1type time, domain, mlstrustedsubject; 2type time_exec, exec_type, file_type; 3 4# Started by init 5init_daemon_domain(time) 6 7# Is r_file_perms sufficient for /dev/rtc0 ? 8allow time rtc_device:chr_file rw_file_perms; 9 10allow time time_data_file:dir rw_dir_perms; 11allow time time_data_file:file create_file_perms; 12 13allow time shared_log_device:chr_file rw_file_perms; 14allow time alarm_device:chr_file rw_file_perms; 15allow time self:socket *; 16 17allow time self:capability { setuid setgid }; 18