptables_t, iptables_initrc_exec_t, iptables_conf_t;
+		type iptables_tmp_t, iptables_runtime_t, iptables_unit_t;
+	')
+
+	admin_process_pattern($1, iptables_t)
+
+	init_startstop_service($1, $2, iptables_t, iptables_initrc_exec_t, iptables_unit_t)
+
+	files_search_etc($1)
+	admin_pattern($1, iptables_conf_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, iptables_tmp_t)
+
+	files_search_pids($1)
+	admin_pattern($1, iptables_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iptables_admin'($*)) dnl
+	')
+
+## <summary>Policy for reading and setting the hardware clock.</summary>
+
+########################################
+## <summary>
+##	Execute hwclock in the clock domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`clock_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clock_domtrans'($*)) dnl
+	
+	gen_require(`
+		type hwclock_t, hwclock_exec_t;
+	')
+
+	domtrans_pattern($1, hwclock_exec_t, hwclock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clock_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute hwclock in the clock domain, and
+##	allow the specified role the hwclock domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`clock_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clock_run'($*)) dnl
+	
+	gen_require(`
+		type hwclock_t;
+	')
+
+	clock_domtrans($1)
+	role $2 types hwclock_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clock_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## 	Execute hwclock in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+## 	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clock_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clock_exec'($*)) dnl
+	
+	gen_require(`
+		type hwclock_exec_t;
+	')
+
+	can_exec($1, hwclock_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clock_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read clock drift adjustments.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clock_read_adjtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clock_read_adjtime'($*)) dnl
+	
+	gen_require(`
+		type adjtime_t;
+	')
+
+	files_list_etc($1)
+	allow $1 adjtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clock_read_adjtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write clock drift adjustments.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`clock_dontaudit_write_adjtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clock_dontaudit_write_adjtime'($*)) dnl
+	
+	gen_require(`
+		type adjtime_t;
+	')
+
+	dontaudit $1 adjtime_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clock_dontaudit_write_adjtime'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write clock drift adjustments.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`clock_rw_adjtime',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `clock_rw_adjtime'($*)) dnl
+	
+	gen_require(`
+		type adjtime_t;
+	')
+
+	allow $1 adjtime_t:file rw_file_perms;
+	files_list_etc($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `clock_rw_adjtime'($*)) dnl
+	')
+
+## <summary>Establish connections to iSCSI devices.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run iscsid.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`iscsid_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iscsid_domtrans'($*)) dnl
+	
+	gen_require(`
+		type iscsid_t, iscsid_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, iscsid_exec_t, iscsid_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iscsid_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	iscsid sempaphores.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iscsi_manage_semaphores',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iscsi_manage_semaphores'($*)) dnl
+	
+	gen_require(`
+		type iscsid_t;
+	')
+
+	allow $1 iscsid_t:sem create_sem_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iscsi_manage_semaphores'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to iscsid using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iscsi_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iscsi_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type iscsid_t, iscsi_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	stream_connect_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t, iscsid_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iscsi_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read iscsid lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`iscsi_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iscsi_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type iscsi_var_lib_t;
+	')
+
+	read_files_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t)
+	allow $1 iscsi_var_lib_t:dir list_dir_perms;
+	files_search_var_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iscsi_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an iscsi environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`iscsi_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `iscsi_admin'($*)) dnl
+	
+	gen_require(`
+		type iscsid_t, iscsi_lock_t, iscsi_log_t;
+		type iscsi_var_lib_t, iscsi_runtime_t, iscsi_tmp_t;
+		type iscsi_initrc_exec_t;
+	')
+
+	allow $1 iscsid_t:process { ptrace signal_perms };
+	ps_process_pattern($1, iscsid_t)
+
+	init_startstop_service($1, $2, iscsi_t, iscsi_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, iscsi_log_t)
+
+	files_search_locks($1)
+	admin_pattern($1, iscsi_lock_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, iscsi_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, iscsi_runtime_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, iscsi_tmp_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `iscsi_admin'($*)) dnl
+	')
+
+## <summary>RAID array management tools.</summary>
+
+########################################
+## <summary>
+##	Execute software raid tools in
+##	the mdadm domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`raid_domtrans_mdadm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `raid_domtrans_mdadm'($*)) dnl
+	
+	gen_require(`
+		type mdadm_t, mdadm_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, mdadm_exec_t, mdadm_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `raid_domtrans_mdadm'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Execute mdadm in the mdadm
+##	domain, and allow the specified
+##	role the mdadm domain.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`raid_run_mdadm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `raid_run_mdadm'($*)) dnl
+	
+	gen_require(`
+		attribute_role mdadm_roles;
+	')
+
+	raid_domtrans_mdadm($2)
+	roleattribute $1 mdadm_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `raid_run_mdadm'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	read mdadm pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`raid_read_mdadm_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `raid_read_mdadm_pid'($*)) dnl
+	
+	gen_require(`
+		type mdadm_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 mdadm_runtime_t:dir list_dir_perms;
+	allow $1 mdadm_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `raid_read_mdadm_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	mdadm pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`raid_manage_mdadm_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `raid_manage_mdadm_pid'($*)) dnl
+	
+	gen_require(`
+		type mdadm_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 mdadm_runtime_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `raid_manage_mdadm_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an mdadm environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`raid_admin_mdadm',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `raid_admin_mdadm'($*)) dnl
+	
+	gen_require(`
+		type mdadm_t, mdadm_initrc_exec_t, mdadm_runtime_t;
+	')
+
+	allow $1 mdadm_t:process { ptrace signal_perms };
+	ps_process_pattern($1, mdadm_t)
+
+	init_startstop_service($1, $2, mdadm_t, mdadm_initrc_exec_t)
+
+	files_search_pids($1)
+	admin_pattern($1, mdadm_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `raid_admin_mdadm'($*)) dnl
+	')
+
+## <summary>TCP/IP encryption</summary>
+
+########################################
+## <summary>
+##	Execute ipsec in the ipsec domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_domtrans'($*)) dnl
+	
+	gen_require(`
+		type ipsec_t, ipsec_exec_t;
+	')
+
+	domtrans_pattern($1, ipsec_exec_t, ipsec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to IPSEC using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_stream_connect',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_stream_connect'($*)) dnl
+	
+	gen_require(`
+		type ipsec_t, ipsec_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, ipsec_runtime_t, ipsec_runtime_t, ipsec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_stream_connect'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ipsec in the ipsec mgmt domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_domtrans_mgmt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_domtrans_mgmt'($*)) dnl
+	
+	gen_require(`
+		type ipsec_mgmt_t, ipsec_mgmt_exec_t;
+	')
+
+	domtrans_pattern($1, ipsec_mgmt_exec_t, ipsec_mgmt_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_domtrans_mgmt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Connect to racoon using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_stream_connect_racoon',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_stream_connect_racoon'($*)) dnl
+	
+	gen_require(`
+		type racoon_t, ipsec_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, ipsec_runtime_t, ipsec_runtime_t, racoon_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_stream_connect_racoon'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of an IPSEC key socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_getattr_key_sockets',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_getattr_key_sockets'($*)) dnl
+	
+	gen_require(`
+		type ipsec_t;
+	')
+
+	allow $1 ipsec_t:key_socket getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_getattr_key_sockets'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the IPSEC management program in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_exec_mgmt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_exec_mgmt'($*)) dnl
+	
+	gen_require(`
+		type ipsec_exec_t;
+	')
+
+	can_exec($1, ipsec_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_exec_mgmt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send ipsec mgmt a general signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`ipsec_signal_mgmt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_signal_mgmt'($*)) dnl
+	
+	gen_require(`
+		type ipsec_mgmt_t;
+	')
+
+	allow $1 ipsec_mgmt_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_signal_mgmt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send ipsec mgmt a null signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`ipsec_signull_mgmt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_signull_mgmt'($*)) dnl
+	
+	gen_require(`
+		type ipsec_mgmt_t;
+	')
+
+	allow $1 ipsec_mgmt_t:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_signull_mgmt'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send ipsec mgmt a kill signal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+ 	 	define(`ipsec_kill_mgmt',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_kill_mgmt'($*)) dnl
+	
+	gen_require(`
+		type ipsec_mgmt_t;
+	')
+
+	allow $1 ipsec_mgmt_t:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_kill_mgmt'($*)) dnl
+	')
+
+
+######################################
+## <summary>
+##	Send and receive messages from
+##	ipsec-mgmt over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_mgmt_dbus_chat',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_mgmt_dbus_chat'($*)) dnl
+	
+	gen_require(`
+		type ipsec_mgmt_t;
+		class dbus send_msg;
+	')
+
+	allow $1 ipsec_mgmt_t:dbus send_msg;
+	allow ipsec_mgmt_t $1:dbus send_msg;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_mgmt_dbus_chat'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the IPSEC configuration
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ipsec_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_read_config'($*)) dnl
+	
+	gen_require(`
+		type ipsec_conf_file_t;
+	')
+
+	files_search_etc($1)
+	allow $1 ipsec_conf_file_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Match the default SPD entry.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_match_default_spd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_match_default_spd'($*)) dnl
+	
+	gen_require(`
+		type ipsec_spd_t;
+	')
+
+	allow $1 ipsec_spd_t:association polmatch;
+	allow $1 self:association sendto;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_match_default_spd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the context of a SPD entry to
+##	the default context.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_setcontext_default_spd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_setcontext_default_spd'($*)) dnl
+	
+	gen_require(`
+		type ipsec_spd_t;
+	')
+
+	allow $1 ipsec_spd_t:association setcontext;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_setcontext_default_spd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	write the ipsec_runtime_t files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_write_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_write_pid'($*)) dnl
+	
+	gen_require(`
+		type ipsec_runtime_t;
+	')
+
+	files_search_pids($1)
+	write_files_pattern($1, ipsec_runtime_t, ipsec_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_write_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete the IPSEC pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_manage_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_manage_pid'($*)) dnl
+	
+	gen_require(`
+		type ipsec_runtime_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, ipsec_runtime_t, ipsec_runtime_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_manage_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute racoon in the racoon domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_domtrans_racoon',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_domtrans_racoon'($*)) dnl
+	
+	gen_require(`
+		type racoon_t, racoon_exec_t;
+	')
+
+	domtrans_pattern($1, racoon_exec_t, racoon_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_domtrans_racoon'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute racoon and allow the specified role the domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ipsec_run_racoon',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_run_racoon'($*)) dnl
+	
+	gen_require(`
+		type racoon_t;
+	')
+
+	ipsec_domtrans_racoon($1)
+	role $2 types racoon_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_run_racoon'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute setkey in the setkey domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`ipsec_domtrans_setkey',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_domtrans_setkey'($*)) dnl
+	
+	gen_require(`
+		type setkey_t, setkey_exec_t;
+	')
+
+	domtrans_pattern($1, setkey_exec_t, setkey_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_domtrans_setkey'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute setkey and allow the specified role the domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access..
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ipsec_run_setkey',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_run_setkey'($*)) dnl
+	
+	gen_require(`
+		type setkey_t;
+	')
+
+	ipsec_domtrans_setkey($1)
+	role $2 types setkey_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_run_setkey'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an ipsec environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`ipsec_admin',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `ipsec_admin'($*)) dnl
+	
+	gen_require(`
+		type ipsec_t, ipsec_initrc_exec_t, ipsec_conf_file_t;
+		type ipsec_key_file_t, ipsec_log_t, ipsec_tmp_t;
+		type ipsec_runtime_t, ipsec_mgmt_lock_t;
+		type ipsec_mgmt_runtime_t, racoon_tmp_t;
+		type ipsec_unit_t;
+	')
+
+	allow $1 ipsec_t:process { ptrace signal_perms };
+	ps_process_pattern($1, ipsec_t)
+
+	init_startstop_service($1, $2, ipsec_t, ipsec_initrc_exec_t, ipsec_unit_t)
+
+	ipsec_exec_mgmt($1)
+	ipsec_stream_connect($1)
+	# for lsof
+	ipsec_getattr_key_sockets($1)
+
+	files_search_etc($1)
+	admin_pattern($1, { ipsec_conf_file_t ipsec_key_file_t })
+
+	files_search_tmp($1)
+	admin_pattern($1, { ipsec_tmp_t racoon_tmp_t })
+
+	files_search_pids($1)
+	admin_pattern($1, { ipsec_runtime_t ipsec_mgmt_runtime_t })
+
+	files_search_locks($1)
+	admin_pattern($1, ipsec_mgmt_lock_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, ipsec_log_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `ipsec_admin'($*)) dnl
+	')
+
+## <summary>Policy for SELinux policy and userland applications.</summary>
+
+#######################################
+## <summary>
+##	Execute checkpolicy in the checkpolicy domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_domtrans_checkpolicy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_domtrans_checkpolicy'($*)) dnl
+	
+	gen_require(`
+		type checkpolicy_t, checkpolicy_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domtrans_pattern($1, checkpolicy_exec_t, checkpolicy_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_domtrans_checkpolicy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute checkpolicy in the checkpolicy domain, and
+##	allow the specified role the checkpolicy domain,
+##	and use the caller's terminal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_run_checkpolicy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_run_checkpolicy'($*)) dnl
+	
+	gen_require(`
+		type checkpolicy_t;
+	')
+
+	seutil_domtrans_checkpolicy($1)
+	role $2 types checkpolicy_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_run_checkpolicy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute checkpolicy in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_exec_checkpolicy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_exec_checkpolicy'($*)) dnl
+	
+	gen_require(`
+		type checkpolicy_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	can_exec($1, checkpolicy_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_exec_checkpolicy'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute load_policy in the load_policy domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_domtrans_loadpolicy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_domtrans_loadpolicy'($*)) dnl
+	
+	gen_require(`
+		type load_policy_t, load_policy_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, load_policy_exec_t, load_policy_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_domtrans_loadpolicy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute load_policy in the load_policy domain, and
+##	allow the specified role the load_policy domain,
+##	and use the caller's terminal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_run_loadpolicy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_run_loadpolicy'($*)) dnl
+	
+	gen_require(`
+		type load_policy_t;
+	')
+
+	seutil_domtrans_loadpolicy($1)
+	role $2 types load_policy_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_run_loadpolicy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute load_policy in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_exec_loadpolicy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_exec_loadpolicy'($*)) dnl
+	
+	gen_require(`
+		type load_policy_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, load_policy_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_exec_loadpolicy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the load_policy program file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_read_loadpolicy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_read_loadpolicy'($*)) dnl
+	
+	gen_require(`
+		type load_policy_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	allow $1 load_policy_exec_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_read_loadpolicy'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Execute newrole in the newole domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_domtrans_newrole',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_domtrans_newrole'($*)) dnl
+	
+	gen_require(`
+		type newrole_t, newrole_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domtrans_pattern($1, newrole_exec_t, newrole_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_domtrans_newrole'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute newrole in the newrole domain, and
+##	allow the specified role the newrole domain,
+##	and use the caller's terminal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_run_newrole',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_run_newrole'($*)) dnl
+	
+	gen_require(`
+		attribute_role newrole_roles;
+	')
+
+	seutil_domtrans_newrole($1)
+	roleattribute $2 newrole_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_run_newrole'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute newrole in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_exec_newrole',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_exec_newrole'($*)) dnl
+	
+	gen_require(`
+		type newrole_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	can_exec($1, newrole_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_exec_newrole'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit the caller attempts to send
+##	a signal to newrole.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_dontaudit_signal_newrole',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_dontaudit_signal_newrole'($*)) dnl
+	
+	gen_require(`
+		type newrole_t;
+	')
+
+	dontaudit $1 newrole_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_dontaudit_signal_newrole'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send a SIGCHLD signal to newrole.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to send a SIGCHLD
+##	signal to newrole.  This signal is automatically
+##	sent from a process that is terminating to
+##	its parent.  This may be needed by domains
+##	that are executed from newrole.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="1"/>
+#
+ 	 	define(`seutil_sigchld_newrole',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_sigchld_newrole'($*)) dnl
+	
+	gen_require(`
+		type newrole_t;
+	')
+
+	allow $1 newrole_t:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_sigchld_newrole'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use newrole file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_use_newrole_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_use_newrole_fds'($*)) dnl
+	
+	gen_require(`
+		type newrole_t;
+	')
+
+	allow $1 newrole_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_use_newrole_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit and use
+##	newrole file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_dontaudit_use_newrole_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_dontaudit_use_newrole_fds'($*)) dnl
+	
+	gen_require(`
+		type newrole_t;
+	')
+
+	dontaudit $1 newrole_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_dontaudit_use_newrole_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute run_init in the run_init domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_domtrans_runinit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_domtrans_runinit'($*)) dnl
+	
+	gen_require(`
+		type run_init_t, run_init_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domtrans_pattern($1, run_init_exec_t, run_init_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_domtrans_runinit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute file in the run_init domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute file in the run_init domain.
+##	This is used for the Gentoo integrated run_init.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Type of entry file.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_labeled_init_script_domtrans_runinit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_labeled_init_script_domtrans_runinit'($*)) dnl
+	
+	gen_require(`
+		type run_init_t;
+	')
+
+	domain_entry_file(run_init_t, $2)
+	domain_auto_transition_pattern($1, $2, run_init_t)
+
+	allow run_init_t $1:fd use;
+	allow run_init_t $1:fifo_file rw_file_perms;
+	allow run_init_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_labeled_init_script_domtrans_runinit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute init scripts in the run_init domain.
+## </summary>
+## <desc>
+##	<p>
+##	Execute init scripts in the run_init domain.
+##	This is used for the Gentoo integrated run_init.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_init_script_domtrans_runinit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_init_script_domtrans_runinit'($*)) dnl
+	
+	gen_require(`
+		type run_init_t;
+	')
+
+	init_script_file_domtrans($1, run_init_t)
+
+	allow run_init_t $1:fd use;
+	allow run_init_t $1:fifo_file rw_file_perms;
+	allow run_init_t $1:process sigchld;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_init_script_domtrans_runinit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute run_init in the run_init domain, and
+##	allow the specified role the run_init domain,
+##	and use the caller's terminal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_run_runinit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_run_runinit'($*)) dnl
+	
+	gen_require(`
+		attribute_role run_init_roles;
+	')
+
+	seutil_domtrans_runinit($1)
+	roleattribute $2 run_init_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_run_runinit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute init scripts in the run_init domain, and
+##	allow the specified role the run_init domain,
+##	and use the caller's terminal.
+## </summary>
+## <desc>
+##	<p>
+##	Execute init scripts in the run_init domain, and
+##	allow the specified role the run_init domain,
+##	and use the caller's terminal.
+##	</p>
+##	<p>
+##	This is used for the Gentoo integrated run_init.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_init_script_run_runinit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_init_script_run_runinit'($*)) dnl
+	
+	gen_require(`
+		attribute_role run_init_roles;
+	')
+
+	seutil_init_script_domtrans_runinit($1)
+	roleattribute $2 run_init_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_init_script_run_runinit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute specified file in the run_init domain, and
+##	allow the specified role the run_init domain,
+##	and use the caller's terminal.
+## </summary>
+## <desc>
+##	<p>
+##	Execute specified file in the run_init domain, and
+##	allow the specified role the run_init domain,
+##	and use the caller's terminal.
+##	</p>
+##	<p>
+##	This is used for the Gentoo integrated run_init.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Type of init script.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_labeled_init_script_run_runinit',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_labeled_init_script_run_runinit'($*)) dnl
+	
+	gen_require(`
+		attribute_role run_init_roles;
+	')
+
+	seutil_labeled_init_script_domtrans_runinit($1, $3)
+	roleattribute $2 run_init_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_labeled_init_script_run_runinit'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use run_init file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_use_runinit_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_use_runinit_fds'($*)) dnl
+	
+	gen_require(`
+		type run_init_t;
+	')
+
+	allow $1 run_init_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_use_runinit_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute setfiles in the setfiles domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_domtrans_setfiles',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_domtrans_setfiles'($*)) dnl
+	
+	gen_require(`
+		type setfiles_t, setfiles_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domtrans_pattern($1, setfiles_exec_t, setfiles_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_domtrans_setfiles'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute setfiles in the setfiles domain, and
+##	allow the specified role the setfiles domain,
+##	and use the caller's terminal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_run_setfiles',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_run_setfiles'($*)) dnl
+	
+	gen_require(`
+		type setfiles_t;
+	')
+
+	seutil_domtrans_setfiles($1)
+	role $2 types setfiles_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_run_setfiles'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute setfiles in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_exec_setfiles',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_exec_setfiles'($*)) dnl
+	
+	gen_require(`
+		type setfiles_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	can_exec($1, setfiles_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_exec_setfiles'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the SELinux
+##	configuration directory (/etc/selinux).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_dontaudit_search_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_dontaudit_search_config'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t;
+	')
+
+	dontaudit $1 selinux_config_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_dontaudit_search_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read the SELinux
+##	userland configuration (/etc/selinux).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_dontaudit_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_dontaudit_read_config'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t;
+	')
+
+	dontaudit $1 selinux_config_t:dir search_dir_perms;
+	dontaudit $1 selinux_config_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_dontaudit_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the general SELinux configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_read_config'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir list_dir_perms;
+	read_files_pattern($1, selinux_config_t, selinux_config_t)
+	read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the general SELinux configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_rw_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_rw_config'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir list_dir_perms;
+	rw_files_pattern($1, selinux_config_t, selinux_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_rw_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	the general selinux configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_manage_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_manage_config'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t;
+	')
+
+	files_search_etc($1)
+	manage_files_pattern($1, selinux_config_t, selinux_config_t)
+	read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_manage_config'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Create, read, write, and delete
+##	the general selinux configuration directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_manage_config_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_manage_config_dirs'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_manage_config_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the policy directory with default_context files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_search_default_contexts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_search_default_contexts'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, default_context_t;
+	')
+
+	files_search_etc($1)
+	search_dirs_pattern($1, selinux_config_t, default_context_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_search_default_contexts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the default_contexts files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_read_default_contexts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_read_default_contexts'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, default_context_t;
+	')
+
+	files_search_etc($1)
+	list_dirs_pattern($1, selinux_config_t, default_context_t)
+	read_files_pattern($1, default_context_t, default_context_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_read_default_contexts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete the default_contexts files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_manage_default_contexts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_manage_default_contexts'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, default_context_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir search_dir_perms;
+	manage_files_pattern($1, default_context_t, default_context_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_manage_default_contexts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the file_contexts files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_read_file_contexts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_read_file_contexts'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, default_context_t, file_context_t;
+	')
+
+	files_search_etc($1)
+	allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
+	read_files_pattern($1, file_context_t, file_context_t)
+	allow $1 file_context_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_read_file_contexts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read the file_contexts files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_dontaudit_read_file_contexts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_dontaudit_read_file_contexts'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, default_context_t, file_context_t;
+	')
+
+	dontaudit $1 { selinux_config_t default_context_t file_context_t }:dir search_dir_perms;
+	dontaudit $1 file_context_t:file read_file_perms;
+	dontaudit $1 file_context_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_dontaudit_read_file_contexts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the file_contexts files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_rw_file_contexts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_rw_file_contexts'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, file_context_t, default_context_t;
+	')
+
+	files_search_etc($1)
+	allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
+	rw_files_pattern($1, file_context_t, file_context_t)
+	allow $1 file_context_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_rw_file_contexts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete the file_contexts files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_manage_file_contexts',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_manage_file_contexts'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, file_context_t, default_context_t;
+	')
+
+	files_search_etc($1)
+	allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
+	manage_files_pattern($1, file_context_t, file_context_t)
+	allow $1 file_context_t:file map;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_manage_file_contexts'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the SELinux binary policy.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_read_bin_policy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_read_bin_policy'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, policy_config_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir search_dir_perms;
+	read_files_pattern($1, policy_config_t, policy_config_t)
+	allow $1 policy_config_t:file map;
+
+	ifdef(`distro_gentoo',`
+		# Allow sesearch to read /etc/selinux/.../policy
+		# Otherwise it returns "No default policy found"
+		allow $1 policy_config_t:dir list_dir_perms;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_read_bin_policy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create the SELinux binary policy.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_create_bin_policy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_create_bin_policy'($*)) dnl
+	
+	gen_require(`
+#		attribute can_write_binary_policy;
+		type selinux_config_t, policy_config_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir search_dir_perms;
+	create_files_pattern($1, policy_config_t, policy_config_t)
+	write_files_pattern($1, policy_config_t, policy_config_t)
+#	typeattribute $1 can_write_binary_policy;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_create_bin_policy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Allow the caller to relabel a file to the binary policy type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_relabelto_bin_policy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_relabelto_bin_policy'($*)) dnl
+	
+	gen_require(`
+		attribute can_relabelto_binary_policy;
+		type policy_config_t;
+	')
+
+	allow $1 policy_config_t:file relabelto;
+	typeattribute $1 can_relabelto_binary_policy;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_relabelto_bin_policy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete the SELinux
+##	binary policy.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_manage_bin_policy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_manage_bin_policy'($*)) dnl
+	
+	gen_require(`
+		attribute can_write_binary_policy;
+		type selinux_config_t, policy_config_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir search_dir_perms;
+	manage_files_pattern($1, policy_config_t, policy_config_t)
+	typeattribute $1 can_write_binary_policy;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_manage_bin_policy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read SELinux policy source files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_read_src_policy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_read_src_policy'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, policy_src_t;
+	')
+
+	files_search_etc($1)
+	list_dirs_pattern($1, selinux_config_t, policy_src_t)
+	read_files_pattern($1, policy_src_t, policy_src_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_read_src_policy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete SELinux
+##	policy source files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_manage_src_policy',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_manage_src_policy'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, policy_src_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir search_dir_perms;
+	manage_dirs_pattern($1, policy_src_t, policy_src_t)
+	manage_files_pattern($1, policy_src_t, policy_src_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_manage_src_policy'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run semanage.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_domtrans_semanage',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_domtrans_semanage'($*)) dnl
+	
+	gen_require(`
+		type semanage_t, semanage_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domtrans_pattern($1, semanage_exec_t, semanage_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_domtrans_semanage'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute semanage in the semanage domain, and
+##	allow the specified role the semanage domain,
+##	and use the caller's terminal.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`seutil_run_semanage',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_run_semanage'($*)) dnl
+	
+	gen_require(`
+		attribute_role semanage_roles;
+	')
+
+	seutil_domtrans_semanage($1)
+	roleattribute $2 semanage_roles;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_run_semanage'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the semanage module store.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_read_module_store',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_read_module_store'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, semanage_store_t;
+	')
+
+	files_search_etc($1)
+	files_search_var($1)
+	list_dirs_pattern($1, selinux_config_t, semanage_store_t)
+	list_dirs_pattern($1, semanage_store_t, semanage_store_t)
+	read_files_pattern($1, semanage_store_t, semanage_store_t)
+	allow $1 semanage_store_t:file map;
+	read_lnk_files_pattern($1, semanage_store_t, semanage_store_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_read_module_store'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Full management of the semanage
+##	module store.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_manage_module_store',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_manage_module_store'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, semanage_store_t;
+	')
+
+	files_search_etc($1)
+	files_search_var($1)
+	manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
+	manage_dirs_pattern($1, semanage_store_t, semanage_store_t)
+	manage_files_pattern($1, semanage_store_t, semanage_store_t)
+	allow $1 semanage_store_t:file map;
+	manage_lnk_files_pattern($1, semanage_store_t, semanage_store_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_manage_module_store'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Get read lock on module store
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_get_semanage_read_lock',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_get_semanage_read_lock'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, semanage_read_lock_t;
+	')
+
+	files_search_etc($1)
+	rw_files_pattern($1, selinux_config_t, semanage_read_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_get_semanage_read_lock'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Get trans lock on module store
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_get_semanage_trans_lock',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_get_semanage_trans_lock'($*)) dnl
+	
+	gen_require(`
+		type selinux_config_t, semanage_trans_lock_t;
+	')
+
+	files_search_etc($1)
+	rw_files_pattern($1, selinux_config_t, semanage_trans_lock_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_get_semanage_trans_lock'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	SELinux-enabled program access for
+##	libselinux-linked programs.
+## </summary>
+## <desc>
+##	<p>
+##	SELinux-enabled programs are typically
+##	linked to the libselinux library.  This
+##	interface will allow access required for
+##	the libselinux constructor to function.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_libselinux_linked',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_libselinux_linked'($*)) dnl
+	
+	selinux_get_fs_mount($1)
+	seutil_read_config($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_libselinux_linked'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit SELinux-enabled program access for
+##	libselinux-linked programs.
+## </summary>
+## <desc>
+##	<p>
+##	SELinux-enabled programs are typically
+##	linked to the libselinux library.  This
+##	interface will dontaudit access required for
+##	the libselinux constructor to function.
+##	</p>
+##	<p>
+##	Generally this should not be used on anything
+##	but simple SELinux-enabled programs that do not
+##	rely on data initialized by the libselinux
+##	constructor.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`seutil_dontaudit_libselinux_linked',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `seutil_dontaudit_libselinux_linked'($*)) dnl
+	
+	selinux_dontaudit_get_fs_mount($1)
+	seutil_dontaudit_read_config($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `seutil_dontaudit_libselinux_linked'($*)) dnl
+	')
+
+## <summary>Policy for user executable applications.</summary>
+
+########################################
+## <summary>
+##	Make the specified type usable as an application domain.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a domain type.
+##	</summary>
+## </param>
+#
+ 	 	define(`application_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_type'($*)) dnl
+	
+	gen_require(`
+		attribute application_domain_type;
+	')
+
+	typeattribute $1 application_domain_type;
+
+	# start with basic domain
+	domain_type($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified type usable for files
+##	that are exectuables, such as binary programs.
+##	This does not include shared libraries.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used for files.
+##	</summary>
+## </param>
+#
+ 	 	define(`application_executable_file',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_executable_file'($*)) dnl
+	
+	gen_require(`
+		attribute application_exec_type;
+	')
+
+	typeattribute $1 application_exec_type;
+
+	corecmd_executable_file($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_executable_file'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+## Execute application executables in the caller domain.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`application_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_exec'($*)) dnl
+	
+	gen_require(`
+		attribute application_exec_type;
+	')
+
+	can_exec($1, application_exec_type)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute all executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`application_exec_all',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_exec_all'($*)) dnl
+	
+	corecmd_dontaudit_exec_all_executables($1)
+	corecmd_exec_bin($1)
+	corecmd_exec_shell($1)
+	corecmd_exec_chroot($1)
+
+	application_exec($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_exec_all'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a domain for applications.
+## </summary>
+## <desc>
+##	<p>
+##	Create a domain for applications.  Typically these are
+##	programs that are run interactively.
+##	</p>
+##	<p>
+##	The types will be made usable as a domain and file, making
+##	calls to domain_type() and files_type() redundant.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used as an application domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+ 	 	define(`application_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_domain'($*)) dnl
+	
+	application_type($1)
+	application_executable_file($2)
+	domain_entry_file($1, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send null signals to all application domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`application_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_signull'($*)) dnl
+	
+	gen_require(`
+		attribute application_domain_type;
+	')
+
+	allow $1 application_domain_type:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send null signals
+##	to all application domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`application_dontaudit_signull',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_dontaudit_signull'($*)) dnl
+	
+	gen_require(`
+		attribute application_domain_type;
+	')
+
+	dontaudit $1 application_domain_type:process signull;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_dontaudit_signull'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send general signals to all application domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`application_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_signal'($*)) dnl
+	
+	gen_require(`
+		attribute application_domain_type;
+	')
+
+	allow $1 application_domain_type:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send general signals
+##	to all application domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`application_dontaudit_signal',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_dontaudit_signal'($*)) dnl
+	
+	gen_require(`
+		attribute application_domain_type;
+	')
+
+	dontaudit $1 application_domain_type:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_dontaudit_signal'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to send kill signals
+##	to all application domains.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`application_dontaudit_sigkill',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `application_dontaudit_sigkill'($*)) dnl
+	
+	gen_require(`
+		attribute application_domain_type;
+	')
+
+	dontaudit $1 application_domain_type:process sigkill;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `application_dontaudit_sigkill'($*)) dnl
+	')
+
+## <summary>Common policy for authentication and user login.</summary>
+
+########################################
+## <summary>
+##	Role access for password authentication.
+## </summary>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_role',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_role'($*)) dnl
+	
+	gen_require(`
+		type chkpwd_t, chkpwd_exec_t, shadow_t;
+	')
+
+	role $1 types chkpwd_t;
+
+	# Transition from the user domain to this domain.
+	domtrans_pattern($2, chkpwd_exec_t, chkpwd_t)
+
+	ps_process_pattern($2, chkpwd_t)
+
+	dontaudit $2 shadow_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_role'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use PAM for authentication.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_use_pam',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_use_pam'($*)) dnl
+	
+
+	# for SSP/ProPolice
+	dev_read_urand($1)
+	# for encrypted homedir
+	dev_read_sysfs($1)
+
+	auth_create_faillog_files($1)
+	auth_domtrans_chk_passwd($1)
+	auth_domtrans_upd_passwd($1)
+	auth_dontaudit_read_shadow($1)
+	auth_rw_lastlog($1)
+	auth_rw_faillog($1)
+	auth_rw_login_records($1)
+	auth_setattr_faillog_files($1)
+	auth_exec_pam($1)
+	auth_use_nsswitch($1)
+
+	logging_send_audit_msgs($1)
+	logging_send_syslog_msg($1)
+
+	optional_policy(`
+		dbus_system_bus_client($1)
+
+		optional_policy(`
+			consolekit_dbus_chat($1)
+		')
+
+		optional_policy(`
+			fprintd_dbus_chat($1)
+		')
+	')
+
+	optional_policy(`
+		kerberos_manage_host_rcache($1)
+		kerberos_read_config($1)
+	')
+
+	optional_policy(`
+		nis_authenticate($1)
+	')
+
+	ifdef(`distro_gentoo',`
+		# pam_unix.so only calls unix_chkpwd if geteuid <> 0 or if SELinux is enabled.
+		# So we need to grant it the proper privileges to check if SELinux is enabled
+		selinux_getattr_fs($1)
+		selinux_get_enforce_mode($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_use_pam'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use the pam module systemd during authentication.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_use_pam_systemd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_use_pam_systemd'($*)) dnl
+	
+	dbus_system_bus_client($1)
+	systemd_dbus_chat_logind($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_use_pam_systemd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use the pam module motd with dynamic support during authentication.
+##	This module comes from Ubuntu (https://bugs.launchpad.net/ubuntu/+source/pam/+bug/399071)
+##	and was added to Debian (https://sources.debian.org/src/pam/1.3.1-5/debian/patches-applied/update-motd/)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_use_pam_motd_dynamic',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_use_pam_motd_dynamic'($*)) dnl
+	
+	gen_require(`
+		type pam_motd_runtime_t;
+	')
+
+	# Allow pam_motd to run /usr/bin/env and /usr/bin/dash to generate
+	# /run/motd.dynamic from motd.dynamic.new.
+	corecmd_exec_bin($1)
+	corecmd_exec_shell($1)
+
+	allow $1 pam_motd_runtime_t:file manage_file_perms;
+	files_pid_filetrans($1, pam_motd_runtime_t, file, "motd.dynamic.new")
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_use_pam_motd_dynamic'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Make the specified domain used for a login program.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain type used for a login program domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_login_pgm_domain',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_login_pgm_domain'($*)) dnl
+	
+	gen_require(`
+		type var_auth_t, auth_cache_t;
+	')
+
+	domain_type($1)
+	domain_subj_id_change_exemption($1)
+	domain_role_change_exemption($1)
+	domain_obj_id_change_exemption($1)
+	role system_r types $1;
+
+	# Needed for pam_selinux_permit to cleanup properly
+	domain_read_all_domains_state($1)
+	domain_kill_all_domains($1)
+
+	# pam_keyring
+	allow $1 self:capability ipc_lock;
+	allow $1 self:process setkeycreate;
+	allow $1 self:key manage_key_perms;
+
+	files_list_var_lib($1)
+	manage_files_pattern($1, var_auth_t, var_auth_t)
+
+	manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
+	manage_files_pattern($1, auth_cache_t, auth_cache_t)
+	manage_sock_files_pattern($1, auth_cache_t, auth_cache_t)
+	files_var_filetrans($1, auth_cache_t, dir)
+
+	# needed for afs - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253321
+	kernel_rw_afs_state($1)
+
+	# for fingerprint readers
+	dev_rw_input_dev($1)
+	dev_rw_generic_usb_dev($1)
+
+	files_read_etc_files($1)
+
+	fs_list_auto_mountpoints($1)
+
+	selinux_get_fs_mount($1)
+	selinux_validate_context($1)
+	selinux_compute_access_vector($1)
+	selinux_compute_create_context($1)
+	selinux_compute_relabel_context($1)
+	selinux_compute_user_contexts($1)
+
+	mls_file_read_all_levels($1)
+	mls_file_write_all_levels($1)
+	mls_file_upgrade($1)
+	mls_file_downgrade($1)
+	mls_process_set_level($1)
+	mls_fd_share_all_levels($1)
+
+	auth_use_pam($1)
+
+	init_rw_utmp($1)
+
+	logging_set_loginuid($1)
+	logging_set_tty_audit($1)
+
+	seutil_read_config($1)
+	seutil_read_default_contexts($1)
+
+	userdom_search_user_runtime($1)
+	userdom_read_user_tmpfs_files($1)
+
+	tunable_policy(`allow_polyinstantiation',`
+		files_polyinstantiate_all($1)
+	')
+
+	optional_policy(`
+		systemd_read_logind_state($1)
+		systemd_write_inherited_logind_sessions_pipes($1)
+		systemd_use_passwd_agent_fds($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_login_pgm_domain'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use the login program as an entry point program.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_login_entry_type',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_login_entry_type'($*)) dnl
+	
+	gen_require(`
+		type login_exec_t;
+	')
+
+	domain_entry_file($1, login_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_login_entry_type'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a login_program in the target domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the login_program process.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_domtrans_login_program',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_domtrans_login_program'($*)) dnl
+	
+	gen_require(`
+		type login_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, login_exec_t, $2)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_domtrans_login_program'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a login_program in the target domain,
+##	with a range transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	The type of the login_program process.
+##	</summary>
+## </param>
+## <param name="range">
+##	<summary>
+##	Range of the login program.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_ranged_domtrans_login_program',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_ranged_domtrans_login_program'($*)) dnl
+	
+	gen_require(`
+		type login_exec_t;
+	')
+
+	auth_domtrans_login_program($1, $2)
+
+	ifdef(`enable_mcs',`
+		range_transition $1 login_exec_t:process $3;
+	')
+
+	ifdef(`enable_mls',`
+		range_transition $1 login_exec_t:process $3;
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_ranged_domtrans_login_program'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search authentication cache
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_search_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_search_cache'($*)) dnl
+	
+	gen_require(`
+		type auth_cache_t;
+	')
+
+	allow $1 auth_cache_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_search_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read authentication cache
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_read_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_read_cache'($*)) dnl
+	
+	gen_require(`
+		type auth_cache_t;
+	')
+
+	read_files_pattern($1, auth_cache_t, auth_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_read_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read/Write authentication cache
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_rw_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_rw_cache'($*)) dnl
+	
+	gen_require(`
+		type auth_cache_t;
+	')
+
+	rw_files_pattern($1, auth_cache_t, auth_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_rw_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage authentication cache
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_manage_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_manage_cache'($*)) dnl
+	
+	gen_require(`
+		type auth_cache_t;
+	')
+
+	manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
+	manage_files_pattern($1, auth_cache_t, auth_cache_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_manage_cache'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Automatic transition from cache_t to cache.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_var_filetrans_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_var_filetrans_cache'($*)) dnl
+	
+	gen_require(`
+		type auth_cache_t;
+	')
+
+	files_var_filetrans($1, auth_cache_t, { file dir } )
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_var_filetrans_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run unix_chkpwd to check a password.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_domtrans_chk_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_domtrans_chk_passwd'($*)) dnl
+	
+	gen_require(`
+		type chkpwd_t, chkpwd_exec_t, shadow_t;
+		type auth_cache_t;
+	')
+
+	allow $1 auth_cache_t:dir search_dir_perms;
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
+
+	dontaudit $1 shadow_t:file read_file_perms;
+
+	dev_read_rand($1)
+	dev_read_urand($1)
+
+	auth_use_nsswitch($1)
+	auth_rw_faillog($1)
+
+	logging_send_audit_msgs($1)
+
+	miscfiles_read_generic_certs($1)
+
+	optional_policy(`
+		kerberos_read_keytab($1)
+	')
+
+	optional_policy(`
+		pcscd_read_pid_files($1)
+		pcscd_stream_connect($1)
+	')
+
+	optional_policy(`
+		samba_stream_connect_winbind($1)
+	')
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_domtrans_chk_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Run unix_chkpwd to check a password.
+## 	Stripped down version to be called within boolean
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_domtrans_chkpwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_domtrans_chkpwd'($*)) dnl
+	
+	gen_require(`
+		type chkpwd_t, chkpwd_exec_t, shadow_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
+	dontaudit $1 shadow_t:file { getattr read };
+	auth_domtrans_upd_passwd($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_domtrans_chkpwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute chkpwd programs in the chkpwd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to allow the chkpwd domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_run_chk_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_run_chk_passwd'($*)) dnl
+	
+	gen_require(`
+		type chkpwd_t;
+	')
+
+	auth_domtrans_chk_passwd($1)
+	role $2 types chkpwd_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_run_chk_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute a domain transition to run unix_update.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+ 	 	define(`auth_domtrans_upd_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_domtrans_upd_passwd'($*)) dnl
+	
+	gen_require(`
+		type updpwd_t, updpwd_exec_t;
+	')
+
+	domtrans_pattern($1, updpwd_exec_t, updpwd_t)
+	auth_dontaudit_read_shadow($1)
+
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_domtrans_upd_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute updpwd programs in the updpwd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to allow the updpwd domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_run_upd_passwd',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_run_upd_passwd'($*)) dnl
+	
+	gen_require(`
+		type updpwd_t;
+	')
+
+	auth_domtrans_upd_passwd($1)
+	role $2 types updpwd_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_run_upd_passwd'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the shadow passwords file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_getattr_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_getattr_shadow'($*)) dnl
+	
+	gen_require(`
+		type shadow_t;
+	')
+
+	files_search_etc($1)
+	allow $1 shadow_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_getattr_shadow'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to get the attributes
+##	of the shadow passwords file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_dontaudit_getattr_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_dontaudit_getattr_shadow'($*)) dnl
+	
+	gen_require(`
+		type shadow_t;
+	')
+
+	dontaudit $1 shadow_t:file getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_dontaudit_getattr_shadow'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the shadow passwords file (/etc/shadow)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: these next three interfaces are split
+# since typeattribute does not work in conditionals
+# yet, otherwise they should be one interface.
+#
+ 	 	define(`auth_read_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_read_shadow'($*)) dnl
+	
+	auth_can_read_shadow_passwords($1)
+	auth_tunable_read_shadow($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_read_shadow'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Pass shadow assertion for reading.
+## </summary>
+## <desc>
+##	<p>
+##	Pass shadow assertion for reading.
+##	This should only be used with
+##	auth_tunable_read_shadow(), and
+##	only exists because typeattribute
+##	does not work in conditionals.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_can_read_shadow_passwords',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_can_read_shadow_passwords'($*)) dnl
+	
+	gen_require(`
+		attribute can_read_shadow_passwords;
+	')
+
+	typeattribute $1 can_read_shadow_passwords;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_can_read_shadow_passwords'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the shadow password file.
+## </summary>
+## <desc>
+##	<p>
+##	Read the shadow password file.  This
+##	should only be used in a conditional;
+##	it does not pass the reading shadow
+##	assertion.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_tunable_read_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_tunable_read_shadow'($*)) dnl
+	
+	gen_require(`
+		type shadow_t;
+	')
+
+	files_list_etc($1)
+	allow $1 shadow_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_tunable_read_shadow'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read the shadow
+##	password file (/etc/shadow).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_dontaudit_read_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_dontaudit_read_shadow'($*)) dnl
+	
+	gen_require(`
+		type shadow_t;
+	')
+
+	dontaudit $1 shadow_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_dontaudit_read_shadow'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the shadow password file (/etc/shadow).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_rw_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_rw_shadow'($*)) dnl
+	
+	gen_require(`
+		attribute can_read_shadow_passwords, can_write_shadow_passwords;
+		type shadow_t;
+	')
+
+	files_list_etc($1)
+	allow $1 shadow_t:file rw_file_perms;
+	typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_rw_shadow'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete the shadow
+##	password file.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_manage_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_manage_shadow'($*)) dnl
+	
+	gen_require(`
+		attribute can_read_shadow_passwords, can_write_shadow_passwords;
+		type shadow_t;
+	')
+
+	allow $1 shadow_t:file manage_file_perms;
+	typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_manage_shadow'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Automatic transition from etc to shadow.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_etc_filetrans_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_etc_filetrans_shadow'($*)) dnl
+	
+	gen_require(`
+		type shadow_t;
+	')
+
+	files_etc_filetrans($1, shadow_t, file)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_etc_filetrans_shadow'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Relabel to the shadow
+##	password file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_relabelto_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_relabelto_shadow'($*)) dnl
+	
+	gen_require(`
+		attribute can_relabelto_shadow_passwords;
+		type shadow_t;
+	')
+
+	files_search_etc($1)
+	allow $1 shadow_t:file relabelto;
+	typeattribute $1 can_relabelto_shadow_passwords;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_relabelto_shadow'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Relabel from and to the shadow
+##	password file type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_relabel_shadow',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_relabel_shadow'($*)) dnl
+	
+	gen_require(`
+		attribute can_relabelto_shadow_passwords;
+		type shadow_t;
+	')
+
+	files_search_etc($1)
+	allow $1 shadow_t:file relabel_file_perms;
+	typeattribute $1 can_relabelto_shadow_passwords;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_relabel_shadow'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Append to the login failure log.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_append_faillog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_append_faillog'($*)) dnl
+	
+	gen_require(`
+		type faillog_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 faillog_t:file append_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_append_faillog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create fail log lock (in /run/faillock).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_create_faillog_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_create_faillog_files'($*)) dnl
+	
+	gen_require(`
+		type faillog_t;
+	')
+
+	create_files_pattern($1, faillog_t, faillog_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_create_faillog_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write the login failure log.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_rw_faillog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_rw_faillog'($*)) dnl
+	
+	gen_require(`
+		type faillog_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 faillog_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_rw_faillog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage the login failure logs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_manage_faillog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_manage_faillog'($*)) dnl
+	
+	gen_require(`
+		type faillog_t;
+	')
+
+	allow $1 faillog_t:file manage_file_perms;
+	logging_rw_generic_log_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_manage_faillog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Setattr the login failure logs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_setattr_faillog_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_setattr_faillog_files'($*)) dnl
+	
+	gen_require(`
+		type faillog_t;
+	')
+
+	setattr_files_pattern($1, faillog_t, faillog_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_setattr_faillog_files'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read the last logins log.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`auth_read_lastlog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_read_lastlog'($*)) dnl
+	
+	gen_require(`
+		type lastlog_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 lastlog_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_read_lastlog'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Append only to the last logins log.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_append_lastlog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_append_lastlog'($*)) dnl
+	
+	gen_require(`
+		type lastlog_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 lastlog_t:file { append_file_perms lock };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_append_lastlog'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	relabel the last logins log.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_relabel_lastlog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_relabel_lastlog'($*)) dnl
+	
+	gen_require(`
+		type lastlog_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 lastlog_t:file { relabelfrom relabelto };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_relabel_lastlog'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Read and write to the last logins log.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_rw_lastlog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_rw_lastlog'($*)) dnl
+	
+	gen_require(`
+		type lastlog_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 lastlog_t:file { rw_file_perms lock setattr };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_rw_lastlog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##     Manage the last logins log.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+ 	 	define(`auth_manage_lastlog',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_manage_lastlog'($*)) dnl
+	
+	gen_require(`
+		type lastlog_t;
+	')
+
+	allow $1 lastlog_t:file manage_file_perms;
+	logging_rw_generic_log_dirs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_manage_lastlog'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pam programs in the pam domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_domtrans_pam',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_domtrans_pam'($*)) dnl
+	
+	gen_require(`
+		type pam_t, pam_exec_t;
+	')
+
+	domtrans_pattern($1, pam_exec_t, pam_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_domtrans_pam'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Send generic signals to pam processes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_signal_pam',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_signal_pam'($*)) dnl
+	
+	gen_require(`
+		type pam_t;
+	')
+
+	allow $1 pam_t:process signal;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_signal_pam'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pam programs in the PAM domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to allow the PAM domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_run_pam',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_run_pam'($*)) dnl
+	
+	gen_require(`
+		type pam_t;
+	')
+
+	auth_domtrans_pam($1)
+	role $2 types pam_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_run_pam'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the pam program.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_exec_pam',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_exec_pam'($*)) dnl
+	
+	gen_require(`
+		type pam_exec_t;
+	')
+
+	can_exec($1, pam_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_exec_pam'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read var auth files. Used by various other applications
+##	and pam applets etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_read_var_auth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_read_var_auth'($*)) dnl
+	
+	gen_require(`
+		type var_auth_t;
+	')
+
+	files_search_var($1)
+	read_files_pattern($1, var_auth_t, var_auth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_read_var_auth'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##  Read and write var auth files. Used by various other applications
+##  and pam applets etc.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+ 	 	define(`auth_rw_var_auth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_rw_var_auth'($*)) dnl
+	
+    gen_require(`
+		type var_auth_t;
+    ')
+
+    files_search_var($1)
+    rw_files_pattern($1, var_auth_t, var_auth_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_rw_var_auth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage var auth files. Used by various other applications
+##	and pam applets etc.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_manage_var_auth',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_manage_var_auth'($*)) dnl
+	
+	gen_require(`
+		type var_auth_t;
+	')
+
+	files_search_var($1)
+	allow $1 var_auth_t:dir manage_dir_perms;
+	allow $1 var_auth_t:file rw_file_perms;
+	allow $1 var_auth_t:lnk_file rw_lnk_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_manage_var_auth'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read PAM PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_read_pam_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_read_pam_pid'($*)) dnl
+	
+	gen_require(`
+		type pam_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 pam_runtime_t:dir list_dir_perms;
+	allow $1 pam_runtime_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_read_pam_pid'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attemps to read PAM PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_dontaudit_read_pam_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_dontaudit_read_pam_pid'($*)) dnl
+	
+	gen_require(`
+		type pam_runtime_t;
+	')
+
+	dontaudit $1 pam_runtime_t:file { getattr read };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_dontaudit_read_pam_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in
+##	pid directories with the pam var
+##      run file type using a
+##      file type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_pid_filetrans_pam_var_run',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_pid_filetrans_pam_var_run'($*)) dnl
+	
+	gen_require(`
+		type pam_runtime_t;
+	')
+
+	files_pid_filetrans($1, pam_runtime_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_pid_filetrans_pam_var_run'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete pam PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_delete_pam_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_delete_pam_pid'($*)) dnl
+	
+	gen_require(`
+		type pam_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 pam_runtime_t:dir del_entry_dir_perms;
+	allow $1 pam_runtime_t:file delete_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_delete_pam_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Manage pam PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_manage_pam_pid',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_manage_pam_pid'($*)) dnl
+	
+	gen_require(`
+		type pam_runtime_t;
+	')
+
+	files_search_pids($1)
+	allow $1 pam_runtime_t:dir manage_dir_perms;
+	allow $1 pam_runtime_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_manage_pam_pid'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute pam_console with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_domtrans_pam_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_domtrans_pam_console'($*)) dnl
+	
+	gen_require(`
+		type pam_console_t, pam_console_exec_t;
+	')
+
+	domtrans_pattern($1, pam_console_exec_t, pam_console_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_domtrans_pam_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the contents of the
+##	pam_console data directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_search_pam_console_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_search_pam_console_data'($*)) dnl
+	
+	gen_require(`
+		type pam_var_console_t;
+	')
+
+	files_search_pids($1)
+	allow $1 pam_var_console_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_search_pam_console_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	List the contents of the pam_console
+##	data directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_list_pam_console_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_list_pam_console_data'($*)) dnl
+	
+	gen_require(`
+		type pam_var_console_t;
+	')
+
+	files_search_pids($1)
+	allow $1 pam_var_console_t:dir list_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_list_pam_console_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create pam var console pid directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_create_pam_console_data_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_create_pam_console_data_dirs'($*)) dnl
+	
+	gen_require(`
+		type pam_var_console_t;
+	')
+
+	files_search_pids($1)
+	allow $1 pam_var_console_t:dir create_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_create_pam_console_data_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel pam_console data directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_relabel_pam_console_data_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_relabel_pam_console_data_dirs'($*)) dnl
+	
+	gen_require(`
+		type pam_var_console_t;
+	')
+
+	relabel_dirs_pattern($1, pam_var_console_t, pam_var_console_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_relabel_pam_console_data_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read pam_console data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_read_pam_console_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_read_pam_console_data'($*)) dnl
+	
+	gen_require(`
+		type pam_var_console_t;
+	')
+
+	files_search_pids($1)
+	allow $1 pam_var_console_t:dir list_dir_perms;
+	allow $1 pam_var_console_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_read_pam_console_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	pam_console data files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_manage_pam_console_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_manage_pam_console_data'($*)) dnl
+	
+	gen_require(`
+		type pam_var_console_t;
+	')
+
+	files_search_pids($1)
+	manage_files_pattern($1, pam_var_console_t, pam_var_console_t)
+	manage_lnk_files_pattern($1, pam_var_console_t, pam_var_console_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_manage_pam_console_data'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Delete pam_console data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_delete_pam_console_data',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_delete_pam_console_data'($*)) dnl
+	
+	gen_require(`
+		type pam_var_console_t;
+	')
+
+	files_search_var($1)
+	files_search_pids($1)
+	delete_files_pattern($1, pam_var_console_t, pam_var_console_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_delete_pam_console_data'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create specified objects in
+##	pid directories with the pam var
+##      console pid file type using a
+##      file type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="object_class">
+##	<summary>
+##	Class of the object being created.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_pid_filetrans_pam_var_console',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_pid_filetrans_pam_var_console'($*)) dnl
+	
+	gen_require(`
+		type pam_var_console_t;
+	')
+
+	files_pid_filetrans($1, pam_var_console_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_pid_filetrans_pam_var_console'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute utempter programs in the utempter domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_domtrans_utempter',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_domtrans_utempter'($*)) dnl
+	
+	gen_require(`
+		type utempter_t, utempter_exec_t;
+	')
+
+	domtrans_pattern($1, utempter_exec_t, utempter_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_domtrans_utempter'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute utempter programs in the utempter domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to allow the utempter domain.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_run_utempter',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_run_utempter'($*)) dnl
+	
+	gen_require(`
+		type utempter_t;
+	')
+
+	auth_domtrans_utempter($1)
+	role $2 types utempter_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_run_utempter'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Do not audit attemps to execute utempter executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_dontaudit_exec_utempter',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_dontaudit_exec_utempter'($*)) dnl
+	
+	gen_require(`
+		type utempter_exec_t;
+	')
+
+	dontaudit $1 utempter_exec_t:file { execute execute_no_trans };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_dontaudit_exec_utempter'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Set the attributes of login record files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_setattr_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_setattr_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	allow $1 wtmp_t:file setattr;
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_setattr_login_records'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read login records files (/var/log/wtmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`auth_read_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_read_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 wtmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_read_login_records'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to read login records
+##	files (/var/log/wtmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`auth_dontaudit_read_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_dontaudit_read_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	dontaudit $1 wtmp_t:file read_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_dontaudit_read_login_records'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write to
+##	login records files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_dontaudit_write_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_dontaudit_write_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	dontaudit $1 wtmp_t:file write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_dontaudit_write_login_records'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Append to login records (wtmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_append_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_append_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	allow $1 wtmp_t:file append_file_perms;
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_append_login_records'($*)) dnl
+	')
+
+
+#######################################
+## <summary>
+##	Write to login records (wtmp).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_write_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_write_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	allow $1 wtmp_t:file { write_file_perms lock };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_write_login_records'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read and write login records.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_rw_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_rw_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	allow $1 wtmp_t:file rw_file_perms;
+	logging_search_logs($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_rw_login_records'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create a login records in the log directory
+##	using a type transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_log_filetrans_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_log_filetrans_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	logging_log_filetrans($1, wtmp_t, file)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_log_filetrans_login_records'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete login
+##	records files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_manage_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_manage_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	logging_rw_generic_log_dirs($1)
+	allow $1 wtmp_t:file manage_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_manage_login_records'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel login record files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_relabel_login_records',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_relabel_login_records'($*)) dnl
+	
+	gen_require(`
+		type wtmp_t;
+	')
+
+	allow $1 wtmp_t:file relabel_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_relabel_login_records'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use nsswitch to look up user, password, group, or
+##	host information.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to look up user, password,
+##	group, or host information using the name service.
+##	The most common use of this interface is for services
+##	that do host name resolution (usually DNS resolution).
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+ 	 	define(`auth_use_nsswitch',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_use_nsswitch'($*)) dnl
+	
+	gen_require(`
+		attribute nsswitch_domain;
+	')
+
+	typeattribute $1 nsswitch_domain;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_use_nsswitch'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Unconfined access to the authlogin module.
+## </summary>
+## <desc>
+##	<p>
+##	Unconfined access to the authlogin module.
+##	</p>
+##	<p>
+##	Currently, this only allows assertions for
+##	the shadow passwords file (/etc/shadow) to
+##	be passed.  No access is granted yet.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`auth_unconfined',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `auth_unconfined'($*)) dnl
+	
+	gen_require(`
+		attribute can_read_shadow_passwords;
+		attribute can_write_shadow_passwords;
+		attribute can_relabelto_shadow_passwords;
+	')
+
+	typeattribute $1 can_read_shadow_passwords;
+	typeattribute $1 can_write_shadow_passwords;
+	typeattribute $1 can_relabelto_shadow_passwords;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `auth_unconfined'($*)) dnl
+	')
+
+## <summary>
+## Policy for hotplug system, for supporting the
+## connection and disconnection of devices at runtime.
+## </summary>
+
+########################################
+## <summary>
+##	Execute hotplug with a domain transition.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`hotplug_domtrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hotplug_domtrans'($*)) dnl
+	
+	gen_require(`
+		type hotplug_t, hotplug_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, hotplug_exec_t, hotplug_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hotplug_domtrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute hotplug in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hotplug_exec',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hotplug_exec'($*)) dnl
+	
+	gen_require(`
+		type hotplug_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, hotplug_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hotplug_exec'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Inherit and use hotplug file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hotplug_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hotplug_use_fds'($*)) dnl
+	
+	gen_require(`
+		type hotplug_t;
+	')
+
+	allow $1 hotplug_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hotplug_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to inherit
+##	hotplug file descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`hotplug_dontaudit_use_fds',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hotplug_dontaudit_use_fds'($*)) dnl
+	
+	gen_require(`
+		type hotplug_t;
+	')
+
+	dontaudit $1 hotplug_t:fd use;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hotplug_dontaudit_use_fds'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to search the
+##	hotplug configuration directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`hotplug_dontaudit_search_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hotplug_dontaudit_search_config'($*)) dnl
+	
+	gen_require(`
+		type hotplug_etc_t;
+	')
+
+	dontaudit $1 hotplug_etc_t:dir search;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hotplug_dontaudit_search_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Get the attributes of the hotplug configuration directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hotplug_getattr_config_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hotplug_getattr_config_dirs'($*)) dnl
+	
+	gen_require(`
+		type hotplug_etc_t;
+	')
+
+	allow $1 hotplug_etc_t:dir getattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hotplug_getattr_config_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the hotplug configuration directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hotplug_search_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hotplug_search_config'($*)) dnl
+	
+	gen_require(`
+		type hotplug_etc_t;
+	')
+
+	allow $1 hotplug_etc_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hotplug_search_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read the configuration files for hotplug.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`hotplug_read_config',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hotplug_read_config'($*)) dnl
+	
+	gen_require(`
+		type hotplug_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 hotplug_etc_t:dir list_dir_perms;
+	read_files_pattern($1, hotplug_etc_t, hotplug_etc_t)
+	read_lnk_files_pattern($1, hotplug_etc_t, hotplug_etc_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hotplug_read_config'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search the hotplug PIDs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`hotplug_search_pids',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `hotplug_search_pids'($*)) dnl
+	
+	gen_require(`
+		type hotplug_runtime_t;
+	')
+
+	allow $1 hotplug_runtime_t:dir search_dir_perms;
+	files_search_pids($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `hotplug_search_pids'($*)) dnl
+	')
+
+## <summary>Policy for system libraries.</summary>
+
+########################################
+## <summary>
+##	Execute ldconfig in the ldconfig domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_domtrans_ldconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_domtrans_ldconfig'($*)) dnl
+	
+	gen_require(`
+		type ldconfig_t, ldconfig_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ldconfig_exec_t, ldconfig_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_domtrans_ldconfig'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ldconfig in the ldconfig domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to allow the ldconfig domain.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`libs_run_ldconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_run_ldconfig'($*)) dnl
+	
+	gen_require(`
+		type ldconfig_t;
+	')
+
+	libs_domtrans_ldconfig($1)
+	role $2 types ldconfig_t;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_run_ldconfig'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute ldconfig in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+## 	</summary>
+## </param>
+## <rolecap/>
+#
+ 	 	define(`libs_exec_ldconfig',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_exec_ldconfig'($*)) dnl
+	
+	gen_require(`
+		type ldconfig_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, ldconfig_exec_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_exec_ldconfig'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use the dynamic link/loader for automatic loading
+##	of shared libraries.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_use_ld_so',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_use_ld_so'($*)) dnl
+	
+	gen_require(`
+		type lib_t, ld_so_t, ld_so_cache_t;
+	')
+
+	files_list_etc($1)
+	allow $1 lib_t:dir list_dir_perms;
+
+	read_lnk_files_pattern($1, lib_t, { lib_t ld_so_t })
+	mmap_exec_files_pattern($1, lib_t, ld_so_t)
+
+	allow $1 ld_so_cache_t:file { map read_file_perms };
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_use_ld_so'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Use the dynamic link/loader for automatic loading
+##	of shared libraries with legacy support.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_legacy_use_ld_so',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_legacy_use_ld_so'($*)) dnl
+	
+	gen_require(`
+		type ld_so_t, ld_so_cache_t;
+	')
+
+	libs_use_ld_so($1)
+	allow $1 ld_so_t:file execmod;
+	allow $1 ld_so_cache_t:file execute;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_legacy_use_ld_so'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute the dynamic link/loader in the caller's domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_exec_ld_so',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_exec_ld_so'($*)) dnl
+	
+	gen_require(`
+		type lib_t, ld_so_t;
+	')
+
+	allow $1 lib_t:dir list_dir_perms;
+	read_lnk_files_pattern($1, lib_t, { lib_t ld_so_t })
+	exec_files_pattern($1, lib_t, ld_so_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_exec_ld_so'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete the
+##	dynamic link/loader.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`libs_manage_ld_so',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_manage_ld_so'($*)) dnl
+	
+	gen_require(`
+		type lib_t, ld_so_t;
+	')
+
+	manage_files_pattern($1, lib_t, ld_so_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_manage_ld_so'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from the type used for
+##	the dynamic link/loader.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`libs_relabel_ld_so',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_relabel_ld_so'($*)) dnl
+	
+	gen_require(`
+		type lib_t, ld_so_t;
+	')
+
+	relabel_files_pattern($1, lib_t, ld_so_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_relabel_ld_so'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Modify the dynamic link/loader's cached listing
+##	of shared libraries.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_rw_ld_so_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_rw_ld_so_cache'($*)) dnl
+	
+	gen_require(`
+		type ld_so_cache_t;
+	')
+
+	files_list_etc($1)
+	allow $1 ld_so_cache_t:file rw_file_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_rw_ld_so_cache'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Search library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_search_lib',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_search_lib'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	allow $1 lib_t:dir search_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_search_lib'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Do not audit attempts to write to library directories.
+## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to write to library directories.
+##	Typically this is used to quiet attempts to recompile
+##	python byte code.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_dontaudit_write_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_dontaudit_write_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	dontaudit $1 lib_t:dir write;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_dontaudit_write_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_manage_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_manage_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	allow $1 lib_t:dir manage_dir_perms;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_manage_lib_dirs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	dontaudit attempts to setattr on library files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_dontaudit_setattr_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_dontaudit_setattr_lib_files'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	dontaudit $1 lib_t:file setattr;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_dontaudit_setattr_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Read files in the library directories, such
+##	as static libraries.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_read_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_read_lib_files'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	files_list_usr($1)
+	list_dirs_pattern($1, lib_t, lib_t)
+	read_files_pattern($1, lib_t, lib_t)
+	read_lnk_files_pattern($1, lib_t, lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_read_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Execute library scripts in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_exec_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_exec_lib_files'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	files_search_usr($1)
+	allow $1 lib_t:dir list_dir_perms;
+	read_lnk_files_pattern($1, lib_t, lib_t)
+	exec_files_pattern($1, lib_t, lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_exec_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete generic
+##	files in library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`libs_manage_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_manage_lib_files'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	manage_files_pattern($1, lib_t, lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_manage_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel files to the type used in library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_relabelto_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_relabelto_lib_files'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	relabelto_files_pattern($1, lib_t, lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_relabelto_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from the type used
+##	for generic lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`libs_relabel_lib_files',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_relabel_lib_files'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	relabel_files_pattern($1, lib_t, lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_relabel_lib_files'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Delete generic symlinks in library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`libs_delete_lib_symlinks',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_delete_lib_symlinks'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	delete_lnk_files_pattern($1, lib_t, lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_delete_lib_symlinks'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Create, read, write, and delete shared libraries.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`libs_manage_shared_libs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_manage_shared_libs'($*)) dnl
+	
+	gen_require(`
+		type lib_t, textrel_shlib_t;
+	')
+
+	manage_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_manage_shared_libs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Load and execute functions from shared libraries.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_use_shared_libs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_use_shared_libs'($*)) dnl
+	
+	gen_require(`
+		type lib_t, textrel_shlib_t;
+	')
+
+	files_search_usr($1)
+	allow $1 lib_t:dir list_dir_perms;
+	read_lnk_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
+	mmap_exec_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
+	allow $1 textrel_shlib_t:file execmod;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_use_shared_libs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Load and execute functions from shared libraries,
+##	with legacy support.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_legacy_use_shared_libs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_legacy_use_shared_libs'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	libs_use_shared_libs($1)
+	allow $1 lib_t:file execmod;
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_legacy_use_shared_libs'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from the type used for
+##	shared libraries.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+# cjp: added for prelink
+ 	 	define(`libs_relabel_shared_libs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_relabel_shared_libs'($*)) dnl
+	
+	gen_require(`
+		type lib_t, textrel_shlib_t;
+	')
+
+	relabel_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_relabel_shared_libs'($*)) dnl
+	')
+
+
+# This is gentoo specific but cannot use ifdef distro_gentoo here
+
+########################################
+## <summary>
+##	Create an object in etc with a type transition to
+##	the ld_so_cache_t type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Class of the resource for which a type transition occurs.
+##	This is usually file as ld_so_cache is currently not used
+##	for any other resources.
+##	</summary>
+## </param>
+## <param name="filename" optional="true">
+##	<summary>
+##	Name of the resource created for which a type transition occurs
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_generic_etc_filetrans_ld_so_cache',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_generic_etc_filetrans_ld_so_cache'($*)) dnl
+	
+	gen_require(`
+		type ld_so_cache_t;
+	')
+
+	files_etc_filetrans($1, ld_so_cache_t, $2, $3)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_generic_etc_filetrans_ld_so_cache'($*)) dnl
+	')
+
+
+##########################################
+## <summary>
+##	Create an object in the generic lib location with a type transition
+##	to the provided type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="target">
+##	<summary>
+##	Target domain towards which a type transition should occur
+##	</summary>
+## </param>
+## <param name="class">
+##	<summary>
+##	Class of the resource for which a type transition occurs.
+##	</summary>
+## </param>
+## <param name="filetrans" optional="true">
+##	<summary>
+##	Name of the resource created for which a type transition should occur
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_lib_filetrans',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_lib_filetrans'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	filetrans_pattern($1, lib_t, $2, $3, $4)
+
+	libs_search_lib($1)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_lib_filetrans'($*)) dnl
+	')
+
+
+########################################
+## <summary>
+##	Relabel to and from the type used
+##	for generic lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ 	 	define(`libs_relabel_lib_dirs',` dnl
+	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
+	policy_m4_comment(policy_call_depth,begin `libs_relabel_lib_dirs'($*)) dnl
+	
+	gen_require(`
+		type lib_t;
+	')
+
+	relabel_dirs_pattern($1, lib_t, lib_t)
+
+	popdef(`policy_call_depth') dnl
+	policy_m4_comment(policy_call_depth,end `libs_relabel_lib_dirs'($*)) dnl
+	')
+
+
+## <summary></summary>
+
+divert
diff --git a/sec-policy/selinux-feffe-policies/files/tmp/feffe.tmp b/sec-policy/selinux-feffe-policies/files/tmp/feffe.tmp
new file mode 100644
index 0000000..d4bbaa0
--- /dev/null
+++ b/sec-policy/selinux-feffe-policies/files/tmp/feffe.tmp
@@ -0,0 +1,5160 @@
+#line 1 "/usr/share/selinux/mcs/include/support/file_patterns.spt"
+#
+# Directory patterns (dir)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. directory type
+#
+#line 12
+
+
+#line 17
+
+
+#line 22
+
+
+#line 27
+
+
+#line 32
+
+
+#line 37
+
+
+#line 42
+
+
+#line 47
+
+
+#line 52
+
+
+#line 57
+
+
+#line 62
+
+
+#line 67
+
+
+#line 72
+
+
+#line 77
+
+
+#
+# Regular file patterns (file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+#line 90
+
+
+#line 95
+
+
+#line 100
+
+
+#line 105
+
+
+#line 112
+
+
+#line 117
+
+
+#line 122
+
+
+#line 127
+
+
+#line 132
+
+
+#line 137
+
+
+#line 142
+
+
+#line 147
+
+
+#line 152
+
+
+#line 157
+
+
+#line 162
+
+
+#line 167
+
+
+#line 172
+
+
+#line 177
+
+
+#
+# Symbolic link patterns (lnk_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+#line 190
+
+
+#line 195
+
+
+#line 200
+
+
+#line 205
+
+
+#line 210
+
+
+#line 215
+
+
+#line 220
+
+
+#line 225
+
+
+#line 230
+
+
+#line 235
+
+
+#line 240
+
+
+#line 245
+
+
+#line 250
+
+
+#
+# (Un)named Pipes/FIFO patterns (fifo_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+#line 263
+
+
+#line 268
+
+
+#line 273
+
+
+#line 278
+
+
+#line 283
+
+
+#line 288
+
+
+#line 293
+
+
+#line 298
+
+
+#line 303
+
+
+#line 308
+
+
+#line 313
+
+
+#line 318
+
+
+#line 323
+
+
+#
+# (Un)named sockets patterns (sock_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+#line 336
+
+
+#line 341
+
+
+#line 346
+
+
+#line 351
+
+
+#line 356
+
+
+#line 361
+
+
+#line 366
+
+
+#line 371
+
+
+#line 376
+
+
+#line 381
+
+
+#line 386
+
+
+#line 391
+
+
+#
+# Block device node patterns (blk_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+#line 404
+
+
+#line 409
+
+
+#line 414
+
+
+#line 419
+
+
+#line 424
+
+
+#line 429
+
+
+#line 435
+
+
+#line 440
+
+
+#line 445
+
+
+#line 451
+
+
+#line 456
+
+
+#line 461
+
+
+#line 466
+
+
+#
+# Character device node patterns (chr_file)
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. file type
+#
+#line 479
+
+
+#line 484
+
+
+#line 489
+
+
+#line 494
+
+
+#line 499
+
+
+#line 504
+
+
+#line 510
+
+
+#line 515
+
+
+#line 520
+
+
+#line 526
+
+
+#line 531
+
+
+#line 536
+
+
+#line 541
+
+
+#
+# File type_transition patterns
+#
+# Parameters:
+# 1. domain type
+# 2. container (directory) type
+# 3. new object type
+# 4. object class(es)
+# [optional] 5. filename (c style strcmp ready)
+#
+
+# do not grant $2:dir remove_name
+#line 558
+
+
+#line 563
+
+
+#
+# Admin pattern for file_type
+#
+# Parameters:
+# 1. domain type
+# 2. source object type
+#
+#line 584
+
+#line 1 "/usr/share/selinux/mcs/include/support/ipc_patterns.spt"
+#
+# unix domain socket patterns
+#
+# Parameters:
+# 1. source domain type
+# 2. container (directory) type
+# 3. socket type
+# 4. target domain type
+#
+#line 14
+
+
+#line 20
+
+#line 1 "/usr/share/selinux/mcs/include/support/obj_perm_sets.spt"
+########################################
+#
+# Support macros for sets of object classes and permissions
+#
+# This file should only have object class and permission set macros - they
+# can only reference object classes and/or permissions.
+
+
+########################################
+#
+# Macros for sets of classes
+#
+
+#
+# All directory and file classes
+#
+
+
+#
+# All non-directory file classes.
+#
+
+
+#
+# Non-device file classes.
+#
+
+
+#
+# Device file classes.
+#
+
+
+#
+# All socket classes.
+#
+
+
+#
+# Datagram socket classes.
+#
+
+
+#
+# Stream socket classes.
+#
+
+
+#
+# Unprivileged socket classes (exclude rawip, netlink, packet).
+#
+
+
+
+########################################
+#
+# Macros for sets of permissions
+#
+
+#
+# Permissions to mount and unmount file systems.
+#
+
+
+#
+# Permissions for using sockets.
+#
+
+
+#
+# Permissions for creating and using sockets.
+#
+
+
+#
+# Permissions for using stream sockets.
+#
+
+
+#
+# Permissions for creating and using stream sockets.
+#
+
+
+#
+# Permissions for creating and using sockets.
+#
+
+
+#
+# Permissions for creating and using sockets.
+#
+
+
+#
+# Permissions for creating and using netlink sockets.
+#
+
+
+#
+# Permissions for using netlink sockets for operations that modify state.
+#
+
+
+#
+# Permissions for using netlink sockets for operations that observe state.
+#
+
+
+#
+# Permissions for sending all signals.
+#
+
+
+#
+# Permissions for using System V IPC
+#
+
+
+
+
+
+
+
+
+
+
+#
+# Directory (dir)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Regular file (file)
+#
+
+
+
+
+# deprecated 20171213
+#line 157
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Symbolic link (lnk_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# (Un)named Pipes/FIFOs (fifo_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# (Un)named Sockets (sock_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Block device nodes (blk_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Character device nodes (chr_file)
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+########################################
+#
+# Special permission sets
+#
+
+#
+# Use (read and write) terminals
+#
+
+
+
+#
+# Sockets
+#
+
+
+
+#
+# Keys
+#
+
+#line 1 "/usr/share/selinux/mcs/include/support/misc_patterns.spt"
+#
+# Common domain transition pattern perms
+#
+# Parameters:
+# 1. source domain
+# 2. entry point file type
+# 3. target domain
+#
+#line 13
+
+
+# compatibility: Deprecated (20161201)
+#line 19
+
+
+
+#
+# Specified domain transition patterns
+#
+# Parameters:
+# 1. source domain
+# 2. entry point file type
+# 3. target domain
+#
+#line 37
+
+
+#
+# Automatic domain transition patterns
+#
+# Parameters:
+# 1. source domain
+# 2. entry point file type
+# 3. target domain
+#
+#line 50
+
+
+# compatibility: Deprecated (20161201)
+#line 56
+
+
+#
+# Automatic domain transition patterns
+# with feedback permissions
+#
+# Parameters:
+# 1. source domain
+# 2. entry point file type
+# 3. target domain
+#
+#line 73
+
+
+#
+# Dynamic transition pattern
+#
+# Parameters:
+# 1. source domain
+# 2. target domain
+#
+#line 86
+
+
+#
+# Read foreign domain proc data
+#
+# Parameters:
+# 1. source domain
+# 2. target domain
+#
+#line 100
+
+
+#
+# Process administration pattern
+#
+# Parameters:
+# 1. source domain
+# 2. target domain
+#
+#line 113
+
+#line 1 "/usr/share/selinux/mcs/include/support/misc_macros.spt"
+
+########################################
+#
+# Helper macros
+#
+
+#
+# shiftn(num,list...)
+#
+# shift the list num times
+#
+
+
+#
+# ifndef(expr,true_block,false_block)
+#
+# m4 does not have this.
+#
+
+
+#
+# __endline__
+#
+# dummy macro to insert a newline.  used for
+# errprint, so the close parentheses can be
+# indented correctly.
+#
+#line 29
+
+
+########################################
+#
+# refpolwarn(message)
+#
+# print a warning message
+#
+
+
+########################################
+#
+# refpolerr(message)
+#
+# print an error message.
+#
+
+
+########################################
+#
+# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_categories])
+#
+#line 57
+
+
+########################################
+#
+# gen_context(context,mls_sensitivity,[mcs_categories])
+#
+#line 64
+
+########################################
+#
+# can_exec(domain,executable)
+#
+
+
+########################################
+#
+# gen_bool(name,default_value)
+#
+#line 77
+
+#line 1 "/usr/share/selinux/mcs/include/support/all_perms.spt"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#line 228
+
+
+#line 266
+
+#line 1 "/usr/share/selinux/mcs/include/support/mls_mcs_macros.spt"
+########################################
+#
+# gen_cats(N)
+#
+# declares categores c0 to c(N-1)
+#
+#line 10
+
+
+
+
+########################################
+#
+# gen_sens(N)
+#
+# declares sensitivites s0 to s(N-1) with dominance
+# in increasing numeric order with s0 lowest, s(N-1) highest
+#
+#line 24
+
+
+
+
+#line 34
+
+
+########################################
+#
+# gen_levels(N,M)
+#
+# levels from s0 to (N-1) with categories c0 to (M-1)
+#
+#line 45
+
+
+
+
+########################################
+#
+# Basic level names for system low and high
+#
+
+
+
+
+
+#line 1 "/usr/share/selinux/mcs/include/support/loadable_module.spt"
+########################################
+#
+# Macros for switching between source policy
+# and loadable policy module support
+#
+
+##############################
+#
+# For adding the module statement
+#
+#line 30
+
+
+##############################
+#
+# For use in interfaces, to optionally insert a require block
+#
+#line 48
+
+
+# helper function, since m4 wont expand macros
+# if a line is a comment (#):
+#line 55
+
+##############################
+#
+# In the future interfaces should be in loadable modules
+#
+# template(name,rules)
+#
+#line 71
+
+
+##############################
+#
+# In the future interfaces should be in loadable modules
+#
+# interface(name,rules)
+#
+#line 88
+
+
+
+
+##############################
+#
+# Optional policy handling
+#
+#line 102
+
+
+##############################
+#
+# Determine if we should use the default
+# tunable value as specified by the policy
+# or if the override value should be used
+#
+
+
+##############################
+#
+# Extract booleans out of an expression.
+# This needs to be reworked so expressions
+# with parentheses can work.
+
+#line 123
+
+
+##############################
+#
+# Tunable declaration
+#
+#line 131
+
+
+##############################
+#
+# Tunable policy handling
+#
+#line 146
+
+#line 285730 "tmp/all_interfaces.conf"
+
+#line 1 "feffe.te"
+
+#line 1
+	
+#line 1
+		module feffe 1.0;
+#line 1
+
+#line 1
+		require {
+#line 1
+			role system_r;
+#line 1
+			
+#line 1
+	class security { compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy validate_trans };
+#line 1
+	class process { fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate getrlimit };
+#line 1
+	class system { ipc_info syslog_read syslog_mod syslog_console module_request module_load halt reboot status start stop enable disable reload };
+#line 1
+	class capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
+#line 1
+	class filesystem { mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget watch };
+#line 1
+	class file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint };
+#line 1
+	class dir { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir };
+#line 1
+	class fd { use };
+#line 1
+	class lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads };
+#line 1
+	class chr_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads };
+#line 1
+	class blk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads };
+#line 1
+	class sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads };
+#line 1
+	class fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads };
+#line 1
+	class socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class tcp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect };
+#line 1
+	class udp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind };
+#line 1
+	class rawip_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind };
+#line 1
+	class node { recvfrom sendto };
+#line 1
+	class netif { ingress egress };
+#line 1
+	class netlink_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class packet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class key_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class unix_stream_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto };
+#line 1
+	class unix_dgram_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class sem { create destroy getattr setattr read write associate unix_read unix_write };
+#line 1
+	class msg { send receive };
+#line 1
+	class msgq { create destroy getattr setattr read write associate unix_read unix_write enqueue };
+#line 1
+	class shm { create destroy getattr setattr read write associate unix_read unix_write lock };
+#line 1
+	class ipc { create destroy getattr setattr read write associate unix_read unix_write };
+#line 1
+	class netlink_route_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write };
+#line 1
+	class obsolete_netlink_firewall_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write };
+#line 1
+	class netlink_tcpdiag_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write };
+#line 1
+	class netlink_nflog_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netlink_xfrm_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write };
+#line 1
+	class netlink_selinux_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netlink_audit_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit };
+#line 1
+	class obsolete_netlink_ip6fw_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write };
+#line 1
+	class netlink_dnrt_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class association { sendto recvfrom setcontext polmatch };
+#line 1
+	class netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class appletalk_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class packet { send recv relabelto forward_in forward_out };
+#line 1
+	class key { view read write search link setattr create };
+#line 1
+	class dccp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect };
+#line 1
+	class memprotect { mmap_zero };
+#line 1
+	class peer { recv };
+#line 1
+	class capability2 { mac_override mac_admin syslog wake_alarm block_suspend audit_read };
+#line 1
+	class kernel_service { use_as_override create_files_as };
+#line 1
+	class tun_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue };
+#line 1
+	class binder { impersonate call set_context_mgr transfer };
+#line 1
+	class netlink_iscsi_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netlink_fib_lookup_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netlink_connector_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netlink_netfilter_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netlink_generic_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netlink_scsitransport_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netlink_rdma_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netlink_crypto_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class infiniband_pkey { access };
+#line 1
+	class infiniband_endport { manage_subnet };
+#line 1
+	class cap_userns { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
+#line 1
+	class cap2_userns { mac_override mac_admin syslog wake_alarm block_suspend audit_read };
+#line 1
+	class sctp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association };
+#line 1
+	class icmp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind };
+#line 1
+	class ax25_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class ipx_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class netrom_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class atmpvc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class x25_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class rose_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class decnet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class atmsvc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class rds_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class irda_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class pppox_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class llc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class can_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class tipc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class bluetooth_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class iucv_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class rxrpc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class isdn_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class phonet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class ieee802154_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class caif_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class alg_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class nfc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class vsock_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class kcm_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class qipcrtr_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class smc_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class process2 { nnp_transition nosuid_transition };
+#line 1
+	class bpf { map_create map_read map_write prog_load prog_run };
+#line 1
+	class xdp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+#line 1
+	class perf_event { open cpu kernel tracepoint read write };
+#line 1
+
+#line 1
+
+#line 1
+			
+#line 1
+				sensitivity s0;
+#line 1
+
+#line 1
+				category c0;
+#line 1
+category c1;
+#line 1
+category c2;
+#line 1
+category c3;
+#line 1
+category c4;
+#line 1
+category c5;
+#line 1
+category c6;
+#line 1
+category c7;
+#line 1
+category c8;
+#line 1
+category c9;
+#line 1
+category c10;
+#line 1
+category c11;
+#line 1
+category c12;
+#line 1
+category c13;
+#line 1
+category c14;
+#line 1
+category c15;
+#line 1
+category c16;
+#line 1
+category c17;
+#line 1
+category c18;
+#line 1
+category c19;
+#line 1
+category c20;
+#line 1
+category c21;
+#line 1
+category c22;
+#line 1
+category c23;
+#line 1
+category c24;
+#line 1
+category c25;
+#line 1
+category c26;
+#line 1
+category c27;
+#line 1
+category c28;
+#line 1
+category c29;
+#line 1
+category c30;
+#line 1
+category c31;
+#line 1
+category c32;
+#line 1
+category c33;
+#line 1
+category c34;
+#line 1
+category c35;
+#line 1
+category c36;
+#line 1
+category c37;
+#line 1
+category c38;
+#line 1
+category c39;
+#line 1
+category c40;
+#line 1
+category c41;
+#line 1
+category c42;
+#line 1
+category c43;
+#line 1
+category c44;
+#line 1
+category c45;
+#line 1
+category c46;
+#line 1
+category c47;
+#line 1
+category c48;
+#line 1
+category c49;
+#line 1
+category c50;
+#line 1
+category c51;
+#line 1
+category c52;
+#line 1
+category c53;
+#line 1
+category c54;
+#line 1
+category c55;
+#line 1
+category c56;
+#line 1
+category c57;
+#line 1
+category c58;
+#line 1
+category c59;
+#line 1
+category c60;
+#line 1
+category c61;
+#line 1
+category c62;
+#line 1
+category c63;
+#line 1
+category c64;
+#line 1
+category c65;
+#line 1
+category c66;
+#line 1
+category c67;
+#line 1
+category c68;
+#line 1
+category c69;
+#line 1
+category c70;
+#line 1
+category c71;
+#line 1
+category c72;
+#line 1
+category c73;
+#line 1
+category c74;
+#line 1
+category c75;
+#line 1
+category c76;
+#line 1
+category c77;
+#line 1
+category c78;
+#line 1
+category c79;
+#line 1
+category c80;
+#line 1
+category c81;
+#line 1
+category c82;
+#line 1
+category c83;
+#line 1
+category c84;
+#line 1
+category c85;
+#line 1
+category c86;
+#line 1
+category c87;
+#line 1
+category c88;
+#line 1
+category c89;
+#line 1
+category c90;
+#line 1
+category c91;
+#line 1
+category c92;
+#line 1
+category c93;
+#line 1
+category c94;
+#line 1
+category c95;
+#line 1
+category c96;
+#line 1
+category c97;
+#line 1
+category c98;
+#line 1
+category c99;
+#line 1
+category c100;
+#line 1
+category c101;
+#line 1
+category c102;
+#line 1
+category c103;
+#line 1
+category c104;
+#line 1
+category c105;
+#line 1
+category c106;
+#line 1
+category c107;
+#line 1
+category c108;
+#line 1
+category c109;
+#line 1
+category c110;
+#line 1
+category c111;
+#line 1
+category c112;
+#line 1
+category c113;
+#line 1
+category c114;
+#line 1
+category c115;
+#line 1
+category c116;
+#line 1
+category c117;
+#line 1
+category c118;
+#line 1
+category c119;
+#line 1
+category c120;
+#line 1
+category c121;
+#line 1
+category c122;
+#line 1
+category c123;
+#line 1
+category c124;
+#line 1
+category c125;
+#line 1
+category c126;
+#line 1
+category c127;
+#line 1
+category c128;
+#line 1
+category c129;
+#line 1
+category c130;
+#line 1
+category c131;
+#line 1
+category c132;
+#line 1
+category c133;
+#line 1
+category c134;
+#line 1
+category c135;
+#line 1
+category c136;
+#line 1
+category c137;
+#line 1
+category c138;
+#line 1
+category c139;
+#line 1
+category c140;
+#line 1
+category c141;
+#line 1
+category c142;
+#line 1
+category c143;
+#line 1
+category c144;
+#line 1
+category c145;
+#line 1
+category c146;
+#line 1
+category c147;
+#line 1
+category c148;
+#line 1
+category c149;
+#line 1
+category c150;
+#line 1
+category c151;
+#line 1
+category c152;
+#line 1
+category c153;
+#line 1
+category c154;
+#line 1
+category c155;
+#line 1
+category c156;
+#line 1
+category c157;
+#line 1
+category c158;
+#line 1
+category c159;
+#line 1
+category c160;
+#line 1
+category c161;
+#line 1
+category c162;
+#line 1
+category c163;
+#line 1
+category c164;
+#line 1
+category c165;
+#line 1
+category c166;
+#line 1
+category c167;
+#line 1
+category c168;
+#line 1
+category c169;
+#line 1
+category c170;
+#line 1
+category c171;
+#line 1
+category c172;
+#line 1
+category c173;
+#line 1
+category c174;
+#line 1
+category c175;
+#line 1
+category c176;
+#line 1
+category c177;
+#line 1
+category c178;
+#line 1
+category c179;
+#line 1
+category c180;
+#line 1
+category c181;
+#line 1
+category c182;
+#line 1
+category c183;
+#line 1
+category c184;
+#line 1
+category c185;
+#line 1
+category c186;
+#line 1
+category c187;
+#line 1
+category c188;
+#line 1
+category c189;
+#line 1
+category c190;
+#line 1
+category c191;
+#line 1
+category c192;
+#line 1
+category c193;
+#line 1
+category c194;
+#line 1
+category c195;
+#line 1
+category c196;
+#line 1
+category c197;
+#line 1
+category c198;
+#line 1
+category c199;
+#line 1
+category c200;
+#line 1
+category c201;
+#line 1
+category c202;
+#line 1
+category c203;
+#line 1
+category c204;
+#line 1
+category c205;
+#line 1
+category c206;
+#line 1
+category c207;
+#line 1
+category c208;
+#line 1
+category c209;
+#line 1
+category c210;
+#line 1
+category c211;
+#line 1
+category c212;
+#line 1
+category c213;
+#line 1
+category c214;
+#line 1
+category c215;
+#line 1
+category c216;
+#line 1
+category c217;
+#line 1
+category c218;
+#line 1
+category c219;
+#line 1
+category c220;
+#line 1
+category c221;
+#line 1
+category c222;
+#line 1
+category c223;
+#line 1
+category c224;
+#line 1
+category c225;
+#line 1
+category c226;
+#line 1
+category c227;
+#line 1
+category c228;
+#line 1
+category c229;
+#line 1
+category c230;
+#line 1
+category c231;
+#line 1
+category c232;
+#line 1
+category c233;
+#line 1
+category c234;
+#line 1
+category c235;
+#line 1
+category c236;
+#line 1
+category c237;
+#line 1
+category c238;
+#line 1
+category c239;
+#line 1
+category c240;
+#line 1
+category c241;
+#line 1
+category c242;
+#line 1
+category c243;
+#line 1
+category c244;
+#line 1
+category c245;
+#line 1
+category c246;
+#line 1
+category c247;
+#line 1
+category c248;
+#line 1
+category c249;
+#line 1
+category c250;
+#line 1
+category c251;
+#line 1
+category c252;
+#line 1
+category c253;
+#line 1
+category c254;
+#line 1
+category c255;
+#line 1
+category c256;
+#line 1
+category c257;
+#line 1
+category c258;
+#line 1
+category c259;
+#line 1
+category c260;
+#line 1
+category c261;
+#line 1
+category c262;
+#line 1
+category c263;
+#line 1
+category c264;
+#line 1
+category c265;
+#line 1
+category c266;
+#line 1
+category c267;
+#line 1
+category c268;
+#line 1
+category c269;
+#line 1
+category c270;
+#line 1
+category c271;
+#line 1
+category c272;
+#line 1
+category c273;
+#line 1
+category c274;
+#line 1
+category c275;
+#line 1
+category c276;
+#line 1
+category c277;
+#line 1
+category c278;
+#line 1
+category c279;
+#line 1
+category c280;
+#line 1
+category c281;
+#line 1
+category c282;
+#line 1
+category c283;
+#line 1
+category c284;
+#line 1
+category c285;
+#line 1
+category c286;
+#line 1
+category c287;
+#line 1
+category c288;
+#line 1
+category c289;
+#line 1
+category c290;
+#line 1
+category c291;
+#line 1
+category c292;
+#line 1
+category c293;
+#line 1
+category c294;
+#line 1
+category c295;
+#line 1
+category c296;
+#line 1
+category c297;
+#line 1
+category c298;
+#line 1
+category c299;
+#line 1
+category c300;
+#line 1
+category c301;
+#line 1
+category c302;
+#line 1
+category c303;
+#line 1
+category c304;
+#line 1
+category c305;
+#line 1
+category c306;
+#line 1
+category c307;
+#line 1
+category c308;
+#line 1
+category c309;
+#line 1
+category c310;
+#line 1
+category c311;
+#line 1
+category c312;
+#line 1
+category c313;
+#line 1
+category c314;
+#line 1
+category c315;
+#line 1
+category c316;
+#line 1
+category c317;
+#line 1
+category c318;
+#line 1
+category c319;
+#line 1
+category c320;
+#line 1
+category c321;
+#line 1
+category c322;
+#line 1
+category c323;
+#line 1
+category c324;
+#line 1
+category c325;
+#line 1
+category c326;
+#line 1
+category c327;
+#line 1
+category c328;
+#line 1
+category c329;
+#line 1
+category c330;
+#line 1
+category c331;
+#line 1
+category c332;
+#line 1
+category c333;
+#line 1
+category c334;
+#line 1
+category c335;
+#line 1
+category c336;
+#line 1
+category c337;
+#line 1
+category c338;
+#line 1
+category c339;
+#line 1
+category c340;
+#line 1
+category c341;
+#line 1
+category c342;
+#line 1
+category c343;
+#line 1
+category c344;
+#line 1
+category c345;
+#line 1
+category c346;
+#line 1
+category c347;
+#line 1
+category c348;
+#line 1
+category c349;
+#line 1
+category c350;
+#line 1
+category c351;
+#line 1
+category c352;
+#line 1
+category c353;
+#line 1
+category c354;
+#line 1
+category c355;
+#line 1
+category c356;
+#line 1
+category c357;
+#line 1
+category c358;
+#line 1
+category c359;
+#line 1
+category c360;
+#line 1
+category c361;
+#line 1
+category c362;
+#line 1
+category c363;
+#line 1
+category c364;
+#line 1
+category c365;
+#line 1
+category c366;
+#line 1
+category c367;
+#line 1
+category c368;
+#line 1
+category c369;
+#line 1
+category c370;
+#line 1
+category c371;
+#line 1
+category c372;
+#line 1
+category c373;
+#line 1
+category c374;
+#line 1
+category c375;
+#line 1
+category c376;
+#line 1
+category c377;
+#line 1
+category c378;
+#line 1
+category c379;
+#line 1
+category c380;
+#line 1
+category c381;
+#line 1
+category c382;
+#line 1
+category c383;
+#line 1
+category c384;
+#line 1
+category c385;
+#line 1
+category c386;
+#line 1
+category c387;
+#line 1
+category c388;
+#line 1
+category c389;
+#line 1
+category c390;
+#line 1
+category c391;
+#line 1
+category c392;
+#line 1
+category c393;
+#line 1
+category c394;
+#line 1
+category c395;
+#line 1
+category c396;
+#line 1
+category c397;
+#line 1
+category c398;
+#line 1
+category c399;
+#line 1
+category c400;
+#line 1
+category c401;
+#line 1
+category c402;
+#line 1
+category c403;
+#line 1
+category c404;
+#line 1
+category c405;
+#line 1
+category c406;
+#line 1
+category c407;
+#line 1
+category c408;
+#line 1
+category c409;
+#line 1
+category c410;
+#line 1
+category c411;
+#line 1
+category c412;
+#line 1
+category c413;
+#line 1
+category c414;
+#line 1
+category c415;
+#line 1
+category c416;
+#line 1
+category c417;
+#line 1
+category c418;
+#line 1
+category c419;
+#line 1
+category c420;
+#line 1
+category c421;
+#line 1
+category c422;
+#line 1
+category c423;
+#line 1
+category c424;
+#line 1
+category c425;
+#line 1
+category c426;
+#line 1
+category c427;
+#line 1
+category c428;
+#line 1
+category c429;
+#line 1
+category c430;
+#line 1
+category c431;
+#line 1
+category c432;
+#line 1
+category c433;
+#line 1
+category c434;
+#line 1
+category c435;
+#line 1
+category c436;
+#line 1
+category c437;
+#line 1
+category c438;
+#line 1
+category c439;
+#line 1
+category c440;
+#line 1
+category c441;
+#line 1
+category c442;
+#line 1
+category c443;
+#line 1
+category c444;
+#line 1
+category c445;
+#line 1
+category c446;
+#line 1
+category c447;
+#line 1
+category c448;
+#line 1
+category c449;
+#line 1
+category c450;
+#line 1
+category c451;
+#line 1
+category c452;
+#line 1
+category c453;
+#line 1
+category c454;
+#line 1
+category c455;
+#line 1
+category c456;
+#line 1
+category c457;
+#line 1
+category c458;
+#line 1
+category c459;
+#line 1
+category c460;
+#line 1
+category c461;
+#line 1
+category c462;
+#line 1
+category c463;
+#line 1
+category c464;
+#line 1
+category c465;
+#line 1
+category c466;
+#line 1
+category c467;
+#line 1
+category c468;
+#line 1
+category c469;
+#line 1
+category c470;
+#line 1
+category c471;
+#line 1
+category c472;
+#line 1
+category c473;
+#line 1
+category c474;
+#line 1
+category c475;
+#line 1
+category c476;
+#line 1
+category c477;
+#line 1
+category c478;
+#line 1
+category c479;
+#line 1
+category c480;
+#line 1
+category c481;
+#line 1
+category c482;
+#line 1
+category c483;
+#line 1
+category c484;
+#line 1
+category c485;
+#line 1
+category c486;
+#line 1
+category c487;
+#line 1
+category c488;
+#line 1
+category c489;
+#line 1
+category c490;
+#line 1
+category c491;
+#line 1
+category c492;
+#line 1
+category c493;
+#line 1
+category c494;
+#line 1
+category c495;
+#line 1
+category c496;
+#line 1
+category c497;
+#line 1
+category c498;
+#line 1
+category c499;
+#line 1
+category c500;
+#line 1
+category c501;
+#line 1
+category c502;
+#line 1
+category c503;
+#line 1
+category c504;
+#line 1
+category c505;
+#line 1
+category c506;
+#line 1
+category c507;
+#line 1
+category c508;
+#line 1
+category c509;
+#line 1
+category c510;
+#line 1
+category c511;
+#line 1
+category c512;
+#line 1
+category c513;
+#line 1
+category c514;
+#line 1
+category c515;
+#line 1
+category c516;
+#line 1
+category c517;
+#line 1
+category c518;
+#line 1
+category c519;
+#line 1
+category c520;
+#line 1
+category c521;
+#line 1
+category c522;
+#line 1
+category c523;
+#line 1
+category c524;
+#line 1
+category c525;
+#line 1
+category c526;
+#line 1
+category c527;
+#line 1
+category c528;
+#line 1
+category c529;
+#line 1
+category c530;
+#line 1
+category c531;
+#line 1
+category c532;
+#line 1
+category c533;
+#line 1
+category c534;
+#line 1
+category c535;
+#line 1
+category c536;
+#line 1
+category c537;
+#line 1
+category c538;
+#line 1
+category c539;
+#line 1
+category c540;
+#line 1
+category c541;
+#line 1
+category c542;
+#line 1
+category c543;
+#line 1
+category c544;
+#line 1
+category c545;
+#line 1
+category c546;
+#line 1
+category c547;
+#line 1
+category c548;
+#line 1
+category c549;
+#line 1
+category c550;
+#line 1
+category c551;
+#line 1
+category c552;
+#line 1
+category c553;
+#line 1
+category c554;
+#line 1
+category c555;
+#line 1
+category c556;
+#line 1
+category c557;
+#line 1
+category c558;
+#line 1
+category c559;
+#line 1
+category c560;
+#line 1
+category c561;
+#line 1
+category c562;
+#line 1
+category c563;
+#line 1
+category c564;
+#line 1
+category c565;
+#line 1
+category c566;
+#line 1
+category c567;
+#line 1
+category c568;
+#line 1
+category c569;
+#line 1
+category c570;
+#line 1
+category c571;
+#line 1
+category c572;
+#line 1
+category c573;
+#line 1
+category c574;
+#line 1
+category c575;
+#line 1
+category c576;
+#line 1
+category c577;
+#line 1
+category c578;
+#line 1
+category c579;
+#line 1
+category c580;
+#line 1
+category c581;
+#line 1
+category c582;
+#line 1
+category c583;
+#line 1
+category c584;
+#line 1
+category c585;
+#line 1
+category c586;
+#line 1
+category c587;
+#line 1
+category c588;
+#line 1
+category c589;
+#line 1
+category c590;
+#line 1
+category c591;
+#line 1
+category c592;
+#line 1
+category c593;
+#line 1
+category c594;
+#line 1
+category c595;
+#line 1
+category c596;
+#line 1
+category c597;
+#line 1
+category c598;
+#line 1
+category c599;
+#line 1
+category c600;
+#line 1
+category c601;
+#line 1
+category c602;
+#line 1
+category c603;
+#line 1
+category c604;
+#line 1
+category c605;
+#line 1
+category c606;
+#line 1
+category c607;
+#line 1
+category c608;
+#line 1
+category c609;
+#line 1
+category c610;
+#line 1
+category c611;
+#line 1
+category c612;
+#line 1
+category c613;
+#line 1
+category c614;
+#line 1
+category c615;
+#line 1
+category c616;
+#line 1
+category c617;
+#line 1
+category c618;
+#line 1
+category c619;
+#line 1
+category c620;
+#line 1
+category c621;
+#line 1
+category c622;
+#line 1
+category c623;
+#line 1
+category c624;
+#line 1
+category c625;
+#line 1
+category c626;
+#line 1
+category c627;
+#line 1
+category c628;
+#line 1
+category c629;
+#line 1
+category c630;
+#line 1
+category c631;
+#line 1
+category c632;
+#line 1
+category c633;
+#line 1
+category c634;
+#line 1
+category c635;
+#line 1
+category c636;
+#line 1
+category c637;
+#line 1
+category c638;
+#line 1
+category c639;
+#line 1
+category c640;
+#line 1
+category c641;
+#line 1
+category c642;
+#line 1
+category c643;
+#line 1
+category c644;
+#line 1
+category c645;
+#line 1
+category c646;
+#line 1
+category c647;
+#line 1
+category c648;
+#line 1
+category c649;
+#line 1
+category c650;
+#line 1
+category c651;
+#line 1
+category c652;
+#line 1
+category c653;
+#line 1
+category c654;
+#line 1
+category c655;
+#line 1
+category c656;
+#line 1
+category c657;
+#line 1
+category c658;
+#line 1
+category c659;
+#line 1
+category c660;
+#line 1
+category c661;
+#line 1
+category c662;
+#line 1
+category c663;
+#line 1
+category c664;
+#line 1
+category c665;
+#line 1
+category c666;
+#line 1
+category c667;
+#line 1
+category c668;
+#line 1
+category c669;
+#line 1
+category c670;
+#line 1
+category c671;
+#line 1
+category c672;
+#line 1
+category c673;
+#line 1
+category c674;
+#line 1
+category c675;
+#line 1
+category c676;
+#line 1
+category c677;
+#line 1
+category c678;
+#line 1
+category c679;
+#line 1
+category c680;
+#line 1
+category c681;
+#line 1
+category c682;
+#line 1
+category c683;
+#line 1
+category c684;
+#line 1
+category c685;
+#line 1
+category c686;
+#line 1
+category c687;
+#line 1
+category c688;
+#line 1
+category c689;
+#line 1
+category c690;
+#line 1
+category c691;
+#line 1
+category c692;
+#line 1
+category c693;
+#line 1
+category c694;
+#line 1
+category c695;
+#line 1
+category c696;
+#line 1
+category c697;
+#line 1
+category c698;
+#line 1
+category c699;
+#line 1
+category c700;
+#line 1
+category c701;
+#line 1
+category c702;
+#line 1
+category c703;
+#line 1
+category c704;
+#line 1
+category c705;
+#line 1
+category c706;
+#line 1
+category c707;
+#line 1
+category c708;
+#line 1
+category c709;
+#line 1
+category c710;
+#line 1
+category c711;
+#line 1
+category c712;
+#line 1
+category c713;
+#line 1
+category c714;
+#line 1
+category c715;
+#line 1
+category c716;
+#line 1
+category c717;
+#line 1
+category c718;
+#line 1
+category c719;
+#line 1
+category c720;
+#line 1
+category c721;
+#line 1
+category c722;
+#line 1
+category c723;
+#line 1
+category c724;
+#line 1
+category c725;
+#line 1
+category c726;
+#line 1
+category c727;
+#line 1
+category c728;
+#line 1
+category c729;
+#line 1
+category c730;
+#line 1
+category c731;
+#line 1
+category c732;
+#line 1
+category c733;
+#line 1
+category c734;
+#line 1
+category c735;
+#line 1
+category c736;
+#line 1
+category c737;
+#line 1
+category c738;
+#line 1
+category c739;
+#line 1
+category c740;
+#line 1
+category c741;
+#line 1
+category c742;
+#line 1
+category c743;
+#line 1
+category c744;
+#line 1
+category c745;
+#line 1
+category c746;
+#line 1
+category c747;
+#line 1
+category c748;
+#line 1
+category c749;
+#line 1
+category c750;
+#line 1
+category c751;
+#line 1
+category c752;
+#line 1
+category c753;
+#line 1
+category c754;
+#line 1
+category c755;
+#line 1
+category c756;
+#line 1
+category c757;
+#line 1
+category c758;
+#line 1
+category c759;
+#line 1
+category c760;
+#line 1
+category c761;
+#line 1
+category c762;
+#line 1
+category c763;
+#line 1
+category c764;
+#line 1
+category c765;
+#line 1
+category c766;
+#line 1
+category c767;
+#line 1
+category c768;
+#line 1
+category c769;
+#line 1
+category c770;
+#line 1
+category c771;
+#line 1
+category c772;
+#line 1
+category c773;
+#line 1
+category c774;
+#line 1
+category c775;
+#line 1
+category c776;
+#line 1
+category c777;
+#line 1
+category c778;
+#line 1
+category c779;
+#line 1
+category c780;
+#line 1
+category c781;
+#line 1
+category c782;
+#line 1
+category c783;
+#line 1
+category c784;
+#line 1
+category c785;
+#line 1
+category c786;
+#line 1
+category c787;
+#line 1
+category c788;
+#line 1
+category c789;
+#line 1
+category c790;
+#line 1
+category c791;
+#line 1
+category c792;
+#line 1
+category c793;
+#line 1
+category c794;
+#line 1
+category c795;
+#line 1
+category c796;
+#line 1
+category c797;
+#line 1
+category c798;
+#line 1
+category c799;
+#line 1
+category c800;
+#line 1
+category c801;
+#line 1
+category c802;
+#line 1
+category c803;
+#line 1
+category c804;
+#line 1
+category c805;
+#line 1
+category c806;
+#line 1
+category c807;
+#line 1
+category c808;
+#line 1
+category c809;
+#line 1
+category c810;
+#line 1
+category c811;
+#line 1
+category c812;
+#line 1
+category c813;
+#line 1
+category c814;
+#line 1
+category c815;
+#line 1
+category c816;
+#line 1
+category c817;
+#line 1
+category c818;
+#line 1
+category c819;
+#line 1
+category c820;
+#line 1
+category c821;
+#line 1
+category c822;
+#line 1
+category c823;
+#line 1
+category c824;
+#line 1
+category c825;
+#line 1
+category c826;
+#line 1
+category c827;
+#line 1
+category c828;
+#line 1
+category c829;
+#line 1
+category c830;
+#line 1
+category c831;
+#line 1
+category c832;
+#line 1
+category c833;
+#line 1
+category c834;
+#line 1
+category c835;
+#line 1
+category c836;
+#line 1
+category c837;
+#line 1
+category c838;
+#line 1
+category c839;
+#line 1
+category c840;
+#line 1
+category c841;
+#line 1
+category c842;
+#line 1
+category c843;
+#line 1
+category c844;
+#line 1
+category c845;
+#line 1
+category c846;
+#line 1
+category c847;
+#line 1
+category c848;
+#line 1
+category c849;
+#line 1
+category c850;
+#line 1
+category c851;
+#line 1
+category c852;
+#line 1
+category c853;
+#line 1
+category c854;
+#line 1
+category c855;
+#line 1
+category c856;
+#line 1
+category c857;
+#line 1
+category c858;
+#line 1
+category c859;
+#line 1
+category c860;
+#line 1
+category c861;
+#line 1
+category c862;
+#line 1
+category c863;
+#line 1
+category c864;
+#line 1
+category c865;
+#line 1
+category c866;
+#line 1
+category c867;
+#line 1
+category c868;
+#line 1
+category c869;
+#line 1
+category c870;
+#line 1
+category c871;
+#line 1
+category c872;
+#line 1
+category c873;
+#line 1
+category c874;
+#line 1
+category c875;
+#line 1
+category c876;
+#line 1
+category c877;
+#line 1
+category c878;
+#line 1
+category c879;
+#line 1
+category c880;
+#line 1
+category c881;
+#line 1
+category c882;
+#line 1
+category c883;
+#line 1
+category c884;
+#line 1
+category c885;
+#line 1
+category c886;
+#line 1
+category c887;
+#line 1
+category c888;
+#line 1
+category c889;
+#line 1
+category c890;
+#line 1
+category c891;
+#line 1
+category c892;
+#line 1
+category c893;
+#line 1
+category c894;
+#line 1
+category c895;
+#line 1
+category c896;
+#line 1
+category c897;
+#line 1
+category c898;
+#line 1
+category c899;
+#line 1
+category c900;
+#line 1
+category c901;
+#line 1
+category c902;
+#line 1
+category c903;
+#line 1
+category c904;
+#line 1
+category c905;
+#line 1
+category c906;
+#line 1
+category c907;
+#line 1
+category c908;
+#line 1
+category c909;
+#line 1
+category c910;
+#line 1
+category c911;
+#line 1
+category c912;
+#line 1
+category c913;
+#line 1
+category c914;
+#line 1
+category c915;
+#line 1
+category c916;
+#line 1
+category c917;
+#line 1
+category c918;
+#line 1
+category c919;
+#line 1
+category c920;
+#line 1
+category c921;
+#line 1
+category c922;
+#line 1
+category c923;
+#line 1
+category c924;
+#line 1
+category c925;
+#line 1
+category c926;
+#line 1
+category c927;
+#line 1
+category c928;
+#line 1
+category c929;
+#line 1
+category c930;
+#line 1
+category c931;
+#line 1
+category c932;
+#line 1
+category c933;
+#line 1
+category c934;
+#line 1
+category c935;
+#line 1
+category c936;
+#line 1
+category c937;
+#line 1
+category c938;
+#line 1
+category c939;
+#line 1
+category c940;
+#line 1
+category c941;
+#line 1
+category c942;
+#line 1
+category c943;
+#line 1
+category c944;
+#line 1
+category c945;
+#line 1
+category c946;
+#line 1
+category c947;
+#line 1
+category c948;
+#line 1
+category c949;
+#line 1
+category c950;
+#line 1
+category c951;
+#line 1
+category c952;
+#line 1
+category c953;
+#line 1
+category c954;
+#line 1
+category c955;
+#line 1
+category c956;
+#line 1
+category c957;
+#line 1
+category c958;
+#line 1
+category c959;
+#line 1
+category c960;
+#line 1
+category c961;
+#line 1
+category c962;
+#line 1
+category c963;
+#line 1
+category c964;
+#line 1
+category c965;
+#line 1
+category c966;
+#line 1
+category c967;
+#line 1
+category c968;
+#line 1
+category c969;
+#line 1
+category c970;
+#line 1
+category c971;
+#line 1
+category c972;
+#line 1
+category c973;
+#line 1
+category c974;
+#line 1
+category c975;
+#line 1
+category c976;
+#line 1
+category c977;
+#line 1
+category c978;
+#line 1
+category c979;
+#line 1
+category c980;
+#line 1
+category c981;
+#line 1
+category c982;
+#line 1
+category c983;
+#line 1
+category c984;
+#line 1
+category c985;
+#line 1
+category c986;
+#line 1
+category c987;
+#line 1
+category c988;
+#line 1
+category c989;
+#line 1
+category c990;
+#line 1
+category c991;
+#line 1
+category c992;
+#line 1
+category c993;
+#line 1
+category c994;
+#line 1
+category c995;
+#line 1
+category c996;
+#line 1
+category c997;
+#line 1
+category c998;
+#line 1
+category c999;
+#line 1
+category c1000;
+#line 1
+category c1001;
+#line 1
+category c1002;
+#line 1
+category c1003;
+#line 1
+category c1004;
+#line 1
+category c1005;
+#line 1
+category c1006;
+#line 1
+category c1007;
+#line 1
+category c1008;
+#line 1
+category c1009;
+#line 1
+category c1010;
+#line 1
+category c1011;
+#line 1
+category c1012;
+#line 1
+category c1013;
+#line 1
+category c1014;
+#line 1
+category c1015;
+#line 1
+category c1016;
+#line 1
+category c1017;
+#line 1
+category c1018;
+#line 1
+category c1019;
+#line 1
+category c1020;
+#line 1
+category c1021;
+#line 1
+category c1022;
+#line 1
+category c1023;
+#line 1
+
+#line 1
+			
+#line 1
+
+#line 1
+			
+#line 1
+		}
+#line 1
+	
+#line 1
+
+
+
+
+#line 4
+	
+#line 4
+		require {
+#line 4
+			
+#line 4
+  attribute file_type;
+#line 4
+
+#line 4
+  type devicekit_disk_t;
+#line 4
+  type etc_t;
+#line 4
+
+#line 4
+  type mozilla_t;
+#line 4
+  type xdg_cache_t;
+#line 4
+  type fs_t;
+#line 4
+
+#line 4
+		} # end require
+#line 4
+	
+#line 13
+
+
+dontaudit user_t file_type:file watch;
+dontaudit user_t file_type:dir watch;
+dontaudit devicekit_disk_t etc_t:dir watch;
+dontaudit mozilla_t xdg_cache_t:file { read write };
+dontaudit mozilla_t fs_t:filesystem quotaget;
+
+
+#line 21
+	bool feffe_cron_sync_to_home false;
+#line 21
+
+
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		
+#line 22
+bool feffe_cron_sync_to_home;
+#line 22
+
+#line 22
+  
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+	if (feffe_cron_sync_to_home) {
+#line 22
+		
+#line 22
+  
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+    type system_cronjob_t;
+#line 22
+  
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+   	 	
+#line 22
+##### begin xdg_read_config_files(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type xdg_config_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	
+#line 22
+	allow system_cronjob_t xdg_config_t:dir { getattr search open };
+#line 22
+	allow system_cronjob_t xdg_config_t:file { { getattr read lock ioctl } open };
+#line 22
+
+#line 22
+	allow system_cronjob_t xdg_config_t:file map;
+#line 22
+	
+#line 22
+	allow system_cronjob_t xdg_config_t:dir { getattr search open };
+#line 22
+	allow system_cronjob_t xdg_config_t:dir { getattr search open read lock ioctl };
+#line 22
+
+#line 22
+	
+#line 22
+	allow system_cronjob_t xdg_config_t:dir { getattr search open };
+#line 22
+	allow system_cronjob_t xdg_config_t:lnk_file { getattr read };
+#line 22
+
+#line 22
+
+#line 22
+	 	 	
+#line 22
+##### begin userdom_search_user_home_dirs(system_cronjob_t) depth: 2
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type user_home_dir_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t user_home_dir_t:dir { getattr search open };
+#line 22
+	 	 	
+#line 22
+##### begin files_search_home(system_cronjob_t) depth: 3
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type home_root_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t home_root_t:dir { getattr search open };
+#line 22
+	allow system_cronjob_t home_root_t:lnk_file { getattr read };
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end files_search_home(system_cronjob_t) depth: 2
+#line 22
+ 	
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end userdom_search_user_home_dirs(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end xdg_read_config_files(system_cronjob_t) depth: 0
+#line 22
+ 	
+#line 22
+   	 	
+#line 22
+##### begin corenet_tcp_sendrecv_generic_if(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type netif_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t netif_t:netif { egress ingress };
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end corenet_tcp_sendrecv_generic_if(system_cronjob_t) depth: 0
+#line 22
+ 	
+#line 22
+   	 	
+#line 22
+##### begin corenet_tcp_sendrecv_generic_node(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type node_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t node_t:node { sendto recvfrom };
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end corenet_tcp_sendrecv_generic_node(system_cronjob_t) depth: 0
+#line 22
+ 	
+#line 22
+   	 	
+#line 22
+##### begin corenet_tcp_connect_http_port(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type http_port_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t http_port_t:tcp_socket name_connect;
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end corenet_tcp_connect_http_port(system_cronjob_t) depth: 0
+#line 22
+ 	
+#line 22
+   	 	
+#line 22
+##### begin corenet_sendrecv_http_client_packets(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+	 	 	
+#line 22
+##### begin corenet_send_http_client_packets(system_cronjob_t) depth: 2
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type http_client_packet_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t http_client_packet_t:packet send;
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end corenet_send_http_client_packets(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+	 	 	
+#line 22
+##### begin corenet_receive_http_client_packets(system_cronjob_t) depth: 2
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type http_client_packet_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t http_client_packet_t:packet recv;
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end corenet_receive_http_client_packets(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end corenet_sendrecv_http_client_packets(system_cronjob_t) depth: 0
+#line 22
+ 	
+#line 22
+   	 	
+#line 22
+##### begin miscfiles_read_generic_certs(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type cert_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t cert_t:dir { getattr search open read lock ioctl };
+#line 22
+	
+#line 22
+	allow system_cronjob_t cert_t:dir { getattr search open };
+#line 22
+	allow system_cronjob_t cert_t:file { { getattr read lock ioctl } open };
+#line 22
+
+#line 22
+	
+#line 22
+	allow system_cronjob_t cert_t:dir { getattr search open };
+#line 22
+	allow system_cronjob_t cert_t:lnk_file { getattr read };
+#line 22
+
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end miscfiles_read_generic_certs(system_cronjob_t) depth: 0
+#line 22
+ 	
+#line 22
+   	 	
+#line 22
+##### begin userdom_manage_user_home_content_dirs(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type user_home_dir_t, user_home_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	
+#line 22
+	allow system_cronjob_t { user_home_dir_t user_home_t }:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 22
+	allow system_cronjob_t user_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
+#line 22
+
+#line 22
+	 	 	
+#line 22
+##### begin files_search_home(system_cronjob_t) depth: 2
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type home_root_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t home_root_t:dir { getattr search open };
+#line 22
+	allow system_cronjob_t home_root_t:lnk_file { getattr read };
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end files_search_home(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end userdom_manage_user_home_content_dirs(system_cronjob_t) depth: 0
+#line 22
+ 	
+#line 22
+   	 	
+#line 22
+##### begin userdom_manage_user_home_content_files(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type user_home_dir_t, user_home_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	
+#line 22
+	allow system_cronjob_t user_home_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 22
+	allow system_cronjob_t user_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
+#line 22
+
+#line 22
+	allow system_cronjob_t user_home_dir_t:dir { getattr search open };
+#line 22
+	 	 	
+#line 22
+##### begin files_search_home(system_cronjob_t) depth: 2
+#line 22
+ 	
+#line 22
+	
+#line 22
+	
+#line 22
+		require {
+#line 22
+			
+#line 22
+		type home_root_t;
+#line 22
+	
+#line 22
+		} # end require
+#line 22
+	
+#line 22
+
+#line 22
+
+#line 22
+	allow system_cronjob_t home_root_t:dir { getattr search open };
+#line 22
+	allow system_cronjob_t home_root_t:lnk_file { getattr read };
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end files_search_home(system_cronjob_t) depth: 1
+#line 22
+ 	
+#line 22
+
+#line 22
+	 	
+#line 22
+##### end userdom_manage_user_home_content_files(system_cronjob_t) depth: 0
+#line 22
+ 	
+#line 22
+  allow system_cronjob_t user_home_t:dir { relabelfrom relabelto };
+#line 22
+  allow system_cronjob_t user_home_t:file { relabelfrom relabelto };
+#line 22
+
+#line 22
+	} # end feffe_cron_sync_to_home
+#line 37
+
+
+
+
+#line 40
+	bool feffe_use_xdm false;
+#line 40
+
+
+#line 41
+	
+#line 41
+	
+#line 41
+		require {
+#line 41
+			
+#line 41
+		
+#line 41
+bool feffe_use_xdm;
+#line 41
+
+#line 41
+  
+#line 41
+	
+#line 41
+		} # end require
+#line 41
+	
+#line 41
+
+#line 41
+	if (feffe_use_xdm) {
+#line 41
+		
+#line 41
+  
+#line 41
+	
+#line 41
+		require {
+#line 41
+			
+#line 41
+    type system_dbusd_t;
+#line 41
+    type user_dbusd_t;
+#line 41
+    type file_context_t;
+#line 41
+    type kmsg_device_t;
+#line 41
+    type init_var_run_t;
+#line 41
+  
+#line 41
+		} # end require
+#line 41
+	
+#line 41
+
+#line 41
+   	 	
+#line 41
+##### begin dev_rw_dri(user_t) depth: 1
+#line 41
+ 	
+#line 41
+	
+#line 41
+	
+#line 41
+		require {
+#line 41
+			
+#line 41
+		type device_t, dri_device_t;
+#line 41
+	
+#line 41
+		} # end require
+#line 41
+	
+#line 41
+
+#line 41
+
+#line 41
+	
+#line 41
+	allow user_t device_t:dir { getattr search open };
+#line 41
+	allow user_t dri_device_t:chr_file { getattr open read write append ioctl lock };
+#line 41
+
+#line 41
+	allow user_t dri_device_t:chr_file map;
+#line 41
+
+#line 41
+	 	
+#line 41
+##### end dev_rw_dri(user_t) depth: 0
+#line 41
+ 	
+#line 41
+  
+#line 41
+	allow system_dbusd_t file_context_t:dir { getattr search open };
+#line 41
+	allow system_dbusd_t file_context_t:file { { getattr read lock ioctl } open };
+#line 41
+
+#line 41
+  allow system_dbusd_t kmsg_device_t:chr_file {open write};
+#line 41
+  allow user_dbusd_t self:process getcap;
+#line 41
+  allow system_dbusd_t file_context_t:file map;
+#line 41
+  allow system_dbusd_t self:process setfscreate;
+#line 41
+  
+#line 41
+	allow system_dbusd_t init_var_run_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 41
+	allow system_dbusd_t init_var_run_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
+#line 41
+
+#line 41
+  
+#line 41
+	allow system_dbusd_t init_var_run_t:dir { getattr search open };
+#line 41
+	allow system_dbusd_t init_var_run_t:file { { getattr read lock ioctl } open };
+#line 41
+
+#line 41
+   	 	
+#line 41
+##### begin fs_manage_cgroup_dirs(system_dbusd_t) depth: 1
+#line 41
+ 	
+#line 41
+	
+#line 41
+	
+#line 41
+		require {
+#line 41
+			
+#line 41
+		type cgroup_t;
+#line 41
+
+#line 41
+	
+#line 41
+		} # end require
+#line 41
+	
+#line 41
+
+#line 41
+
+#line 41
+	
+#line 41
+	allow system_dbusd_t cgroup_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 41
+	allow system_dbusd_t cgroup_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
+#line 41
+
+#line 41
+	 	 	
+#line 41
+##### begin dev_search_sysfs(system_dbusd_t) depth: 2
+#line 41
+ 	
+#line 41
+	
+#line 41
+	
+#line 41
+		require {
+#line 41
+			
+#line 41
+		type sysfs_t;
+#line 41
+	
+#line 41
+		} # end require
+#line 41
+	
+#line 41
+
+#line 41
+
+#line 41
+	
+#line 41
+	allow system_dbusd_t sysfs_t:dir { getattr search open };
+#line 41
+	allow system_dbusd_t sysfs_t:dir { getattr search open };
+#line 41
+
+#line 41
+
+#line 41
+	 	
+#line 41
+##### end dev_search_sysfs(system_dbusd_t) depth: 1
+#line 41
+ 	
+#line 41
+
+#line 41
+	 	
+#line 41
+##### end fs_manage_cgroup_dirs(system_dbusd_t) depth: 0
+#line 41
+ 	
+#line 41
+   	 	
+#line 41
+##### begin fs_manage_cgroup_files(system_dbusd_t) depth: 1
+#line 41
+ 	
+#line 41
+	
+#line 41
+	
+#line 41
+		require {
+#line 41
+			
+#line 41
+		type cgroup_t;
+#line 41
+
+#line 41
+	
+#line 41
+		} # end require
+#line 41
+	
+#line 41
+
+#line 41
+
+#line 41
+	
+#line 41
+	allow system_dbusd_t cgroup_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 41
+	allow system_dbusd_t cgroup_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
+#line 41
+
+#line 41
+	 	 	
+#line 41
+##### begin dev_search_sysfs(system_dbusd_t) depth: 2
+#line 41
+ 	
+#line 41
+	
+#line 41
+	
+#line 41
+		require {
+#line 41
+			
+#line 41
+		type sysfs_t;
+#line 41
+	
+#line 41
+		} # end require
+#line 41
+	
+#line 41
+
+#line 41
+
+#line 41
+	
+#line 41
+	allow system_dbusd_t sysfs_t:dir { getattr search open };
+#line 41
+	allow system_dbusd_t sysfs_t:dir { getattr search open };
+#line 41
+
+#line 41
+
+#line 41
+	 	
+#line 41
+##### end dev_search_sysfs(system_dbusd_t) depth: 1
+#line 41
+ 	
+#line 41
+
+#line 41
+	 	
+#line 41
+##### end fs_manage_cgroup_files(system_dbusd_t) depth: 0
+#line 41
+ 	
+#line 41
+  allow system_dbusd_t self:netlink_kobject_uevent_socket {create setopt bind getattr read};
+#line 41
+
+#line 41
+	} # end feffe_use_xdm
+#line 60
+
+
+
+
+#line 63
+	bool feffe_xscreensaver_read_home false;
+#line 63
+
+
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		
+#line 64
+bool feffe_xscreensaver_read_home;
+#line 64
+
+#line 64
+  
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+	if (feffe_xscreensaver_read_home) {
+#line 64
+		
+#line 64
+  
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+    attribute user_home_content_type;
+#line 64
+    attribute non_security_file_type;
+#line 64
+
+#line 64
+    type user_t;
+#line 64
+    type xscreensaver_helper_t;
+#line 64
+    type xscreensaver_t;
+#line 64
+    type xdm_t;
+#line 64
+    type lib_t;
+#line 64
+    type tmpfs_t;
+#line 64
+    type bin_t;
+#line 64
+    type xscreensaver_helper_exec_t;
+#line 64
+    type fs_t;
+#line 64
+    type xserver_t;
+#line 64
+  
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+   	 	
+#line 64
+##### begin dev_rw_dri(xscreensaver_helper_t) depth: 1
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type device_t, dri_device_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_helper_t device_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t dri_device_t:chr_file { getattr open read write append ioctl lock };
+#line 64
+
+#line 64
+	allow xscreensaver_helper_t dri_device_t:chr_file map;
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end dev_rw_dri(xscreensaver_helper_t) depth: 0
+#line 64
+ 	
+#line 64
+   	 	
+#line 64
+##### begin dev_rw_dri(xscreensaver_t) depth: 1
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type device_t, dri_device_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_t device_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_t dri_device_t:chr_file { getattr open read write append ioctl lock };
+#line 64
+
+#line 64
+	allow xscreensaver_t dri_device_t:chr_file map;
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end dev_rw_dri(xscreensaver_t) depth: 0
+#line 64
+ 	
+#line 64
+  allow xscreensaver_helper_t xdm_t:fd use;
+#line 64
+  
+#line 64
+	allow xscreensaver_helper_t home_root_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t user_home_dir_t:dir { getattr search open };
+#line 64
+
+#line 64
+  
+#line 64
+	allow xscreensaver_helper_t user_home_dir_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t user_home_t:dir { getattr search open read lock ioctl };
+#line 64
+
+#line 64
+  
+#line 64
+	allow xscreensaver_helper_t user_home_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t user_home_t:file { { getattr read lock ioctl } open };
+#line 64
+
+#line 64
+  
+#line 64
+	allow xscreensaver_t lib_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_t lib_t:file { getattr open map read execute ioctl execute_no_trans };
+#line 64
+
+#line 64
+   	 	
+#line 64
+##### begin dev_read_sysfs(xscreensaver_t) depth: 1
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type sysfs_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_t sysfs_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_t sysfs_t:file { { getattr read lock ioctl } open };
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_t sysfs_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_t sysfs_t:lnk_file { getattr read };
+#line 64
+
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_t sysfs_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_t sysfs_t:dir { getattr search open read lock ioctl };
+#line 64
+
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end dev_read_sysfs(xscreensaver_t) depth: 0
+#line 64
+ 	
+#line 64
+   	 	
+#line 64
+##### begin xserver_rw_mesa_shader_cache(xscreensaver_t) depth: 1
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type mesa_shader_cache_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_t mesa_shader_cache_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_t mesa_shader_cache_t:dir { { getattr search open lock ioctl write add_name } { getattr search open lock ioctl write remove_name } };
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_t mesa_shader_cache_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_t mesa_shader_cache_t:file { { getattr read write append ioctl lock } open };
+#line 64
+
+#line 64
+	allow xscreensaver_t mesa_shader_cache_t:file map;
+#line 64
+
+#line 64
+	 	 	
+#line 64
+##### begin xdg_search_cache_dirs(xscreensaver_t) depth: 2
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type xdg_cache_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_t xdg_cache_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_t xdg_cache_t:dir { getattr search open };
+#line 64
+
+#line 64
+
+#line 64
+	 	 	
+#line 64
+##### begin userdom_search_user_home_dirs(xscreensaver_t) depth: 3
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type user_home_dir_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	allow xscreensaver_t user_home_dir_t:dir { getattr search open };
+#line 64
+	 	 	
+#line 64
+##### begin files_search_home(xscreensaver_t) depth: 4
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type home_root_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	allow xscreensaver_t home_root_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_t home_root_t:lnk_file { getattr read };
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end files_search_home(xscreensaver_t) depth: 3
+#line 64
+ 	
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end userdom_search_user_home_dirs(xscreensaver_t) depth: 2
+#line 64
+ 	
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end xdg_search_cache_dirs(xscreensaver_t) depth: 1
+#line 64
+ 	
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end xserver_rw_mesa_shader_cache(xscreensaver_t) depth: 0
+#line 64
+ 	
+#line 64
+   	 	
+#line 64
+##### begin xserver_rw_mesa_shader_cache(xscreensaver_helper_t) depth: 1
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type mesa_shader_cache_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_helper_t mesa_shader_cache_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t mesa_shader_cache_t:dir { { getattr search open lock ioctl write add_name } { getattr search open lock ioctl write remove_name } };
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_helper_t mesa_shader_cache_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t mesa_shader_cache_t:file { { getattr read write append ioctl lock } open };
+#line 64
+
+#line 64
+	allow xscreensaver_helper_t mesa_shader_cache_t:file map;
+#line 64
+
+#line 64
+	 	 	
+#line 64
+##### begin xdg_search_cache_dirs(xscreensaver_helper_t) depth: 2
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type xdg_cache_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:dir { getattr search open };
+#line 64
+
+#line 64
+
+#line 64
+	 	 	
+#line 64
+##### begin userdom_search_user_home_dirs(xscreensaver_helper_t) depth: 3
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type user_home_dir_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	allow xscreensaver_helper_t user_home_dir_t:dir { getattr search open };
+#line 64
+	 	 	
+#line 64
+##### begin files_search_home(xscreensaver_helper_t) depth: 4
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type home_root_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	allow xscreensaver_helper_t home_root_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t home_root_t:lnk_file { getattr read };
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end files_search_home(xscreensaver_helper_t) depth: 3
+#line 64
+ 	
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end userdom_search_user_home_dirs(xscreensaver_helper_t) depth: 2
+#line 64
+ 	
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end xdg_search_cache_dirs(xscreensaver_helper_t) depth: 1
+#line 64
+ 	
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end xserver_rw_mesa_shader_cache(xscreensaver_helper_t) depth: 0
+#line 64
+ 	
+#line 64
+  
+#line 64
+	allow xscreensaver_t tmpfs_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 64
+	allow xscreensaver_t tmpfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
+#line 64
+
+#line 64
+  allow xscreensaver_t tmpfs_t:file map;
+#line 64
+  
+#line 64
+	allow xscreensaver_helper_t bin_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t bin_t:dir { getattr search open };
+#line 64
+
+#line 64
+  
+#line 64
+	allow xscreensaver_helper_t xscreensaver_helper_exec_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t xscreensaver_helper_exec_t:file { getattr open map read execute ioctl execute_no_trans };
+#line 64
+
+#line 64
+  
+#line 64
+	allow xscreensaver_helper_t bin_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t bin_t:file { getattr open map read execute ioctl execute_no_trans };
+#line 64
+
+#line 64
+  allow xscreensaver_helper_t self:unix_stream_socket { create getattr connect write read shutdown };
+#line 64
+  
+#line 64
+	allow xscreensaver_helper_t user_home_content_type:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t user_home_content_type:file { { getattr read lock ioctl } open };
+#line 64
+
+#line 64
+
+#line 64
+  allow xscreensaver_t fs_t:filesystem getattr;
+#line 64
+   	 	
+#line 64
+##### begin xdg_manage_cache(xscreensaver_helper_t) depth: 1
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type xdg_cache_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
+#line 64
+
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:file map;
+#line 64
+	
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:lnk_file { create read write getattr setattr link unlink rename ioctl lock };
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
+#line 64
+
+#line 64
+	
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:dir { open read getattr lock search ioctl add_name remove_name write };
+#line 64
+	allow xscreensaver_helper_t xdg_cache_t:sock_file { create open getattr setattr read write rename link unlink ioctl lock append };
+#line 64
+
+#line 64
+
+#line 64
+	 	 	
+#line 64
+##### begin userdom_search_user_home_dirs(xscreensaver_helper_t) depth: 2
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type user_home_dir_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	allow xscreensaver_helper_t user_home_dir_t:dir { getattr search open };
+#line 64
+	 	 	
+#line 64
+##### begin files_search_home(xscreensaver_helper_t) depth: 3
+#line 64
+ 	
+#line 64
+	
+#line 64
+	
+#line 64
+		require {
+#line 64
+			
+#line 64
+		type home_root_t;
+#line 64
+	
+#line 64
+		} # end require
+#line 64
+	
+#line 64
+
+#line 64
+
+#line 64
+	allow xscreensaver_helper_t home_root_t:dir { getattr search open };
+#line 64
+	allow xscreensaver_helper_t home_root_t:lnk_file { getattr read };
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end files_search_home(xscreensaver_helper_t) depth: 2
+#line 64
+ 	
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end userdom_search_user_home_dirs(xscreensaver_helper_t) depth: 1
+#line 64
+ 	
+#line 64
+
+#line 64
+	 	
+#line 64
+##### end xdg_manage_cache(xscreensaver_helper_t) depth: 0
+#line 64
+ 	
+#line 64
+
+#line 64
+  dontaudit xscreensaver_helper_t non_security_file_type:file map;
+#line 64
+  dontaudit xscreensaver_helper_t non_security_file_type:dir search;
+#line 64
+  dontaudit xscreensaver_helper_t xserver_t:fd use;
+#line 64
+  dontaudit xscreensaver_t self:process execmem;
+#line 64
+  dontaudit xscreensaver_t user_home_content_type:dir search;
+#line 64
+
+#line 64
+	} # end feffe_xscreensaver_read_home
+#line 106
+
+
diff --git a/sec-policy/selinux-feffe-policies/files/tmp/iferror.m4 b/sec-policy/selinux-feffe-policies/files/tmp/iferror.m4
new file mode 100644
index 0000000..a3f36f8
--- /dev/null
+++ b/sec-policy/selinux-feffe-policies/files/tmp/iferror.m4
@@ -0,0 +1 @@
+ifdef(`__if_error',`m4exit(1)')
diff --git a/sec-policy/selinux-icinga2/Manifest b/sec-policy/selinux-icinga2/Manifest
index 9f47f29..c5c0ae1 100644
--- a/sec-policy/selinux-icinga2/Manifest
+++ b/sec-policy/selinux-icinga2/Manifest
@@ -1,3 +1,3 @@
-AUX gentoonize.patch 3569 BLAKE2B 74c61ba9ae303e2cc7eb6496ea16d6ba534879618b34021cee0d489b459ea92eb0bdc0df7a91e56660c26525ece2d401b600be62a05be82ded98557fc82e27ed SHA512 bcaedd688e81c0bcc92c3cc207680b59e3cead3bc5e6e5503fb3feacb073484215d1584574aa407e4889c4fded3d6010b7d49fa0a10ea6b96bd32cebe63c7b84
+AUX gentoonize.patch 4876 BLAKE2B a096dbc55548da123ca15a0d4c49f243932b4ef123e9ce01618122e1eb8979b7d4050379487adfbef16ff02f14331213d7cc2b664fb6d9def1b6c7a585788d18 SHA512 1c276c82530adc64d12777632bbdbbb0213d59641635705559d837cb9926b7d8d41cadf553e673c686e622c193dcb67b1cb35d6324342261df0858ff47293a44
 DIST icinga2-2.11.3.tar.gz 7475785 BLAKE2B baabe8c90170a7b2ddb3ae7e95ef3cd042e64f68dbfdb50f5a981bc63ae5aa1e8ec4082729456d1b3fc02c0c74a98e15383cc56e56c53a2ab6181db94125365c SHA512 616e938fabaa6565fb9ac4824649c09801dd53b3517c0a9b5b62307293bc838377c18818cc13dd40e240902f02455c421d433b6ee54671403598c5b7aeb78ea1
-EBUILD selinux-icinga2-2.11.3.ebuild 1071 BLAKE2B e65ac5f13b2dc0bd4c78ca1234dc1e4f4fc62265f1e0fa6fb4cd5fadff5429255b29000277b49fc4d3e94db8b48f09d4c866854e6157f6fff8f5c32270ee58c6 SHA512 12e7311ba0a229e6f7872770693be2dd37e6ce2887f3f7a627cb3602b542faf14f51fe75f8faa2d5d990e1ebd175fa8682bb38499a774f6d6bd8183142a03f13
+EBUILD selinux-icinga2-2.11.3.ebuild 1077 BLAKE2B 54fffd47616853ad07a35d996dbd2efe68d248fbfb05dd37de09c40fa18fb581ece81101595a03ec9f13a9c372a9dea2e1e9ae91f744a046bca5282d3c298d96 SHA512 8d170b5a8a414ff1bfa4aaaa862f872d739dba40154c715137c028c5699b5bae058e7ede17907fa5ed5f33d021bb3a99663f431ff07e0f15197c4be06f6f188d
diff --git a/sec-policy/selinux-icinga2/files/gentoonize.patch b/sec-policy/selinux-icinga2/files/gentoonize.patch
index f64ce13..86f177f 100644
--- a/sec-policy/selinux-icinga2/files/gentoonize.patch
+++ b/sec-policy/selinux-icinga2/files/gentoonize.patch
@@ -1,6 +1,14 @@
---- icinga2-2.11.3/tools/selinux/icinga2.te.orig	2020-05-17 12:42:51.052067797 +0200
-+++ icinga2-2.11.3/tools/selinux/icinga2.te	2020-05-17 12:51:19.989106989 +0200
-@@ -58,7 +58,6 @@
+--- icinga2-2.11.3/tools/selinux/icinga2.te.orig	2020-05-17 18:29:52.446884000 +0200
++++ icinga2-2.11.3/tools/selinux/icinga2.te	2020-05-17 18:39:00.603857209 +0200
+@@ -41,7 +41,6 @@
+ 	type nagios_system_plugin_t; type nagios_system_plugin_exec_t;
+ 	type nagios_unconfined_plugin_t; type nagios_unconfined_plugin_exec_t;
+ 	type nagios_eventhandler_plugin_t; type nagios_eventhandler_plugin_exec_t;
+-	type nagios_openshift_plugin_t; type nagios_openshift_plugin_exec_t;
+ 	type httpd_t; type system_mail_t;
+ 	type devlog_t;
+ 	role staff_r;
+@@ -58,7 +57,6 @@
  init_script_file(icinga2_initrc_exec_t)
  
  type icinga2_unit_file_t;
@@ -8,7 +16,15 @@
  
  type icinga2_etc_t;
  files_config_file(icinga2_etc_t)
-@@ -176,7 +175,6 @@
+@@ -155,7 +153,6 @@
+ icinga2_execstrans(nagios_system_plugin_exec_t, nagios_system_plugin_t)
+ icinga2_execstrans(nagios_unconfined_plugin_exec_t, nagios_unconfined_plugin_t)
+ icinga2_execstrans(nagios_eventhandler_plugin_exec_t, nagios_eventhandler_plugin_t)
+-icinga2_execstrans(nagios_openshift_plugin_exec_t, nagios_openshift_plugin_t)
+ 
+ # should be moved nagios.te
+ nagios_plugin_template(notification)
+@@ -176,7 +173,6 @@
  ')
  icinga2_dontaudit_leaks_fifo(system_mail_t)
  # hipsaint notification
@@ -16,7 +32,7 @@
  sysnet_read_config(nagios_notification_plugin_t)
  allow nagios_notification_plugin_t self:udp_socket create_stream_socket_perms;
  allow nagios_notification_plugin_t self:tcp_socket create_stream_socket_perms;
-@@ -216,20 +214,9 @@
+@@ -216,19 +212,8 @@
      selinux_compute_access_vector(icinga2_t)
  
      dbus_send_system_bus(icinga2_t)
@@ -24,22 +40,32 @@
 -    systemd_dbus_chat_logind(icinga2_t)
 -    # Without this it works but is very slow
 -    systemd_write_inherited_logind_sessions_pipes(icinga2_t)
--')
--
+ ')
+ 
 -optional_policy(`
 -    tunable_policy(`icinga2_run_sudo',`
 -        sudo_exec(icinga2_t)
 -    ')
- ')
- 
- 
+-')
 -
+-
+ 
  ########################################
  #
- # Icinga Webinterfaces
-@@ -273,3 +260,26 @@
+@@ -254,6 +239,8 @@
+ # Icinga2 Admin Role
+ #
+ 
++role icinga2adm_r;
++
+ userdom_unpriv_user_template(icinga2adm)
+ 
+ icinga2_admin(icinga2adm_t, icinga2adm_r)
+@@ -271,5 +258,27 @@
+ icinga2adm_execstrans(nagios_system_plugin_exec_t, nagios_system_plugin_t)
+ icinga2adm_execstrans(nagios_unconfined_plugin_exec_t, nagios_unconfined_plugin_t)
  icinga2adm_execstrans(nagios_eventhandler_plugin_exec_t, nagios_eventhandler_plugin_t)
- icinga2adm_execstrans(nagios_openshift_plugin_exec_t, nagios_openshift_plugin_t)
+-icinga2adm_execstrans(nagios_openshift_plugin_exec_t, nagios_openshift_plugin_t)
  icinga2adm_execstrans(nagios_notification_plugin_exec_t, nagios_notification_plugin_t)
 +
 +# Feffestuff
@@ -64,8 +90,8 @@
 +	postfix_exec_master(nagios_mail_plugin_t)
 +	postfix_domtrans_postqueue(nagios_mail_plugin_t)
 +')
---- icinga2-2.11.3/tools/selinux/icinga2.if.orig	2020-05-17 12:42:59.181068423 +0200
-+++ icinga2-2.11.3/tools/selinux/icinga2.if	2020-05-17 12:44:26.659075160 +0200
+--- icinga2-2.11.3/tools/selinux/icinga2.if.orig	2020-05-17 18:44:49.111840177 +0200
++++ icinga2-2.11.3/tools/selinux/icinga2.if	2020-05-17 18:45:18.317838749 +0200
 @@ -40,30 +40,6 @@
  
  ########################################
@@ -97,6 +123,15 @@
  ##      Allow the specified domain to read
  ##      icinga2 configuration files.
  ## </summary>
+@@ -289,7 +265,7 @@
+ 	allow $1 icinga2_t:process { signal_perms };
+ 	ps_process_pattern($1, icinga2_t)
+ 
+-    tunable_policy(`deny_ptrace',`',`
++    tunable_policy(`allow_ptrace',`
+         allow $1 icinga2_t:process ptrace;
+     ')
+ 
 @@ -312,14 +288,8 @@
  	admin_pattern($1, icinga2_spool_t)
  	admin_pattern($1, icinga2_cache_t)
diff --git a/sec-policy/selinux-icinga2/selinux-icinga2-2.11.3.ebuild b/sec-policy/selinux-icinga2/selinux-icinga2-2.11.3.ebuild
index ad9093a..e9d3977 100644
--- a/sec-policy/selinux-icinga2/selinux-icinga2-2.11.3.ebuild
+++ b/sec-policy/selinux-icinga2/selinux-icinga2-2.11.3.ebuild
@@ -32,7 +32,7 @@ src_compile() {
 src_install() {
 	for i in ${POLICY_TYPES}; do
 		mkdir -p "${D}/usr/share/selinux/${i}"
-		mv "${S}/selinux/icinga2-${i}.pp" "${D}/usr/share/selinux/${i}/icinga2.pp"
+		mv "${S}/tools/selinux/icinga2-${i}.pp" "${D}/usr/share/selinux/${i}/icinga2.pp"
 	done
 }