(typeattribute staff_file_type)
(typeattribute staff_application_exec_domain)
(typeattributeset staff_application_exec_domain (staff_t ))
(type staff_t)
(roletype object_r staff_t)
(roleattributeset cil_gen_require system_r)
(roleattributeset cil_gen_require staff_r)
(roletype staff_r staff_t)
(roletype staff_r pam_t)
(roletype staff_r utempter_t)
(roleattributeset cil_gen_require newrole_roles)
(roleattributeset newrole_roles (staff_r ))
(typeattributeset cil_gen_require unpriv_userdomain)
(typeattributeset unpriv_userdomain (staff_t ))
(typeattributeset cil_gen_require userdomain)
(typeattributeset userdomain (staff_t ))
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require user_tty_device_t)
(typeattributeset cil_gen_require staff_t)
(typeattributeset cil_gen_require domain)
(typeattributeset domain (staff_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require security_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require shell_exec_t)
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (shell_exec_t bin_t ))
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require process_user_target)
(typeattributeset process_user_target (staff_t ))
(typeattributeset cil_gen_require ubac_constrained_type)
(typeattributeset ubac_constrained_type (staff_t ))
(typeattributeset cil_gen_require server_ptynode)
(typeattributeset cil_gen_require ptynode)
(typeattributeset ptynode (user_devpts_t ))
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require device_node)
(typeattributeset device_node (user_devpts_t user_tty_device_t ))
(typeattributeset cil_gen_require ttynode)
(typeattributeset ttynode (user_tty_device_t ))
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require tty_device_t)
(typeattributeset cil_gen_require serial_device)
(typeattributeset serial_device (user_tty_device_t ))
(typeattributeset cil_gen_require bsdpty_device_t)
(typeattributeset cil_gen_require ptmx_t)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require sysctl_crypto_t)
(typeattributeset cil_gen_require sysctl_fs_t)
(typeattributeset cil_gen_require sysctl_vm_overcommit_t)
(typeattributeset cil_gen_require sysctl_vm_t)
(typeattributeset cil_gen_require unlabeled_t)
(typeattributeset cil_gen_require null_device_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require readable_t)
(typeattributeset cil_gen_require lib_t)
(typeattributeset cil_gen_require ld_so_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require cert_t)
(typeattributeset cil_gen_require fonts_t)
(typeattributeset cil_gen_require net_conf_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_lib_t)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require user_home_t)
(typeattributeset cil_gen_require user_home_dir_t)
(typeattributeset cil_gen_require user_bin_t)
(typeattributeset cil_gen_require user_cert_t)
(typeattributeset cil_gen_require home_root_t)
(typeattributeset cil_gen_require nfs_t)
(typeattributeset cil_gen_require cifs_t)
(typeattributeset cil_gen_require user_tmp_t)
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require user_runtime_t)
(typeattributeset cil_gen_require user_runtime_root_t)
(typeattributeset cil_gen_require user_tmpfs_t)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require urandom_device_t)
(typeattributeset cil_gen_require privfd)
(typeattributeset privfd (staff_t ))
(typeattributeset cil_gen_require default_t)
(typeattributeset cil_gen_require lost_found_t)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require autofs_t)
(typeattributeset cil_gen_require cgroup_types)
(typeattributeset cil_gen_require inotifyfs_t)
(typeattributeset cil_gen_require anon_inodefs_t)
(typeattributeset cil_gen_require wtmp_t)
(typeattributeset cil_gen_require chroot_exec_t)
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset cil_gen_require initrc_runtime_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require logfile)
(typeattributeset cil_gen_require man_t)
(typeattributeset cil_gen_require man_cache_t)
(typeattributeset cil_gen_require public_content_t)
(typeattributeset cil_gen_require public_content_rw_t)
(typeattributeset cil_gen_require tetex_data_t)
(typeattributeset cil_gen_require default_context_t)
(typeattributeset cil_gen_require file_context_t)
(typeattributeset cil_gen_require netlabel_peer_t)
(typeattributeset cil_gen_require netif_t)
(typeattributeset cil_gen_require node_t)
(typeattributeset cil_gen_require port_type)
(typeattributeset cil_gen_require client_packet_type)
(typeattributeset cil_gen_require proc_net_t)
(typeattributeset cil_gen_require sysctl_net_t)
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require sysctl_dev_t)
(typeattributeset cil_gen_require port_t)
(typeattributeset cil_gen_require defined_port_type)
(typeattributeset cil_gen_require random_device_t)
(typeattributeset cil_gen_require sound_device_t)
(typeattributeset cil_gen_require wireless_device_t)
(typeattributeset cil_gen_require var_lock_t)
(typeattributeset cil_gen_require mnt_t)
(typeattributeset cil_gen_require var_spool_t)
(typeattributeset cil_gen_require fixed_disk_device_t)
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (staff_t ))
(typeattributeset cil_gen_require var_log_t)
(typeattributeset cil_gen_require pam_var_console_t)
(typeattributeset cil_gen_require pam_t)
(typeattributeset cil_gen_require pam_exec_t)
(typeattributeset cil_gen_require utempter_t)
(typeattributeset cil_gen_require utempter_exec_t)
(typeattributeset cil_gen_require newrole_t)
(typeattributeset cil_gen_require newrole_exec_t)
(typeattributeset cil_gen_require checkpolicy_exec_t)
(typeattributeset cil_gen_require setfiles_exec_t)
(typeattributeset cil_gen_require removable_device_t)
(typeattributeset cil_gen_require mouse_device_t)
(typeattributeset cil_gen_require noxattrfs)
(typeattributeset cil_gen_require usb_device_t)
(typeattributeset cil_gen_require reserved_port_type)
(typeattributeset cil_gen_require xserver_port_t)
(allow staff_t shell_exec_t (file (entrypoint)))
(allow staff_t shell_exec_t (file (ioctl read getattr lock map execute open)))
(allow staff_t bin_t (file (entrypoint)))
(allow staff_t bin_t (file (ioctl read getattr lock map execute open)))
(allow user_devpts_t devpts_t (filesystem (associate)))
(typechange staff_t server_ptynode chr_file user_devpts_t)
(typechange staff_t tty_device_t chr_file user_tty_device_t)
(allow staff_t self (process (sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid setcap share getattr)))
(allow staff_t self (fd (use)))
(allow staff_t self (key (view read write search link setattr create)))
(allow staff_t self (fifo_file (ioctl read write getattr lock append open)))
(allow staff_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown sendto)))
(allow staff_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
(allow staff_t self (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
(allow staff_t self (sem (create destroy getattr setattr read write associate unix_read unix_write)))
(allow staff_t self (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
(allow staff_t self (msg (send receive)))
(allow staff_t self (context (contains)))
(dontaudit staff_t self (socket (create)))
(allow staff_t user_devpts_t (chr_file (ioctl read write getattr setattr lock append open)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t device_t (dir (ioctl read getattr lock open search)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t device_t (lnk_file (read getattr)))
(allow staff_t ptmx_t (chr_file (ioctl read write getattr lock append open)))
(allow staff_t devpts_t (dir (ioctl read getattr lock open search)))
(allow staff_t devpts_t (filesystem (getattr)))
(dontaudit staff_t bsdpty_device_t (chr_file (read write getattr)))
(typetransition staff_t devpts_t chr_file user_devpts_t)
(dontaudit staff_t user_devpts_t (chr_file (ioctl)))
(allow staff_t user_tty_device_t (chr_file (ioctl read write getattr setattr lock append open)))
(dontaudit staff_t user_tty_device_t (chr_file (ioctl)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_kernel_t (dir (getattr open search)))
(allow staff_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_crypto_t (dir (getattr open search)))
(allow staff_t sysctl_crypto_t (file (ioctl read getattr lock open)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_crypto_t (dir (ioctl read getattr lock open search)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_fs_t (dir (getattr open search)))
(allow staff_t sysctl_fs_t (file (ioctl read getattr lock open)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_fs_t (dir (ioctl read getattr lock open search)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_vm_t (dir (getattr open search)))
(allow staff_t sysctl_vm_overcommit_t (file (ioctl read getattr lock open)))
(dontaudit staff_t unlabeled_t (dir (ioctl read getattr lock open search)))
(dontaudit staff_t unlabeled_t (file (getattr)))
(dontaudit staff_t unlabeled_t (lnk_file (getattr)))
(dontaudit staff_t unlabeled_t (fifo_file (getattr)))
(dontaudit staff_t unlabeled_t (sock_file (getattr)))
(dontaudit staff_t unlabeled_t (blk_file (getattr)))
(dontaudit staff_t unlabeled_t (chr_file (getattr)))
(dontaudit staff_t device_node (blk_file (getattr)))
(dontaudit staff_t device_t (blk_file (getattr)))
(dontaudit staff_t device_node (chr_file (getattr)))
(dontaudit staff_t device_t (chr_file (getattr)))
(dontaudit staff_t null_device_t (chr_file (setattr)))
(allow staff_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_relay)))
(allow staff_t self (netlink_kobject_uevent_socket (ioctl read write create getattr setattr append bind getopt setopt shutdown)))
(dontaudit staff_t domain (dir (ioctl read getattr lock open search)))
(dontaudit staff_t domain (lnk_file (read getattr)))
(dontaudit staff_t domain (file (ioctl read getattr lock open)))
(dontaudit staff_t domain (sock_file (read getattr open)))
(dontaudit staff_t domain (fifo_file (ioctl read getattr lock open)))
(dontaudit staff_t domain (process (getattr)))
(dontaudit staff_t domain (process (getsession)))
(allow staff_t etc_t (dir (ioctl read getattr lock open search)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t etc_t (file (ioctl read getattr lock open)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t etc_t (lnk_file (read getattr)))
(allow staff_t etc_t (dir (watch)))
(allow staff_t etc_t (dir (ioctl read getattr lock open search)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t etc_runtime_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (ioctl read getattr lock open search)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t usr_t (file (ioctl read getattr lock open)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t usr_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (watch)))
(allow staff_t var_run_t (dir (watch)))
(allow staff_t readable_t (dir (ioctl read getattr lock open search)))
(allow staff_t readable_t (file (ioctl read getattr lock open)))
(allow staff_t readable_t (lnk_file (read getattr)))
(allow staff_t readable_t (fifo_file (ioctl read getattr lock open)))
(allow staff_t readable_t (sock_file (read getattr open)))
(dontaudit staff_t non_security_file_type (dir (ioctl read getattr lock open search)))
(dontaudit staff_t non_security_file_type (file (getattr)))
(dontaudit staff_t non_security_file_type (lnk_file (getattr)))
(dontaudit staff_t non_security_file_type (fifo_file (getattr)))
(dontaudit staff_t non_security_file_type (sock_file (getattr)))
(allow staff_t lib_t (dir (ioctl read getattr lock open search)))
(allow staff_t lib_t (dir (getattr open search)))
(allow staff_t lib_t (lnk_file (read getattr)))
(allow staff_t ld_so_t (lnk_file (read getattr)))
(allow staff_t lib_t (dir (getattr open search)))
(allow staff_t ld_so_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t etc_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t locale_t (dir (ioctl read getattr lock open search)))
(allow staff_t locale_t (dir (getattr open search)))
(allow staff_t locale_t (file (ioctl read getattr lock open)))
(allow staff_t locale_t (dir (getattr open search)))
(allow staff_t locale_t (lnk_file (read getattr)))
(allow staff_t locale_t (file (map)))
(allow staff_t cert_t (dir (ioctl read getattr lock open search)))
(allow staff_t cert_t (dir (getattr open search)))
(allow staff_t cert_t (file (ioctl read getattr lock open)))
(allow staff_t cert_t (dir (getattr open search)))
(allow staff_t cert_t (lnk_file (read getattr)))
(allow staff_t fonts_t (dir (watch)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t var_run_t (lnk_file (read getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_run_t (dir (getattr open search)))
(allow staff_t net_conf_t (dir (ioctl read getattr lock open search)))
(allow staff_t net_conf_t (file (ioctl read getattr lock open)))
(allow staff_t net_conf_t (lnk_file (read getattr)))
(allow staff_t init_t (system (status)))
(typemember staff_t user_home_dir_t dir user_home_dir_t)
(allow staff_t user_home_dir_t (lnk_file (read getattr)))
(allow staff_t user_home_t (file (entrypoint)))
(allow staff_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow staff_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow staff_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_home_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t user_home_t (dir (getattr open search)))
(allow staff_t user_home_dir_t (dir (getattr open search)))
(allow staff_t user_home_t (dir (getattr relabelfrom relabelto)))
(allow staff_t user_home_t (dir (getattr open search)))
(allow staff_t user_home_dir_t (dir (getattr open search)))
(allow staff_t user_home_t (file (getattr relabelfrom relabelto)))
(allow staff_t user_home_t (dir (getattr open search)))
(allow staff_t user_home_dir_t (dir (getattr open search)))
(allow staff_t user_home_t (lnk_file (getattr relabelfrom relabelto)))
(allow staff_t user_home_t (dir (getattr open search)))
(allow staff_t user_home_dir_t (dir (getattr open search)))
(allow staff_t user_home_t (sock_file (getattr relabelfrom relabelto)))
(allow staff_t user_home_t (dir (getattr open search)))
(allow staff_t user_home_dir_t (dir (getattr open search)))
(allow staff_t user_home_t (fifo_file (getattr relabelfrom relabelto)))
(allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition staff_t user_home_dir_t fifo_file user_home_t)
(typetransition staff_t user_home_dir_t sock_file user_home_t)
(typetransition staff_t user_home_dir_t lnk_file user_home_t)
(typetransition staff_t user_home_dir_t dir user_home_t)
(typetransition staff_t user_home_dir_t file user_home_t)
(allow staff_t home_root_t (dir (ioctl read getattr lock open search)))
(allow staff_t home_root_t (lnk_file (read getattr)))
(allow staff_t user_home_dir_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
(allow staff_t user_home_t (dir (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow staff_t user_home_dir_t (dir (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow staff_t user_home_t (file (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow staff_t user_home_t (lnk_file (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow staff_t user_home_t (sock_file (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow staff_t user_home_t (fifo_file (watch watch_mount watch_sb watch_with_perm watch_reads)))
(allow staff_t user_bin_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
(allow staff_t user_bin_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
(allow staff_t user_bin_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
(allow staff_t home_root_t (dir (getattr open search)))
(allow staff_t home_root_t (lnk_file (read getattr)))
(allow staff_t user_bin_t (dir (getattr open search)))
(allow staff_t user_bin_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow staff_t user_bin_t (dir (getattr open search)))
(allow staff_t user_bin_t (lnk_file (read getattr)))
(allow staff_t home_root_t (dir (getattr open search)))
(allow staff_t home_root_t (lnk_file (read getattr)))
(allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t home_root_t (dir (getattr open search)))
(allow staff_t home_root_t (lnk_file (read getattr)))
(allow staff_t user_cert_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_cert_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow staff_t user_cert_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_cert_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t user_cert_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_cert_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow staff_t home_root_t (dir (getattr open search)))
(allow staff_t home_root_t (lnk_file (read getattr)))
(allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t home_root_t (dir (getattr open search)))
(allow staff_t home_root_t (lnk_file (read getattr)))
(typemember staff_t tmp_t dir user_tmp_t)
(allow staff_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow staff_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmp_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow staff_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmp_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmp_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition staff_t tmp_t fifo_file user_tmp_t)
(typetransition staff_t tmp_t sock_file user_tmp_t)
(typetransition staff_t tmp_t lnk_file user_tmp_t)
(typetransition staff_t tmp_t dir user_tmp_t)
(typetransition staff_t tmp_t file user_tmp_t)
(allow staff_t user_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition staff_t user_runtime_t fifo_file user_tmp_t)
(typetransition staff_t user_runtime_t sock_file user_tmp_t)
(typetransition staff_t user_runtime_t lnk_file user_tmp_t)
(typetransition staff_t user_runtime_t dir user_tmp_t)
(typetransition staff_t user_runtime_t file user_tmp_t)
(allow staff_t user_runtime_root_t (dir (getattr open search)))
(allow staff_t var_run_t (lnk_file (read getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_run_t (dir (getattr open search)))
(allow staff_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmpfs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow staff_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmpfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow staff_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmpfs_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t user_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t user_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow user_tmpfs_t tmpfs_t (filesystem (associate)))
(allow staff_t tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition staff_t tmpfs_t fifo_file user_tmpfs_t)
(typetransition staff_t tmpfs_t sock_file user_tmpfs_t)
(typetransition staff_t tmpfs_t lnk_file user_tmpfs_t)
(typetransition staff_t tmpfs_t dir user_tmpfs_t)
(typetransition staff_t tmpfs_t file user_tmpfs_t)
(allow staff_t user_tmp_t (dir (getattr open search)))
(allow staff_t user_tmp_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow staff_t tmp_t (dir (getattr open search)))
(allow staff_t user_runtime_t (dir (getattr open search)))
(allow staff_t user_runtime_root_t (dir (getattr open search)))
(allow staff_t var_run_t (lnk_file (read getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_run_t (dir (getattr open search)))
(allow staff_t home_root_t (dir (getattr open search)))
(allow staff_t home_root_t (lnk_file (read getattr)))
(allow staff_t user_home_t (dir (getattr open search)))
(allow staff_t user_home_dir_t (dir (getattr open search)))
(allow staff_t user_home_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow staff_t user_tmpfs_t (file (map)))
(allow staff_t self (capability (chown fowner setgid)))
(dontaudit staff_t self (capability (fsetid sys_nice)))
(allow staff_t self (process (transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit)))
(dontaudit staff_t self (process (setrlimit)))
(dontaudit staff_t self (netlink_route_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
(allow staff_t self (context (contains)))
(dontaudit staff_t proc_t (file (ioctl read getattr lock open)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (file (ioctl read getattr lock open)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (lnk_file (read getattr)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (dir (ioctl read getattr lock open search)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow staff_t privfd (fd (use)))
(dontaudit staff_t entry_type (file (ioctl read getattr map execute open execute_no_trans)))
(dontaudit staff_t default_t (dir (ioctl read getattr lock open search)))
(dontaudit staff_t default_t (file (ioctl read getattr lock open)))
(allow staff_t lost_found_t (dir (getattr)))
(allow staff_t filesystem_type (filesystem (quotaget)))
(allow staff_t filesystem_type (filesystem (getattr)))
(allow staff_t file_type (filesystem (getattr)))
(allow staff_t filesystem_type (dir (getattr)))
(allow staff_t autofs_t (dir (getattr open search)))
(allow staff_t cgroup_types (dir (getattr open search)))
(allow staff_t cgroup_types (dir (ioctl read getattr lock open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t inotifyfs_t (dir (ioctl read getattr lock open search)))
(allow staff_t anon_inodefs_t (dir (getattr open search)))
(allow staff_t anon_inodefs_t (file (ioctl read write getattr lock append open)))
(dontaudit staff_t cgroup_types (file (ioctl read write getattr lock append open)))
(dontaudit staff_t wtmp_t (file (write)))
(dontaudit staff_t exec_type (file (execute execute_no_trans)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (dir (ioctl read getattr lock open search)))
(allow staff_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (dir (ioctl read getattr lock open search)))
(allow staff_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t chroot_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow staff_t self (capability (sys_chroot)))
(allow staff_t application_exec_type (file (ioctl read getattr lock map execute open execute_no_trans)))
(dontaudit staff_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
(dontaudit staff_t init_t (fd (use)))
(dontaudit staff_t initrc_t (fd (use)))
(allow staff_t lib_t (dir (watch)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t lib_t (dir (ioctl read getattr lock open search)))
(allow staff_t lib_t (dir (getattr open search)))
(allow staff_t lib_t (lnk_file (read getattr)))
(allow staff_t lib_t (dir (getattr open search)))
(allow staff_t lib_t (file (ioctl read getattr map execute open execute_no_trans)))
(dontaudit staff_t logfile (file (getattr)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t man_t (dir (ioctl read getattr lock open search)))
(allow staff_t man_cache_t (dir (ioctl read getattr lock open search)))
(allow staff_t man_t (dir (getattr open search)))
(allow staff_t man_cache_t (dir (getattr open search)))
(allow staff_t man_t (file (ioctl read getattr lock open)))
(allow staff_t man_cache_t (file (ioctl read getattr lock open)))
(allow staff_t man_t (dir (getattr open search)))
(allow staff_t man_cache_t (dir (getattr open search)))
(allow staff_t man_t (lnk_file (read getattr)))
(allow staff_t man_cache_t (lnk_file (read getattr)))
(allow staff_t man_cache_t (file (map)))
(allow staff_t public_content_t (dir (ioctl read getattr lock open search)))
(allow staff_t public_content_rw_t (dir (ioctl read getattr lock open search)))
(allow staff_t public_content_t (dir (getattr open search)))
(allow staff_t public_content_rw_t (dir (getattr open search)))
(allow staff_t public_content_t (file (ioctl read getattr lock open)))
(allow staff_t public_content_rw_t (file (ioctl read getattr lock open)))
(allow staff_t public_content_t (dir (getattr open search)))
(allow staff_t public_content_rw_t (dir (getattr open search)))
(allow staff_t public_content_t (lnk_file (read getattr)))
(allow staff_t public_content_rw_t (lnk_file (read getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_lib_t (dir (getattr open search)))
(allow staff_t tetex_data_t (dir (ioctl read getattr lock open search)))
(allow staff_t tetex_data_t (dir (getattr open search)))
(allow staff_t tetex_data_t (file (ioctl read getattr lock open)))
(allow staff_t tetex_data_t (dir (getattr open search)))
(allow staff_t tetex_data_t (lnk_file (read getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_lib_t (dir (getattr open search)))
(allow staff_t tetex_data_t (dir (ioctl read getattr lock open search)))
(allow staff_t tetex_data_t (dir (getattr open search)))
(allow staff_t tetex_data_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow staff_t selinux_config_t (dir (getattr open search)))
(allow staff_t selinux_config_t (file (ioctl read getattr lock open)))
(allow staff_t selinux_config_t (dir (getattr open search)))
(allow staff_t selinux_config_t (lnk_file (read getattr)))
(allow staff_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow staff_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow staff_t netlabel_peer_t (peer (recv)))
(allow staff_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow staff_t netlabel_peer_t (udp_socket (recvfrom)))
(allow staff_t netlabel_peer_t (rawip_socket (recvfrom)))
(allow staff_t netif_t (netif (ingress egress)))
(allow staff_t netif_t (netif (egress)))
(allow staff_t netif_t (netif (ingress)))
(allow staff_t node_t (node (recvfrom sendto)))
(allow staff_t node_t (node (sendto)))
(allow staff_t node_t (node (recvfrom)))
(allow staff_t port_type (tcp_socket (name_connect)))
(allow staff_t client_packet_type (packet (send)))
(allow staff_t client_packet_type (packet (recv)))
(allow staff_t self (association (sendto)))
(allow staff_t staff_t (association (recvfrom)))
(allow staff_t staff_t (association (recvfrom)))
(allow staff_t staff_t (peer (recv)))
(allow staff_t staff_t (peer (recv)))
(allow staff_t netlabel_peer_t (peer (recv)))
(allow staff_t netlabel_peer_t (peer (recv)))
(allow staff_t self (association (sendto)))
(allow staff_t staff_t (tcp_socket (recvfrom)))
(allow staff_t staff_t (association (recvfrom)))
(allow staff_t staff_t (tcp_socket (recvfrom)))
(allow staff_t staff_t (association (recvfrom)))
(allow staff_t staff_t (peer (recv)))
(allow staff_t staff_t (peer (recv)))
(allow staff_t netlabel_peer_t (peer (recv)))
(allow staff_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow staff_t netlabel_peer_t (peer (recv)))
(allow staff_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow staff_t self (association (sendto)))
(allow staff_t staff_t (udp_socket (recvfrom)))
(allow staff_t staff_t (association (recvfrom)))
(allow staff_t staff_t (peer (recv)))
(allow staff_t netlabel_peer_t (peer (recv)))
(allow staff_t netlabel_peer_t (udp_socket (recvfrom)))
(allow staff_t self (association (sendto)))
(allow staff_t staff_t (rawip_socket (recvfrom)))
(allow staff_t staff_t (association (recvfrom)))
(allow staff_t staff_t (peer (recv)))
(allow staff_t netlabel_peer_t (peer (recv)))
(allow staff_t netlabel_peer_t (rawip_socket (recvfrom)))
(dontaudit staff_t self (netlink_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(dontaudit staff_t self (netlink_route_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
(allow staff_t self (netlink_kobject_uevent_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow staff_t unpriv_userdomain (fd (use)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t proc_t (file (ioctl read getattr lock open)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t proc_t (lnk_file (read getattr)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t proc_t (dir (ioctl read getattr lock open search)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t proc_net_t (dir (getattr open search)))
(allow staff_t proc_net_t (file (ioctl read getattr lock open)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t proc_net_t (dir (getattr open search)))
(allow staff_t proc_net_t (lnk_file (read getattr)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t proc_net_t (dir (ioctl read getattr lock open search)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_net_t (dir (getattr open search)))
(allow staff_t sysctl_net_t (file (ioctl read getattr lock open)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_net_t (dir (ioctl read getattr lock open search)))
(allow staff_t kernel_t (system (ipc_info)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_dev_t (dir (getattr open search)))
(allow staff_t sysctl_dev_t (file (ioctl read getattr lock open)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t sysctl_t (dir (getattr open search)))
(allow staff_t sysctl_dev_t (dir (ioctl read getattr lock open search)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (dir (ioctl read getattr lock open search)))
(allow staff_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow staff_t node_t (udp_socket (node_bind)))
(allow staff_t port_t (udp_socket (name_bind)))
(dontaudit staff_t defined_port_type (udp_socket (name_bind)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t random_device_t (chr_file (ioctl read getattr lock open)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t sound_device_t (chr_file (ioctl write getattr lock append open)))
(allow staff_t sound_device_t (chr_file (map)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t sound_device_t (chr_file (ioctl read getattr lock open)))
(allow staff_t sound_device_t (chr_file (map)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t sound_device_t (chr_file (ioctl read getattr lock open)))
(allow staff_t sound_device_t (chr_file (map)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t sound_device_t (chr_file (ioctl write getattr lock append open)))
(allow staff_t sound_device_t (chr_file (map)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t wireless_device_t (chr_file (ioctl read getattr lock open)))
(allow staff_t etc_t (dir (ioctl read getattr lock open search)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t etc_t (lnk_file (read getattr)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t etc_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow staff_t var_lock_t (lnk_file (read getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_lock_t (dir (getattr open search)))
(allow staff_t mnt_t (dir (ioctl read getattr lock open search)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_t (file (ioctl read getattr lock open)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_t (lnk_file (read getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_spool_t (dir (ioctl read getattr lock open search)))
(allow staff_t var_spool_t (dir (getattr open search)))
(allow staff_t var_spool_t (file (ioctl read getattr lock open)))
(allow staff_t var_lib_t (dir (ioctl read getattr lock open search)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_lib_t (dir (getattr open search)))
(allow staff_t var_lib_t (file (ioctl read getattr lock open)))
(allow staff_t lost_found_t (dir (getattr)))
(allow staff_t etc_t (dir (watch)))
(allow staff_t usr_t (dir (watch)))
(allow staff_t cgroup_types (dir (getattr open search)))
(allow staff_t cgroup_types (file (ioctl read getattr lock open)))
(allow staff_t cgroup_types (dir (getattr open search)))
(allow staff_t cgroup_types (lnk_file (read getattr)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t security_t (filesystem (getattr)))
(allow staff_t sysfs_t (filesystem (getattr)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t proc_t (file (ioctl read getattr lock open)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t proc_t (lnk_file (read getattr)))
(allow staff_t proc_t (dir (getattr open search)))
(allow staff_t proc_t (dir (ioctl read getattr lock open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t security_t (dir (ioctl read getattr lock open search)))
(allow staff_t security_t (file (ioctl read write getattr map open)))
(allow staff_t security_t (security (check_context)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow staff_t security_t (dir (ioctl read getattr lock open search)))
(allow staff_t security_t (file (ioctl read write getattr map open)))
(allow staff_t security_t (security (compute_av)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t security_t (dir (ioctl read getattr lock open search)))
(allow staff_t security_t (file (ioctl read write getattr map open)))
(allow staff_t security_t (security (compute_create)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t security_t (dir (ioctl read getattr lock open search)))
(allow staff_t security_t (file (ioctl read write getattr map open)))
(allow staff_t security_t (security (compute_relabel)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t sysfs_t (dir (getattr open search)))
(allow staff_t security_t (dir (ioctl read getattr lock open search)))
(allow staff_t security_t (file (ioctl read write getattr map open)))
(allow staff_t security_t (security (compute_user)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t device_t (dir (ioctl read getattr lock open search)))
(allow staff_t device_t (dir (getattr open search)))
(allow staff_t device_t (lnk_file (read getattr)))
(allow staff_t fixed_disk_device_t (blk_file (getattr)))
(allow staff_t fixed_disk_device_t (chr_file (getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_log_t (dir (getattr open search)))
(allow staff_t var_log_t (lnk_file (read getattr)))
(allow staff_t wtmp_t (file (ioctl read getattr lock open)))
(allow staff_t var_run_t (lnk_file (read getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_run_t (dir (getattr open search)))
(allow staff_t pam_var_console_t (dir (getattr open search)))
(allow staff_t pam_exec_t (file (ioctl read getattr map execute open)))
(allow staff_t pam_t (process (transition)))
(dontaudit staff_t pam_t (process (noatsecure siginh rlimitinh)))
(typetransition staff_t pam_exec_t process pam_t)
(allow pam_t staff_t (fd (use)))
(allow pam_t staff_t (fifo_file (ioctl read write getattr lock append)))
(allow pam_t staff_t (process (sigchld)))
(allow staff_t utempter_exec_t (file (ioctl read getattr map execute open)))
(allow staff_t utempter_t (process (transition)))
(dontaudit staff_t utempter_t (process (noatsecure siginh rlimitinh)))
(typetransition staff_t utempter_exec_t process utempter_t)
(allow utempter_t staff_t (fd (use)))
(allow utempter_t staff_t (fifo_file (ioctl read write getattr lock append)))
(allow utempter_t staff_t (process (sigchld)))
(allow staff_t var_run_t (lnk_file (read getattr)))
(allow staff_t var_t (dir (getattr open search)))
(allow staff_t var_run_t (dir (ioctl read getattr lock open search)))
(allow staff_t initrc_runtime_t (file (ioctl read getattr lock open)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t selinux_config_t (dir (getattr open search)))
(allow staff_t default_context_t (dir (getattr open search)))
(allow staff_t file_context_t (dir (getattr open search)))
(allow staff_t file_context_t (file (ioctl read getattr lock open)))
(allow staff_t file_context_t (file (map)))
(allow staff_t etc_t (dir (getattr open search)))
(allow staff_t selinux_config_t (dir (getattr open search)))
(allow staff_t default_context_t (dir (ioctl read getattr lock open search)))
(allow staff_t default_context_t (dir (getattr open search)))
(allow staff_t default_context_t (file (ioctl read getattr lock open)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t newrole_exec_t (file (ioctl read getattr map execute open)))
(allow staff_t newrole_t (process (transition)))
(dontaudit staff_t newrole_t (process (noatsecure siginh rlimitinh)))
(typetransition staff_t newrole_exec_t process newrole_t)
(allow newrole_t staff_t (fd (use)))
(allow newrole_t staff_t (fifo_file (ioctl read write getattr lock append)))
(allow newrole_t staff_t (process (sigchld)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t checkpolicy_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t bin_t (dir (getattr open search)))
(allow staff_t bin_t (lnk_file (read getattr)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t setfiles_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(dontaudit staff_t newrole_t (process (signal)))
(dontaudit staff_t domain (process (getsched)))
(dontaudit staff_t reserved_port_type (tcp_socket (name_bind)))
(allow staff_t xserver_port_t (tcp_socket (name_bind)))
(allow staff_t self (capability (net_bind_service)))
(allow staff_t usr_t (dir (ioctl read getattr lock open search)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t usr_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow staff_t usr_t (dir (getattr open search)))
(allow staff_t usr_t (lnk_file (read getattr)))
(allow staff_t public_content_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t public_content_rw_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow staff_t public_content_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t public_content_rw_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow staff_t public_content_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow staff_t public_content_rw_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow staff_t public_content_rw_t (dir (watch)))
(allow staff_t unlabeled_t (infiniband_pkey (access)))
(roleallow system_r staff_r)
(typetransition staff_t user_home_dir_t dir ".pki" user_cert_t)
(typetransition staff_t user_home_dir_t dir "bin" user_bin_t)
(booleanif (user_udp_server)
    (true
        (dontaudit staff_t defined_port_type (udp_socket (name_bind)))
        (allow staff_t port_t (udp_socket (name_bind)))
        (allow staff_t node_t (udp_socket (node_bind)))
    )
)
(booleanif (user_tcp_server)
    (true
        (dontaudit staff_t defined_port_type (tcp_socket (name_bind)))
        (allow staff_t port_t (tcp_socket (name_bind)))
        (allow staff_t node_t (tcp_socket (node_bind)))
    )
)
(booleanif (user_exec_noexattrfile)
    (true
        (allow staff_t noxattrfs (file (ioctl read getattr lock map execute open execute_no_trans)))
    )
)
(booleanif (user_dmesg)
    (true
        (allow staff_t kernel_t (system (syslog_read)))
        (allow staff_t self (capability2 (syslog)))
    )
    (false
        (dontaudit staff_t kernel_t (system (syslog_read)))
    )
)
(booleanif (user_ttyfile_stat)
    (true
        (allow staff_t ttynode (chr_file (getattr)))
        (allow staff_t device_t (lnk_file (read getattr)))
        (allow staff_t device_t (dir (getattr open search)))
        (allow staff_t device_t (dir (ioctl read getattr lock open search)))
        (allow staff_t device_t (dir (getattr open search)))
    )
)
(booleanif (user_rw_noexattrfile)
    (true
        (allow staff_t noxattrfs (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
        (allow staff_t noxattrfs (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t noxattrfs (dir (ioctl read getattr lock open search)))
        (allow staff_t noxattrfs (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow staff_t noxattrfs (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t noxattrfs (dir (ioctl read getattr lock open search)))
        (allow staff_t noxattrfs (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
    )
    (false
        (allow staff_t noxattrfs (lnk_file (read getattr)))
        (allow staff_t noxattrfs (dir (getattr open search)))
        (allow staff_t noxattrfs (dir (ioctl read getattr lock open search)))
        (allow staff_t noxattrfs (file (ioctl read getattr lock open)))
        (allow staff_t noxattrfs (dir (getattr open search)))
        (allow staff_t noxattrfs (dir (ioctl read getattr lock open search)))
    )
)
(booleanif (user_direct_mouse)
    (true
        (allow staff_t mouse_device_t (chr_file (ioctl read getattr lock open)))
        (allow staff_t device_t (dir (getattr open search)))
    )
)
(booleanif (user_write_removable)
    (true
        (allow staff_t removable_device_t (blk_file (ioctl write getattr lock append open)))
        (allow staff_t device_t (lnk_file (read getattr)))
        (allow staff_t device_t (dir (getattr open search)))
        (allow staff_t device_t (dir (ioctl read getattr lock open search)))
        (allow staff_t device_t (dir (getattr open search)))
        (allow staff_t removable_device_t (blk_file (ioctl read getattr lock open)))
        (allow staff_t device_t (lnk_file (read getattr)))
        (allow staff_t device_t (dir (getattr open search)))
        (allow staff_t device_t (dir (ioctl read getattr lock open search)))
        (allow staff_t device_t (dir (getattr open search)))
        (allow staff_t usb_device_t (chr_file (ioctl read write getattr lock append open)))
        (allow staff_t device_t (dir (getattr open search)))
    )
    (false
        (allow staff_t removable_device_t (blk_file (ioctl read getattr lock open)))
        (allow staff_t device_t (lnk_file (read getattr)))
        (allow staff_t device_t (dir (getattr open search)))
        (allow staff_t device_t (dir (ioctl read getattr lock open search)))
        (allow staff_t device_t (dir (getattr open search)))
        (allow staff_t usb_device_t (chr_file (ioctl read getattr lock open)))
        (allow staff_t device_t (dir (getattr open search)))
    )
)
(booleanif (use_samba_home_dirs)
    (true
        (allow staff_t cifs_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow staff_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t cifs_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow staff_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t cifs_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
        (allow staff_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow staff_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t cifs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
        (allow staff_t cifs_t (file (ioctl read getattr map execute open execute_no_trans)))
        (allow staff_t cifs_t (dir (getattr open search)))
        (allow staff_t cifs_t (dir (ioctl read getattr lock open search)))
    )
    (false
        (dontaudit staff_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (dontaudit staff_t cifs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
    )
)
(booleanif (use_nfs_home_dirs)
    (true
        (allow staff_t nfs_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow staff_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t nfs_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow staff_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t nfs_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
        (allow staff_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow staff_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow staff_t nfs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
        (allow staff_t nfs_t (file (ioctl read getattr map execute open execute_no_trans)))
        (allow staff_t nfs_t (dir (getattr open search)))
        (allow staff_t nfs_t (dir (ioctl read getattr lock open search)))
    )
    (false
        (dontaudit staff_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (dontaudit staff_t nfs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
    )
)
(booleanif (user_all_users_send_syslog)
    (true
        (dontaudit staff_t console_device_t (chr_file (ioctl read getattr lock open)))
        (allow staff_t console_device_t (chr_file (ioctl write getattr lock append open)))
        (allow staff_t device_t (lnk_file (read getattr)))
        (allow staff_t device_t (dir (getattr open search)))
        (allow staff_t device_t (dir (ioctl read getattr lock open search)))
        (allow staff_t device_t (dir (getattr open search)))
        (allow staff_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
        (allow staff_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
        (allow staff_t syslogd_t (unix_stream_socket (connectto)))
        (allow staff_t syslogd_t (unix_dgram_socket (sendto)))
        (allow staff_t syslogd_runtime_t (dir (getattr open search)))
        (allow staff_t init_runtime_t (dir (getattr open search)))
        (allow staff_t var_run_t (dir (getattr open search)))
        (allow staff_t var_t (dir (getattr open search)))
        (allow staff_t var_run_t (lnk_file (read getattr)))
        (allow staff_t devlog_t (sock_file (write getattr append open)))
    )
)
(booleanif (and (allow_execmem) (allow_execstack))
    (true
        (allow staff_t self (process (execstack)))
    )
)
(booleanif (allow_execmem)
    (true
        (allow staff_t self (process (execmem)))
    )
)
(booleanif (console_login)
    (true
        (typechange staff_t console_device_t chr_file user_tty_device_t)
    )
)
(optional staff_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow staff_t init_t (process (sigchld)))
    (allow staff_t init_t (process (signull)))
    (optional staff_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow staff_t rpm_t (fd (use)))
        (allow staff_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional staff_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit staff_t security_t (filesystem (getattr)))
        (dontaudit staff_t sysfs_t (filesystem (getattr)))
        (dontaudit staff_t sysfs_t (dir (getattr open search)))
        (dontaudit staff_t security_t (dir (getattr open search)))
        (dontaudit staff_t security_t (file (ioctl read getattr lock open)))
        (optional staff_optional_5
            (typeattributeset cil_gen_require selinux_config_t)
            (dontaudit staff_t selinux_config_t (dir (getattr open search)))
            (dontaudit staff_t selinux_config_t (file (ioctl read getattr lock open)))
            (optional staff_optional_6
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require apt_var_cache_t)
                (typeattributeset cil_gen_require apt_var_lib_t)
                (typeattributeset cil_gen_require var_lib_t)
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t apt_var_cache_t (dir (ioctl read getattr lock open search)))
                (allow staff_t apt_var_cache_t (file (ioctl read getattr map open)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_lib_t (dir (getattr open search)))
                (allow staff_t apt_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow staff_t apt_var_lib_t (dir (getattr open search)))
                (allow staff_t apt_var_lib_t (file (ioctl read getattr lock open)))
                (allow staff_t apt_var_lib_t (dir (getattr open search)))
                (allow staff_t apt_var_lib_t (lnk_file (read getattr)))
            )
            (optional staff_optional_7
                (typeattributeset cil_gen_require devicekit_disk_t)
                (typeattributeset cil_gen_require devicekit_power_t)
                (allow staff_t devicekit_disk_t (dbus (send_msg)))
                (allow devicekit_disk_t staff_t (dbus (send_msg)))
                (allow staff_t devicekit_power_t (dbus (send_msg)))
                (allow devicekit_power_t staff_t (dbus (send_msg)))
            )
            (optional staff_optional_8
                (typeattributeset cil_gen_require kerneloops_t)
                (allow staff_t kerneloops_t (dbus (send_msg)))
                (allow kerneloops_t staff_t (dbus (send_msg)))
            )
            (optional staff_optional_9
                (typeattributeset cil_gen_require flash_home_t)
                (allow staff_t flash_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t flash_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t flash_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t flash_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t flash_home_t (dir (getattr open search)))
                (allow staff_t flash_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t flash_home_t (dir (getattr open search)))
                (allow staff_t flash_home_t (dir (getattr relabelfrom relabelto)))
            )
            (optional staff_optional_10
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require xdg_data_t)
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_data_t (dir (create getattr)))
                (typetransition staff_t xdg_data_t dir "bin" user_bin_t)
            )
            (optional staff_optional_11
                (roleattributeset cil_gen_require chfn_roles)
                (roleattributeset cil_gen_require passwd_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require chfn_t)
                (typeattributeset cil_gen_require chfn_exec_t)
                (typeattributeset cil_gen_require passwd_t)
                (typeattributeset cil_gen_require passwd_exec_t)
                (roleattributeset cil_gen_require chfn_roles)
                (roleattributeset chfn_roles (staff_r ))
                (roleattributeset cil_gen_require passwd_roles)
                (roleattributeset passwd_roles (staff_r ))
                (allow staff_t bin_t (dir (getattr open search)))
                (allow staff_t bin_t (lnk_file (read getattr)))
                (allow staff_t usr_t (dir (getattr open search)))
                (allow staff_t chfn_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t chfn_t (process (transition)))
                (dontaudit staff_t chfn_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t chfn_exec_t process chfn_t)
                (allow chfn_t staff_t (fd (use)))
                (allow chfn_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow chfn_t staff_t (process (sigchld)))
                (dontaudit chfn_t staff_t (tcp_socket (read write)))
                (dontaudit chfn_t staff_t (udp_socket (read write)))
                (dontaudit chfn_t staff_t (rawip_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_socket (read write)))
                (dontaudit chfn_t staff_t (packet_socket (read write)))
                (dontaudit chfn_t staff_t (unix_stream_socket (read write)))
                (dontaudit chfn_t staff_t (unix_dgram_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_route_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_tcpdiag_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_nflog_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_xfrm_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_selinux_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_audit_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_dnrt_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_kobject_uevent_socket (read write)))
                (dontaudit chfn_t staff_t (appletalk_socket (read write)))
                (dontaudit chfn_t staff_t (tun_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_iscsi_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_fib_lookup_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_connector_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_netfilter_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_generic_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_scsitransport_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_rdma_socket (read write)))
                (dontaudit chfn_t staff_t (netlink_crypto_socket (read write)))
                (dontaudit chfn_t staff_t (sctp_socket (read write)))
                (dontaudit chfn_t staff_t (icmp_socket (read write)))
                (dontaudit chfn_t staff_t (ax25_socket (read write)))
                (dontaudit chfn_t staff_t (ipx_socket (read write)))
                (dontaudit chfn_t staff_t (netrom_socket (read write)))
                (dontaudit chfn_t staff_t (atmpvc_socket (read write)))
                (dontaudit chfn_t staff_t (x25_socket (read write)))
                (dontaudit chfn_t staff_t (rose_socket (read write)))
                (dontaudit chfn_t staff_t (decnet_socket (read write)))
                (dontaudit chfn_t staff_t (atmsvc_socket (read write)))
                (dontaudit chfn_t staff_t (rds_socket (read write)))
                (dontaudit chfn_t staff_t (irda_socket (read write)))
                (dontaudit chfn_t staff_t (pppox_socket (read write)))
                (dontaudit chfn_t staff_t (llc_socket (read write)))
                (dontaudit chfn_t staff_t (can_socket (read write)))
                (dontaudit chfn_t staff_t (tipc_socket (read write)))
                (dontaudit chfn_t staff_t (bluetooth_socket (read write)))
                (dontaudit chfn_t staff_t (iucv_socket (read write)))
                (dontaudit chfn_t staff_t (rxrpc_socket (read write)))
                (dontaudit chfn_t staff_t (isdn_socket (read write)))
                (dontaudit chfn_t staff_t (phonet_socket (read write)))
                (dontaudit chfn_t staff_t (ieee802154_socket (read write)))
                (dontaudit chfn_t staff_t (caif_socket (read write)))
                (dontaudit chfn_t staff_t (alg_socket (read write)))
                (dontaudit chfn_t staff_t (nfc_socket (read write)))
                (dontaudit chfn_t staff_t (vsock_socket (read write)))
                (dontaudit chfn_t staff_t (kcm_socket (read write)))
                (dontaudit chfn_t staff_t (qipcrtr_socket (read write)))
                (dontaudit chfn_t staff_t (smc_socket (read write)))
                (dontaudit chfn_t staff_t (xdp_socket (read write)))
                (allow staff_t bin_t (dir (getattr open search)))
                (allow staff_t bin_t (lnk_file (read getattr)))
                (allow staff_t usr_t (dir (getattr open search)))
                (allow staff_t passwd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t passwd_t (process (transition)))
                (dontaudit staff_t passwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t passwd_exec_t process passwd_t)
                (allow passwd_t staff_t (fd (use)))
                (allow passwd_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow passwd_t staff_t (process (sigchld)))
                (dontaudit passwd_t staff_t (tcp_socket (read write)))
                (dontaudit passwd_t staff_t (udp_socket (read write)))
                (dontaudit passwd_t staff_t (rawip_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_socket (read write)))
                (dontaudit passwd_t staff_t (packet_socket (read write)))
                (dontaudit passwd_t staff_t (unix_stream_socket (read write)))
                (dontaudit passwd_t staff_t (unix_dgram_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_route_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_tcpdiag_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_nflog_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_xfrm_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_selinux_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_audit_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_dnrt_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_kobject_uevent_socket (read write)))
                (dontaudit passwd_t staff_t (appletalk_socket (read write)))
                (dontaudit passwd_t staff_t (tun_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_iscsi_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_fib_lookup_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_connector_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_netfilter_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_generic_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_scsitransport_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_rdma_socket (read write)))
                (dontaudit passwd_t staff_t (netlink_crypto_socket (read write)))
                (dontaudit passwd_t staff_t (sctp_socket (read write)))
                (dontaudit passwd_t staff_t (icmp_socket (read write)))
                (dontaudit passwd_t staff_t (ax25_socket (read write)))
                (dontaudit passwd_t staff_t (ipx_socket (read write)))
                (dontaudit passwd_t staff_t (netrom_socket (read write)))
                (dontaudit passwd_t staff_t (atmpvc_socket (read write)))
                (dontaudit passwd_t staff_t (x25_socket (read write)))
                (dontaudit passwd_t staff_t (rose_socket (read write)))
                (dontaudit passwd_t staff_t (decnet_socket (read write)))
                (dontaudit passwd_t staff_t (atmsvc_socket (read write)))
                (dontaudit passwd_t staff_t (rds_socket (read write)))
                (dontaudit passwd_t staff_t (irda_socket (read write)))
                (dontaudit passwd_t staff_t (pppox_socket (read write)))
                (dontaudit passwd_t staff_t (llc_socket (read write)))
                (dontaudit passwd_t staff_t (can_socket (read write)))
                (dontaudit passwd_t staff_t (tipc_socket (read write)))
                (dontaudit passwd_t staff_t (bluetooth_socket (read write)))
                (dontaudit passwd_t staff_t (iucv_socket (read write)))
                (dontaudit passwd_t staff_t (rxrpc_socket (read write)))
                (dontaudit passwd_t staff_t (isdn_socket (read write)))
                (dontaudit passwd_t staff_t (phonet_socket (read write)))
                (dontaudit passwd_t staff_t (ieee802154_socket (read write)))
                (dontaudit passwd_t staff_t (caif_socket (read write)))
                (dontaudit passwd_t staff_t (alg_socket (read write)))
                (dontaudit passwd_t staff_t (nfc_socket (read write)))
                (dontaudit passwd_t staff_t (vsock_socket (read write)))
                (dontaudit passwd_t staff_t (kcm_socket (read write)))
                (dontaudit passwd_t staff_t (qipcrtr_socket (read write)))
                (dontaudit passwd_t staff_t (smc_socket (read write)))
                (dontaudit passwd_t staff_t (xdp_socket (read write)))
            )
            (optional staff_optional_12
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require cupsd_etc_t)
                (typeattributeset cil_gen_require cupsd_rw_etc_t)
                (typeattributeset cil_gen_require cupsd_t)
                (typeattributeset cil_gen_require cupsd_runtime_t)
                (allow staff_t etc_t (dir (getattr open search)))
                (allow staff_t cupsd_etc_t (dir (getattr open search)))
                (allow staff_t cupsd_rw_etc_t (dir (getattr open search)))
                (allow staff_t cupsd_etc_t (file (ioctl read getattr lock open)))
                (allow staff_t cupsd_rw_etc_t (file (ioctl read getattr lock open)))
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t cupsd_runtime_t (sock_file (read getattr open)))
                (allow staff_t cupsd_runtime_t (dir (getattr open search)))
                (allow staff_t cupsd_runtime_t (sock_file (write getattr append open)))
                (allow staff_t cupsd_t (unix_stream_socket (connectto)))
            )
            (optional staff_optional_13
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require selinux_config_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require krb5kdc_conf_t)
                (typeattributeset cil_gen_require krb5_host_rcache_t)
                (typeattributeset cil_gen_require krb5_conf_t)
                (typeattributeset cil_gen_require krb5_home_t)
                (typeattributeset cil_gen_require default_context_t)
                (typeattributeset cil_gen_require file_context_t)
                (typeattributeset cil_gen_require netlabel_peer_t)
                (typeattributeset cil_gen_require netif_t)
                (typeattributeset cil_gen_require node_t)
                (typeattributeset cil_gen_require kerberos_client_packet_t)
                (typeattributeset cil_gen_require kerberos_port_t)
                (typeattributeset cil_gen_require ocsp_client_packet_t)
                (typeattributeset cil_gen_require ocsp_port_t)
                (allow staff_t etc_t (dir (getattr open search)))
                (allow staff_t krb5_conf_t (file (ioctl read getattr lock open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t krb5_home_t (file (ioctl read getattr lock open)))
                (dontaudit staff_t krb5_conf_t (file (ioctl write getattr lock append open)))
                (dontaudit staff_t krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                (dontaudit staff_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                (dontaudit staff_t self (process (setfscreate)))
                (dontaudit staff_t security_t (dir (ioctl read getattr lock open search)))
                (dontaudit staff_t security_t (file (ioctl read write getattr map open)))
                (dontaudit staff_t security_t (security (check_context)))
                (dontaudit staff_t selinux_config_t (dir (getattr open search)))
                (dontaudit staff_t default_context_t (dir (getattr open search)))
                (dontaudit staff_t file_context_t (dir (getattr open search)))
                (dontaudit staff_t file_context_t (file (ioctl read getattr lock open)))
                (dontaudit staff_t file_context_t (file (map)))
                (booleanif (allow_kerberos)
                    (true
                        (allow staff_t krb5_host_rcache_t (file (getattr)))
                        (allow staff_t ocsp_port_t (tcp_socket (name_connect)))
                        (allow staff_t ocsp_client_packet_t (packet (recv)))
                        (allow staff_t ocsp_client_packet_t (packet (send)))
                        (allow staff_t kerberos_port_t (tcp_socket (name_connect)))
                        (allow staff_t kerberos_client_packet_t (packet (recv)))
                        (allow staff_t kerberos_client_packet_t (packet (send)))
                        (allow staff_t node_t (node (recvfrom)))
                        (allow staff_t node_t (node (sendto)))
                        (allow staff_t node_t (node (recvfrom sendto)))
                        (allow staff_t netif_t (netif (ingress)))
                        (allow staff_t netif_t (netif (egress)))
                        (allow staff_t netif_t (netif (ingress egress)))
                        (allow staff_t netlabel_peer_t (tcp_socket (recvfrom)))
                        (allow staff_t netlabel_peer_t (udp_socket (recvfrom)))
                        (allow staff_t netlabel_peer_t (rawip_socket (recvfrom)))
                        (allow staff_t netlabel_peer_t (peer (recv)))
                        (allow staff_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                        (allow staff_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                    )
                )
                (optional staff_optional_14
                    (typeattributeset cil_gen_require var_run_t)
                    (typeattributeset cil_gen_require var_t)
                    (typeattributeset cil_gen_require pcscd_t)
                    (typeattributeset cil_gen_require pcscd_runtime_t)
                    (booleanif (allow_kerberos)
                        (true
                            (allow pcscd_t staff_t (file (ioctl read getattr lock open)))
                            (allow pcscd_t staff_t (dir (ioctl read getattr lock open search)))
                            (allow staff_t pcscd_t (unix_stream_socket (connectto)))
                            (allow staff_t pcscd_runtime_t (sock_file (write getattr append open)))
                            (allow staff_t pcscd_runtime_t (dir (getattr open search)))
                            (allow staff_t var_run_t (dir (getattr open search)))
                            (allow staff_t var_t (dir (getattr open search)))
                            (allow staff_t var_run_t (lnk_file (read getattr)))
                        )
                    )
                )
                (optional staff_optional_15
                    (typeattributeset cil_gen_require var_t)
                    (typeattributeset cil_gen_require var_lib_t)
                    (typeattributeset cil_gen_require sssd_public_t)
                    (typeattributeset cil_gen_require sssd_var_lib_t)
                    (allow staff_t sssd_var_lib_t (dir (getattr open search)))
                    (allow staff_t var_t (dir (getattr open search)))
                    (allow staff_t var_lib_t (dir (getattr open search)))
                    (allow staff_t sssd_public_t (dir (ioctl read getattr lock open search)))
                    (allow staff_t sssd_public_t (dir (getattr open search)))
                    (allow staff_t sssd_public_t (file (ioctl read getattr lock open)))
                )
            )
            (optional staff_optional_16
                (typeattributeset cil_gen_require mail_spool_t)
                (dontaudit staff_t mail_spool_t (lnk_file (read)))
            )
            (optional staff_optional_17
                (typeattributeset cil_gen_require quota_db_t)
                (dontaudit staff_t quota_db_t (file (getattr)))
            )
            (optional staff_optional_18
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require rpm_var_lib_t)
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_lib_t (dir (getattr open search)))
                (allow staff_t rpm_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow staff_t rpm_var_lib_t (dir (getattr open search)))
                (allow staff_t rpm_var_lib_t (file (ioctl read getattr lock open)))
                (allow staff_t rpm_var_lib_t (dir (getattr open search)))
                (allow staff_t rpm_var_lib_t (lnk_file (read getattr)))
                (allow staff_t rpm_var_lib_t (file (map)))
                (dontaudit staff_t rpm_var_lib_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (dontaudit staff_t rpm_var_lib_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (dontaudit staff_t rpm_var_lib_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (dontaudit staff_t rpm_var_lib_t (file (map)))
            )
            (optional staff_optional_19
                (roleattributeset cil_gen_require loadkeys_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require loadkeys_t)
                (typeattributeset cil_gen_require loadkeys_exec_t)
                (roleattributeset cil_gen_require loadkeys_roles)
                (roleattributeset loadkeys_roles (staff_r ))
                (allow staff_t bin_t (dir (getattr open search)))
                (allow staff_t bin_t (lnk_file (read getattr)))
                (allow staff_t usr_t (dir (getattr open search)))
                (allow staff_t loadkeys_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t loadkeys_t (process (transition)))
                (dontaudit staff_t loadkeys_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t loadkeys_exec_t process loadkeys_t)
                (allow loadkeys_t staff_t (fd (use)))
                (allow loadkeys_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow loadkeys_t staff_t (process (sigchld)))
            )
            (optional staff_optional_20
                (typeattributeset cil_gen_require netlabel_peer_t)
                (typeattributeset cil_gen_require daemon)
                (allow staff_t self (association (sendto)))
                (allow daemon self (association (sendto)))
                (allow staff_t daemon (tcp_socket (recvfrom)))
                (allow staff_t daemon (association (recvfrom)))
                (allow daemon staff_t (tcp_socket (recvfrom)))
                (allow daemon staff_t (association (recvfrom)))
                (allow staff_t daemon (peer (recv)))
                (allow daemon staff_t (peer (recv)))
                (allow staff_t netlabel_peer_t (peer (recv)))
                (allow staff_t netlabel_peer_t (tcp_socket (recvfrom)))
                (allow daemon netlabel_peer_t (peer (recv)))
                (allow daemon netlabel_peer_t (tcp_socket (recvfrom)))
                (allow daemon self (association (sendto)))
                (allow staff_t daemon (udp_socket (recvfrom)))
                (allow staff_t daemon (association (recvfrom)))
                (allow staff_t daemon (peer (recv)))
                (allow staff_t netlabel_peer_t (peer (recv)))
                (allow staff_t netlabel_peer_t (udp_socket (recvfrom)))
            )
            (optional staff_optional_21
                (typeattributeset cil_gen_require ipsec_spd_t)
                (allow staff_t ipsec_spd_t (association (polmatch)))
                (allow staff_t self (association (sendto)))
            )
            (optional staff_optional_22
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require alsa_home_t)
                (typeattributeset cil_gen_require alsa_etc_t)
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t alsa_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t etc_t (dir (getattr open search)))
                (allow staff_t alsa_etc_t (dir (ioctl read getattr lock open search)))
                (allow staff_t alsa_etc_t (dir (getattr open search)))
                (allow staff_t alsa_etc_t (file (ioctl read getattr lock open)))
                (allow staff_t alsa_etc_t (dir (getattr open search)))
                (allow staff_t alsa_etc_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t alsa_home_t (file (getattr relabelfrom relabelto)))
                (typetransition staff_t user_home_dir_t file ".asoundrc" alsa_home_t)
            )
            (optional staff_optional_23
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require acpid_t)
                (typeattributeset cil_gen_require acpid_runtime_t)
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t acpid_runtime_t (dir (getattr open search)))
                (allow staff_t acpid_runtime_t (sock_file (write getattr append open)))
                (allow staff_t acpid_t (unix_stream_socket (connectto)))
            )
            (optional staff_optional_24
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require canna_t)
                (typeattributeset cil_gen_require canna_runtime_t)
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t canna_runtime_t (dir (getattr open search)))
                (allow staff_t canna_runtime_t (sock_file (write getattr append open)))
                (allow staff_t canna_t (unix_stream_socket (connectto)))
            )
            (optional staff_optional_25
                (type staff_cockpit_tmpfs_t)
                (roletype object_r staff_cockpit_tmpfs_t)
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require etc_runtime_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require user_tmpfs_t)
                (typeattributeset cil_gen_require tmpfs_t)
                (typeattributeset cil_gen_require default_t)
                (typeattributeset cil_gen_require initrc_runtime_t)
                (typeattributeset cil_gen_require tmpfsfile)
                (typeattributeset cil_gen_require root_t)
                (typeattributeset cil_gen_require cockpit_ws_t)
                (typeattributeset cil_gen_require systemd_logind_runtime_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (staff_cockpit_tmpfs_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (staff_cockpit_tmpfs_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (staff_cockpit_tmpfs_t ))
                (typeattributeset cil_gen_require tmpfsfile)
                (typeattributeset tmpfsfile (staff_cockpit_tmpfs_t ))
                (allow staff_t device_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition staff_t device_t file staff_cockpit_tmpfs_t)
                (allow staff_cockpit_tmpfs_t device_t (filesystem (associate)))
                (allow staff_cockpit_tmpfs_t tmpfs_t (filesystem (associate)))
                (allow staff_cockpit_tmpfs_t tmp_t (filesystem (associate)))
                (allow staff_t staff_cockpit_tmpfs_t (file (ioctl read write create getattr setattr lock append map unlink link rename execute open)))
                (dontaudit staff_t device_t (file (execute)))
                (dontaudit staff_t default_t (file (execute)))
                (dontaudit staff_t etc_runtime_t (file (execute)))
                (dontaudit staff_t var_run_t (file (execute)))
                (allow staff_t etc_t (file (watch)))
                (allow staff_t root_t (dir (watch)))
                (allow staff_t var_t (dir (watch)))
                (allow staff_t var_lib_t (dir (watch)))
                (allow staff_t cockpit_ws_t (fd (use)))
                (allow staff_t cockpit_ws_t (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_t initrc_runtime_t (file (watch)))
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t systemd_logind_runtime_t (dir (watch)))
                (dontaudit staff_t user_tmpfs_t (file (execute)))
            )
            (optional staff_optional_26
                (type staff_dbusd_t)
                (roletype object_r staff_dbusd_t)
                (type staff_dbusd_tmpfs_t)
                (roletype object_r staff_dbusd_tmpfs_t)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_t ))
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require sysfs_t)
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_t ))
                (typeattributeset cil_gen_require proc_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require etc_runtime_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmpfs_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_t ))
                (typeattributeset cil_gen_require tmpfsfile)
                (typeattributeset cil_gen_require session_bus_type)
                (typeattributeset cil_gen_require system_dbusd_t)
                (typeattributeset cil_gen_require dbusd_exec_t)
                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                (typeattributeset cil_gen_require session_dbusd_home_t)
                (typeattributeset cil_gen_require session_dbusd_runtime_t)
                (typeattributeset cil_gen_require dbusd_system_bus_client)
                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                (typeattributeset cil_gen_require dbusd_etc_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r staff_dbusd_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (dbusd_exec_t staff_dbusd_tmpfs_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (dbusd_exec_t staff_dbusd_tmpfs_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_dbusd_t ))
                (typeattributeset cil_gen_require dbusd_system_bus_client)
                (typeattributeset dbusd_system_bus_client (staff_t ))
                (typeattributeset cil_gen_require session_bus_type)
                (typeattributeset session_bus_type (staff_dbusd_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_dbusd_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (dbusd_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_dbusd_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (dbusd_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (dbusd_exec_t staff_dbusd_tmpfs_t ))
                (typeattributeset cil_gen_require tmpfsfile)
                (typeattributeset tmpfsfile (staff_dbusd_tmpfs_t ))
                (allow staff_dbusd_t dbusd_exec_t (file (entrypoint)))
                (allow staff_dbusd_t dbusd_exec_t (file (ioctl read getattr lock map execute open)))
                (allow staff_t staff_dbusd_t (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
                (allow staff_t staff_dbusd_t (dbus (send_msg acquire_svc)))
                (allow staff_t staff_dbusd_t (fd (use)))
                (dontaudit staff_dbusd_t self (process (getcap)))
                (dontaudit staff_dbusd_t self (cap_userns (sys_ptrace)))
                (allow staff_t system_dbusd_t (dbus (send_msg acquire_svc)))
                (dontaudit staff_t staff_dbusd_t (netlink_selinux_socket (read write)))
                (allow staff_t session_dbusd_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t session_dbusd_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t session_dbusd_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t session_dbusd_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t session_dbusd_runtime_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t dbusd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t staff_dbusd_t (process (transition)))
                (dontaudit staff_t staff_dbusd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t dbusd_exec_t process staff_dbusd_t)
                (allow staff_dbusd_t staff_t (fd (use)))
                (allow staff_dbusd_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow staff_dbusd_t staff_t (process (sigchld)))
                (allow staff_t staff_dbusd_t (dir (ioctl read getattr lock open search)))
                (allow staff_t staff_dbusd_t (file (ioctl read getattr lock open)))
                (allow staff_t staff_dbusd_t (lnk_file (read getattr)))
                (allow staff_t staff_dbusd_t (process (getattr)))
                (allow staff_t staff_dbusd_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_dbusd_t staff_t (process (sigkill)))
                (allow staff_dbusd_t session_dbusd_tmp_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_dbusd_t self (unix_stream_socket (connectto)))
                (allow staff_dbusd_t staff_dbusd_tmpfs_t (file (ioctl read write getattr map)))
                (allow staff_dbusd_t etc_t (dir (ioctl read getattr lock open search)))
                (allow staff_dbusd_t etc_t (dir (getattr open search)))
                (allow staff_dbusd_t etc_runtime_t (file (ioctl read getattr lock open)))
                (allow staff_dbusd_t etc_t (dir (getattr open search)))
                (allow staff_dbusd_t etc_runtime_t (lnk_file (read getattr)))
                (allow staff_dbusd_tmpfs_t tmpfs_t (filesystem (associate)))
                (allow staff_dbusd_t tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition staff_dbusd_t tmpfs_t file staff_dbusd_tmpfs_t)
                (allow staff_dbusd_t proc_t (filesystem (getattr)))
                (allow staff_dbusd_t bin_t (dir (getattr open search)))
                (allow staff_dbusd_t bin_t (lnk_file (read getattr)))
                (allow staff_dbusd_t usr_t (dir (getattr open search)))
                (allow staff_dbusd_t bin_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t staff_t (process (transition)))
                (dontaudit staff_dbusd_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t bin_t process staff_t)
                (allow staff_dbusd_t bin_t (dir (getattr open search)))
                (allow staff_dbusd_t bin_t (lnk_file (read getattr)))
                (allow staff_dbusd_t usr_t (dir (getattr open search)))
                (allow staff_dbusd_t bin_t (dir (getattr open search)))
                (allow staff_dbusd_t bin_t (dir (ioctl read getattr lock open search)))
                (allow staff_dbusd_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t staff_t (process (transition)))
                (dontaudit staff_dbusd_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t shell_exec_t process staff_t)
                (allow staff_dbusd_t sysfs_t (dir (getattr open search)))
                (allow staff_dbusd_t sysfs_t (dir (getattr open search)))
                (allow staff_dbusd_t security_t (dir (ioctl read getattr lock open search)))
                (allow staff_dbusd_t security_t (file (ioctl read getattr map open)))
                (allow staff_dbusd_t bin_t (dir (getattr open search)))
                (allow staff_dbusd_t bin_t (lnk_file (read getattr)))
                (allow staff_dbusd_t usr_t (dir (getattr open search)))
                (allow staff_dbusd_t dbusd_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                (allow staff_t system_dbusd_t (dbus (send_msg)))
                (allow staff_t self (dbus (send_msg)))
                (allow system_dbusd_t staff_t (dbus (send_msg)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_lib_t (dir (getattr open search)))
                (allow staff_t system_dbusd_var_lib_t (dir (getattr open search)))
                (allow staff_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                (allow staff_t system_dbusd_var_lib_t (dir (getattr open search)))
                (allow staff_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                (allow staff_t session_dbusd_tmp_t (dir (getattr open search)))
                (allow staff_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t system_dbusd_runtime_t (dir (getattr open search)))
                (allow staff_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                (allow staff_t system_dbusd_t (unix_stream_socket (connectto)))
                (allow staff_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                (allow staff_t dbusd_etc_t (file (ioctl read getattr lock open)))
                (allow staff_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                (allow staff_t system_dbusd_runtime_t (sock_file (read)))
                (allow staff_t system_dbusd_var_lib_t (dir (getattr open search)))
                (allow staff_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".dbus" session_dbusd_home_t)
                (optional staff_optional_27
                    (typeattributeset cil_gen_require init_t)
                    (allow staff_dbusd_t init_t (process (sigchld)))
                    (allow staff_dbusd_t init_t (process (signull)))
                    (optional staff_optional_28
                        (typeattributeset cil_gen_require rpm_t)
                        (allow staff_dbusd_t rpm_t (fd (use)))
                        (allow staff_dbusd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional staff_optional_29
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit staff_dbusd_t security_t (filesystem (getattr)))
                        (dontaudit staff_dbusd_t sysfs_t (filesystem (getattr)))
                        (dontaudit staff_dbusd_t sysfs_t (dir (getattr open search)))
                        (dontaudit staff_dbusd_t security_t (dir (getattr open search)))
                        (dontaudit staff_dbusd_t security_t (file (ioctl read getattr lock open)))
                        (optional staff_optional_30
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit staff_dbusd_t selinux_config_t (dir (getattr open search)))
                            (dontaudit staff_dbusd_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional staff_optional_31
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require xdg_data_t)
                                (allow staff_dbusd_t xdg_data_t (dir (getattr open search)))
                                (allow staff_dbusd_t xdg_data_t (file (ioctl read getattr lock open)))
                                (allow staff_dbusd_t xdg_data_t (file (map)))
                                (allow staff_dbusd_t xdg_data_t (dir (getattr open search)))
                                (allow staff_dbusd_t xdg_data_t (dir (ioctl read getattr lock open search)))
                                (allow staff_dbusd_t xdg_data_t (dir (getattr open search)))
                                (allow staff_dbusd_t xdg_data_t (lnk_file (read getattr)))
                                (allow staff_dbusd_t user_home_dir_t (dir (getattr open search)))
                                (allow staff_dbusd_t home_root_t (dir (getattr open search)))
                                (allow staff_dbusd_t home_root_t (lnk_file (read getattr)))
                            )
                            (optional staff_optional_32
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require systemd_logind_runtime_t)
                                (typeattributeset cil_gen_require staff_systemd_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_notify_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_t)
                                (typeattributeset cil_gen_require systemd_user_unix_stream_activated_socket_type)
                                (typeattributeset cil_gen_require systemd_user_activated_sock_file_type)
                                (typeattributeset cil_gen_require systemd_user_unix_stream_activated_socket_type)
                                (typeattributeset systemd_user_unix_stream_activated_socket_type (staff_dbusd_t ))
                                (typeattributeset cil_gen_require systemd_user_activated_sock_file_type)
                                (typeattributeset systemd_user_activated_sock_file_type (session_dbusd_runtime_t ))
                                (allow staff_dbusd_t var_run_t (lnk_file (read getattr)))
                                (allow staff_dbusd_t var_t (dir (getattr open search)))
                                (allow staff_dbusd_t var_run_t (dir (getattr open search)))
                                (allow staff_dbusd_t systemd_logind_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow staff_dbusd_t systemd_logind_runtime_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t dbusd_exec_t (file (ioctl read getattr map execute open)))
                                (allow staff_systemd_t staff_dbusd_t (process (transition)))
                                (dontaudit staff_systemd_t staff_dbusd_t (process (noatsecure siginh rlimitinh)))
                                (typetransition staff_systemd_t dbusd_exec_t process staff_dbusd_t)
                                (allow staff_dbusd_t staff_systemd_t (fd (use)))
                                (allow staff_dbusd_t staff_systemd_t (fifo_file (ioctl read write getattr lock append)))
                                (allow staff_dbusd_t staff_systemd_t (process (sigchld)))
                                (allow staff_systemd_t staff_dbusd_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t staff_dbusd_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t staff_dbusd_t (lnk_file (read getattr)))
                                (allow staff_systemd_t staff_dbusd_t (process (getattr)))
                                (allow staff_systemd_t staff_dbusd_t (process (sigchld sigkill sigstop signull signal)))
                                (allow staff_dbusd_t staff_systemd_t (fd (use)))
                                (allow staff_dbusd_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow staff_dbusd_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow staff_dbusd_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow staff_dbusd_t staff_systemd_t (lnk_file (read getattr)))
                                (allow staff_dbusd_t staff_systemd_t (process (getattr)))
                                (allow staff_dbusd_t staff_systemd_t (process (sigchld)))
                                (allow staff_dbusd_t systemd_user_runtime_t (dir (getattr open search)))
                                (allow staff_dbusd_t systemd_user_runtime_t (dir (getattr open search)))
                                (allow staff_dbusd_t systemd_user_runtime_notify_t (sock_file (read write getattr append open)))
                                (allow staff_dbusd_t staff_systemd_t (unix_dgram_socket (sendto)))
                            )
                            (optional staff_optional_33
                                (typeattributeset cil_gen_require accountsd_t)
                                (allow staff_t accountsd_t (dbus (send_msg)))
                                (allow accountsd_t staff_t (dbus (send_msg)))
                            )
                            (optional staff_optional_34
                                (typeattributeset cil_gen_require bluetooth_t)
                                (allow staff_t bluetooth_t (dbus (send_msg)))
                                (allow bluetooth_t staff_t (dbus (send_msg)))
                            )
                            (optional staff_optional_35
                                (typeattributeset cil_gen_require colord_t)
                                (allow staff_t colord_t (dbus (send_msg)))
                                (allow colord_t staff_t (dbus (send_msg)))
                            )
                            (optional staff_optional_36
                                (typeattributeset cil_gen_require cupsd_config_t)
                                (allow staff_t cupsd_config_t (dbus (send_msg)))
                                (allow cupsd_config_t staff_t (dbus (send_msg)))
                            )
                            (optional staff_optional_37
                                (typeattributeset cil_gen_require devicekit_disk_t)
                                (typeattributeset cil_gen_require devicekit_power_t)
                                (allow staff_t devicekit_disk_t (dbus (send_msg)))
                                (allow devicekit_disk_t staff_t (dbus (send_msg)))
                                (allow staff_t devicekit_power_t (dbus (send_msg)))
                                (allow devicekit_power_t staff_t (dbus (send_msg)))
                            )
                            (optional staff_optional_38
                                (typeattributeset cil_gen_require NetworkManager_t)
                                (allow staff_t NetworkManager_t (dbus (send_msg)))
                                (allow NetworkManager_t staff_t (dbus (send_msg)))
                            )
                            (optional staff_optional_39
                                (typeattributeset cil_gen_require policykit_t)
                                (allow staff_t policykit_t (dbus (send_msg)))
                                (allow policykit_t staff_t (dbus (send_msg)))
                            )
                            (optional staff_optional_40
                                (typeattributeset cil_gen_require rtkit_daemon_t)
                                (allow staff_t rtkit_daemon_t (dbus (send_msg)))
                                (allow rtkit_daemon_t staff_t (dbus (send_msg)))
                            )
                            (optional staff_optional_41
                                (typeattributeset cil_gen_require xdm_t)
                                (allow staff_t xdm_t (dbus (send_msg)))
                                (allow xdm_t staff_t (dbus (send_msg)))
                            )
                            (optional staff_optional_42
                                (type staff_systemd_t)
                                (roletype object_r staff_systemd_t)
                                (type staff_systemd_tmpfiles_t)
                                (roletype object_r staff_systemd_tmpfiles_t)
                                (typeattributeset cil_gen_require staff_application_exec_domain)
                                (typeattributeset staff_application_exec_domain (staff_t ))
                                (typeattributeset cil_gen_require domain)
                                (typeattributeset domain (staff_t ))
                                (typeattributeset cil_gen_require init_t)
                                (typeattributeset cil_gen_require security_t)
                                (typeattributeset cil_gen_require sysfs_t)
                                (typeattributeset cil_gen_require selinux_config_t)
                                (typeattributeset cil_gen_require shell_exec_t)
                                (typeattributeset cil_gen_require entry_type)
                                (typeattributeset entry_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require exec_type)
                                (typeattributeset exec_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require file_type)
                                (typeattributeset file_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require non_security_file_type)
                                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require non_auth_file_type)
                                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                                (typeattributeset cil_gen_require bin_t)
                                (typeattributeset cil_gen_require process_user_target)
                                (typeattributeset process_user_target (staff_t ))
                                (typeattributeset cil_gen_require ubac_constrained_type)
                                (typeattributeset ubac_constrained_type (staff_t ))
                                (typeattributeset cil_gen_require console_device_t)
                                (typeattributeset cil_gen_require device_t)
                                (typeattributeset cil_gen_require proc_t)
                                (typeattributeset cil_gen_require sysctl_t)
                                (typeattributeset cil_gen_require sysctl_kernel_t)
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require usr_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require lib_t)
                                (typeattributeset cil_gen_require locale_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require syslogd_t)
                                (typeattributeset cil_gen_require syslogd_runtime_t)
                                (typeattributeset cil_gen_require devlog_t)
                                (typeattributeset cil_gen_require init_runtime_t)
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require user_bin_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require user_runtime_t)
                                (typeattributeset cil_gen_require user_runtime_root_t)
                                (typeattributeset cil_gen_require tmpfs_t)
                                (typeattributeset cil_gen_require urandom_device_t)
                                (typeattributeset cil_gen_require cgroup_types)
                                (typeattributeset cil_gen_require default_context_t)
                                (typeattributeset cil_gen_require file_context_t)
                                (typeattributeset cil_gen_require kernel_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require staff_dbusd_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_notify_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_t)
                                (typeattributeset cil_gen_require systemd_user_unix_stream_activated_socket_type)
                                (typeattributeset cil_gen_require systemd_user_activated_sock_file_type)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require systemd_user_session_type)
                                (typeattributeset cil_gen_require systemd_log_parse_env_type)
                                (typeattributeset cil_gen_require systemd_analyze_exec_t)
                                (typeattributeset cil_gen_require systemd_conf_home_t)
                                (typeattributeset cil_gen_require systemd_data_home_t)
                                (typeattributeset cil_gen_require systemd_tmpfiles_exec_t)
                                (typeattributeset cil_gen_require systemd_user_unit_t)
                                (typeattributeset cil_gen_require systemd_user_runtime_unit_t)
                                (typeattributeset cil_gen_require systemd_user_transient_unit_t)
                                (typeattributeset cil_gen_require init_exec_t)
                                (typeattributeset cil_gen_require fs_t)
                                (typeattributeset cil_gen_require nsfs_t)
                                (typeattributeset cil_gen_require init_linkable_keyring_type)
                                (typeattributeset cil_gen_require systemd_unit_t)
                                (typeattributeset cil_gen_require systemd_user_manager_unit_t)
                                (typeattributeset cil_gen_require mount_runtime_t)
                                (typeattributeset cil_gen_require systemd_runtime_notify_t)
                                (typeattributeset cil_gen_require dbusd_session_bus_client)
                                (typeattributeset cil_gen_require systemd_machined_t)
                                (typeattributeset cil_gen_require systemd_machined_devpts_t)
                                (typeattributeset cil_gen_require init_var_lib_t)
                                (typeattributeset cil_gen_require systemd_journal_t)
                                (typeattributeset cil_gen_require systemd_passwd_runtime_t)
                                (roleattributeset cil_gen_require staff_r)
                                (roletype staff_r staff_systemd_t)
                                (roletype staff_r staff_systemd_tmpfiles_t)
                                (typeattributeset cil_gen_require non_auth_file_type)
                                (typeattributeset non_auth_file_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (typeattributeset cil_gen_require file_type)
                                (typeattributeset file_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (typeattributeset cil_gen_require domain)
                                (typeattributeset domain (staff_systemd_t staff_systemd_tmpfiles_t ))
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (staff_systemd_t ))
                                (typeattributeset cil_gen_require systemd_user_session_type)
                                (typeattributeset systemd_user_session_type (staff_systemd_t ))
                                (typeattributeset cil_gen_require process_user_target)
                                (typeattributeset process_user_target (staff_systemd_t staff_systemd_tmpfiles_t ))
                                (typeattributeset cil_gen_require systemd_log_parse_env_type)
                                (typeattributeset systemd_log_parse_env_type (staff_systemd_t ))
                                (typeattributeset cil_gen_require entry_type)
                                (typeattributeset entry_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (typeattributeset cil_gen_require init_linkable_keyring_type)
                                (typeattributeset init_linkable_keyring_type (staff_systemd_t ))
                                (typeattributeset cil_gen_require ubac_constrained_type)
                                (typeattributeset ubac_constrained_type (staff_systemd_t ))
                                (typeattributeset cil_gen_require exec_type)
                                (typeattributeset exec_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (typeattributeset cil_gen_require dbusd_session_bus_client)
                                (typeattributeset dbusd_session_bus_client (staff_systemd_t ))
                                (typeattributeset cil_gen_require non_security_file_type)
                                (typeattributeset non_security_file_type (systemd_tmpfiles_exec_t init_exec_t ))
                                (typeattributeset cil_gen_require staff_application_exec_domain)
                                (typeattributeset staff_application_exec_domain (staff_systemd_t ))
                                (allow staff_systemd_t init_exec_t (file (entrypoint)))
                                (allow staff_systemd_t init_exec_t (file (ioctl read getattr lock map execute open)))
                                (allow init_t self (process (setexec)))
                                (allow init_t init_exec_t (file (ioctl read getattr map execute open)))
                                (allow init_t staff_systemd_t (process (transition)))
                                (dontaudit init_t staff_systemd_t (process (noatsecure siginh rlimitinh)))
                                (allow staff_systemd_t init_t (fd (use)))
                                (allow staff_systemd_t init_t (fifo_file (ioctl read write getattr lock append)))
                                (allow staff_systemd_t init_t (process (sigchld)))
                                (allow init_t staff_systemd_t (process (setsched noatsecure rlimitinh)))
                                (allow staff_systemd_tmpfiles_t systemd_tmpfiles_exec_t (file (entrypoint)))
                                (allow staff_systemd_tmpfiles_t systemd_tmpfiles_exec_t (file (ioctl read getattr lock map execute open)))
                                (allow staff_systemd_t self (process (signal getsched)))
                                (allow staff_systemd_t self (netlink_kobject_uevent_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                (allow staff_systemd_t self (netlink_route_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read)))
                                (allow staff_systemd_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown sendto)))
                                (allow staff_systemd_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow staff_systemd_t staff_t (process (sigchld sigkill sigstop signull signal setsched rlimitinh)))
                                (allow staff_systemd_t bin_t (dir (getattr open search)))
                                (allow staff_systemd_t bin_t (lnk_file (read getattr)))
                                (allow staff_systemd_t usr_t (dir (getattr open search)))
                                (allow staff_systemd_t bin_t (dir (getattr open search)))
                                (allow staff_systemd_t bin_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t shell_exec_t (file (ioctl read getattr map execute open)))
                                (allow staff_systemd_t staff_t (process (transition)))
                                (dontaudit staff_systemd_t staff_t (process (noatsecure siginh rlimitinh)))
                                (typetransition staff_systemd_t shell_exec_t process staff_t)
                                (allow staff_systemd_t bin_t (dir (getattr open search)))
                                (allow staff_systemd_t bin_t (lnk_file (read getattr)))
                                (allow staff_systemd_t usr_t (dir (getattr open search)))
                                (allow staff_systemd_t bin_t (file (ioctl read getattr map execute open)))
                                (allow staff_systemd_t staff_t (process (transition)))
                                (dontaudit staff_systemd_t staff_t (process (noatsecure siginh rlimitinh)))
                                (typetransition staff_systemd_t bin_t process staff_t)
                                (allow staff_systemd_t systemd_user_unix_stream_activated_socket_type (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen getopt setopt shutdown)))
                                (allow staff_systemd_t systemd_user_activated_sock_file_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow staff_systemd_t systemd_user_activated_sock_file_type (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_user_runtime_t (blk_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_user_runtime_t (chr_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_user_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow staff_systemd_t systemd_user_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_user_runtime_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_user_runtime_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow staff_systemd_t systemd_user_runtime_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_user_runtime_unit_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow staff_systemd_t systemd_user_runtime_unit_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_user_runtime_unit_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow staff_systemd_t systemd_user_transient_unit_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow staff_systemd_t systemd_user_transient_unit_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_user_transient_unit_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow staff_systemd_t staff_t (dir (getattr open search)))
                                (allow staff_systemd_t staff_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t staff_t (lnk_file (read getattr)))
                                (allow staff_systemd_t device_t (dir (getattr open search)))
                                (allow staff_systemd_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                                (allow staff_systemd_t home_root_t (dir (getattr open search)))
                                (allow staff_systemd_t home_root_t (lnk_file (read getattr)))
                                (allow staff_systemd_t etc_t (dir (watch)))
                                (allow staff_systemd_t fs_t (filesystem (getattr)))
                                (allow staff_systemd_t nsfs_t (file (getattr)))
                                (allow staff_systemd_t cgroup_types (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow staff_systemd_t cgroup_types (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t sysfs_t (dir (getattr open search)))
                                (allow staff_systemd_t sysfs_t (dir (getattr open search)))
                                (allow staff_systemd_t cgroup_types (file (watch)))
                                (dontaudit staff_systemd_t proc_t (filesystem (getattr)))
                                (allow staff_systemd_t kernel_t (unix_stream_socket (connectto)))
                                (allow staff_systemd_t sysfs_t (dir (getattr open search)))
                                (allow staff_systemd_t sysfs_t (dir (getattr open search)))
                                (allow staff_systemd_t security_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t security_t (file (ioctl read getattr map open)))
                                (allow staff_systemd_t systemd_unit_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t init_runtime_t (dir (getattr open search)))
                                (allow staff_systemd_t systemd_unit_t (dir (getattr open search)))
                                (allow staff_systemd_t etc_t (dir (getattr open search)))
                                (allow staff_systemd_t usr_t (dir (getattr open search)))
                                (allow staff_systemd_t lib_t (dir (getattr open search)))
                                (allow staff_systemd_t tmpfs_t (dir (getattr open search)))
                                (allow staff_systemd_t systemd_unit_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t init_t (dbus (send_msg)))
                                (allow init_t staff_systemd_t (dbus (send_msg)))
                                (allow staff_systemd_t systemd_user_manager_unit_t (service (status)))
                                (allow staff_systemd_t systemd_user_manager_unit_t (service (start)))
                                (allow staff_systemd_t systemd_user_manager_unit_t (service (stop)))
                                (allow staff_systemd_t systemd_user_manager_unit_t (service (reload)))
                                (allow staff_systemd_t locale_t (file (watch)))
                                (allow staff_systemd_t mount_runtime_t (dir (getattr open search)))
                                (allow staff_systemd_t mount_runtime_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t mount_runtime_t (file (watch)))
                                (allow staff_systemd_t mount_runtime_t (file (watch_reads)))
                                (allow staff_systemd_t etc_t (dir (getattr open search)))
                                (allow staff_systemd_t selinux_config_t (dir (getattr open search)))
                                (allow staff_systemd_t default_context_t (dir (getattr open search)))
                                (allow staff_systemd_t etc_t (dir (getattr open search)))
                                (allow staff_systemd_t selinux_config_t (dir (getattr open search)))
                                (allow staff_systemd_t default_context_t (dir (getattr open search)))
                                (allow staff_systemd_t file_context_t (dir (getattr open search)))
                                (allow staff_systemd_t file_context_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t file_context_t (file (map)))
                                (allow staff_systemd_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow staff_systemd_t systemd_conf_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow staff_systemd_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow staff_systemd_t systemd_conf_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow staff_systemd_t systemd_conf_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow staff_systemd_t systemd_data_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow staff_systemd_t systemd_data_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_systemd_t systemd_data_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow staff_systemd_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow staff_systemd_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow staff_systemd_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow staff_systemd_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow staff_systemd_t systemd_user_unit_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t systemd_user_unit_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t systemd_user_unit_t (lnk_file (read getattr)))
                                (allow staff_systemd_t init_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t var_run_t (lnk_file (read getattr)))
                                (allow staff_systemd_t var_t (dir (getattr open search)))
                                (allow staff_systemd_t var_run_t (dir (getattr open search)))
                                (allow staff_systemd_t init_t (unix_dgram_socket (sendto)))
                                (allow staff_systemd_t systemd_runtime_notify_t (sock_file (write getattr append open)))
                                (allow staff_systemd_t system_dbusd_t (dbus (send_msg)))
                                (allow staff_systemd_t self (dbus (send_msg)))
                                (allow system_dbusd_t staff_systemd_t (dbus (send_msg)))
                                (allow staff_systemd_t var_t (dir (getattr open search)))
                                (allow staff_systemd_t var_lib_t (dir (getattr open search)))
                                (allow staff_systemd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_systemd_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_systemd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow staff_systemd_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow staff_systemd_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow staff_systemd_t var_run_t (lnk_file (read getattr)))
                                (allow staff_systemd_t var_t (dir (getattr open search)))
                                (allow staff_systemd_t var_run_t (dir (getattr open search)))
                                (allow staff_systemd_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow staff_systemd_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow staff_systemd_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow staff_systemd_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t system_dbusd_runtime_t (sock_file (read)))
                                (allow staff_systemd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_systemd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow staff_systemd_t staff_dbusd_t (dbus (send_msg)))
                                (allow staff_systemd_t self (dbus (send_msg)))
                                (allow staff_dbusd_t staff_systemd_t (dbus (send_msg)))
                                (allow staff_systemd_t staff_dbusd_t (unix_stream_socket (connectto)))
                                (allow staff_systemd_t staff_dbusd_t (fd (use)))
                                (allow staff_systemd_t staff_dbusd_t (dbus (acquire_svc)))
                                (allow staff_systemd_t user_bin_t (dir (getattr open search)))
                                (allow staff_systemd_t user_bin_t (file (ioctl read getattr map execute open execute_no_trans)))
                                (allow staff_systemd_t user_bin_t (dir (getattr open search)))
                                (allow staff_systemd_t user_bin_t (lnk_file (read getattr)))
                                (allow staff_systemd_t home_root_t (dir (getattr open search)))
                                (allow staff_systemd_t home_root_t (lnk_file (read getattr)))
                                (allow staff_systemd_tmpfiles_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                                (allow staff_systemd_t systemd_tmpfiles_exec_t (file (ioctl read getattr map execute open)))
                                (allow staff_systemd_t staff_systemd_tmpfiles_t (process (transition)))
                                (dontaudit staff_systemd_t staff_systemd_tmpfiles_t (process (noatsecure siginh rlimitinh)))
                                (typetransition staff_systemd_t systemd_tmpfiles_exec_t process staff_systemd_tmpfiles_t)
                                (allow staff_systemd_tmpfiles_t staff_systemd_t (fd (use)))
                                (allow staff_systemd_tmpfiles_t staff_systemd_t (fifo_file (ioctl read write getattr lock append)))
                                (allow staff_systemd_tmpfiles_t staff_systemd_t (process (sigchld)))
                                (allow staff_systemd_t staff_systemd_tmpfiles_t (dir (getattr open search)))
                                (allow staff_systemd_t staff_systemd_tmpfiles_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_tmpfiles_t var_run_t (lnk_file (read getattr)))
                                (allow staff_systemd_tmpfiles_t var_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t var_run_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_tmpfiles_t etc_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_tmpfiles_t etc_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t etc_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_tmpfiles_t etc_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t etc_t (lnk_file (read getattr)))
                                (allow staff_systemd_tmpfiles_t nsfs_t (file (getattr)))
                                (allow staff_systemd_tmpfiles_t init_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t init_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_tmpfiles_t init_t (lnk_file (read getattr)))
                                (dontaudit staff_systemd_tmpfiles_t proc_t (filesystem (getattr)))
                                (allow staff_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t sysctl_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t sysctl_kernel_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t sysctl_kernel_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t sysctl_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t proc_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t proc_t (lnk_file (read getattr)))
                                (allow staff_systemd_tmpfiles_t proc_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t proc_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_tmpfiles_t devlog_t (sock_file (write getattr append open)))
                                (allow staff_systemd_tmpfiles_t var_run_t (lnk_file (read getattr)))
                                (allow staff_systemd_tmpfiles_t var_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t var_run_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t init_runtime_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t syslogd_runtime_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t syslogd_t (unix_dgram_socket (sendto)))
                                (allow staff_systemd_tmpfiles_t syslogd_t (unix_stream_socket (connectto)))
                                (allow staff_systemd_tmpfiles_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                (allow staff_systemd_tmpfiles_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                (allow staff_systemd_tmpfiles_t device_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t device_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_tmpfiles_t device_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t device_t (lnk_file (read getattr)))
                                (allow staff_systemd_tmpfiles_t console_device_t (chr_file (ioctl write getattr lock append open)))
                                (dontaudit staff_systemd_tmpfiles_t console_device_t (chr_file (ioctl read getattr lock open)))
                                (allow staff_systemd_tmpfiles_t sysfs_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t sysfs_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t security_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_tmpfiles_t security_t (file (ioctl read getattr map open)))
                                (allow staff_systemd_tmpfiles_t etc_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t selinux_config_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t default_context_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t file_context_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t file_context_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_tmpfiles_t file_context_t (file (map)))
                                (allow staff_systemd_tmpfiles_t user_home_dir_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t home_root_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t home_root_t (lnk_file (read getattr)))
                                (allow staff_systemd_tmpfiles_t user_runtime_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t user_runtime_root_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t var_run_t (lnk_file (read getattr)))
                                (allow staff_systemd_tmpfiles_t var_t (dir (getattr open search)))
                                (allow staff_systemd_tmpfiles_t var_run_t (dir (getattr open search)))
                                (allow staff_t staff_systemd_t (process (signal)))
                                (allow staff_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow staff_t staff_systemd_t (fd (use)))
                                (allow staff_t staff_systemd_t (fifo_file (ioctl read write getattr lock append)))
                                (allow staff_t systemd_user_runtime_t (dir (getattr open search)))
                                (allow staff_t systemd_user_runtime_t (sock_file (write getattr append open)))
                                (allow staff_t staff_systemd_t (unix_stream_socket (connectto)))
                                (allow staff_t staff_systemd_t (system (status start stop enable disable reload)))
                                (allow staff_t systemd_user_runtime_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow staff_t systemd_user_runtime_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                                (allow staff_t systemd_user_runtime_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                                (allow staff_t systemd_user_runtime_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                                (allow staff_t systemd_user_runtime_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                                (allow staff_systemd_t systemd_machined_t (fd (use)))
                                (allow staff_systemd_t systemd_machined_devpts_t (chr_file (ioctl read write getattr append)))
                                (allow staff_t systemd_machined_t (fd (use)))
                                (allow staff_t systemd_machined_devpts_t (chr_file (ioctl read write getattr append)))
                                (allow staff_t systemd_machined_t (dbus (send_msg)))
                                (allow systemd_machined_t staff_t (dbus (send_msg)))
                                (allow staff_t systemd_user_runtime_notify_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                                (allow staff_t systemd_user_unit_t (service (reload start status stop)))
                                (allow staff_t systemd_conf_home_t (service (reload start status stop)))
                                (allow staff_t systemd_analyze_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                                (allow staff_t init_t (dbus (send_msg)))
                                (allow init_t staff_t (dbus (send_msg)))
                                (allow staff_t var_t (dir (getattr open search)))
                                (allow staff_t var_lib_t (dir (getattr open search)))
                                (allow staff_t init_var_lib_t (dir (getattr open search)))
                                (allow staff_t systemd_journal_t (dir (getattr open search)))
                                (allow staff_t systemd_journal_t (dir (ioctl read getattr lock open search)))
                                (allow staff_t systemd_journal_t (dir (getattr open search)))
                                (allow staff_t systemd_journal_t (dir (ioctl read getattr lock open search)))
                                (allow staff_t systemd_journal_t (dir (getattr open search)))
                                (allow staff_t systemd_journal_t (file (ioctl read getattr map open)))
                                (allow staff_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow staff_t systemd_conf_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow staff_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow staff_t systemd_conf_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_t systemd_conf_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow staff_t systemd_conf_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow staff_t systemd_conf_home_t (dir (getattr open search)))
                                (allow staff_t systemd_conf_home_t (dir (getattr relabelfrom relabelto)))
                                (allow staff_t systemd_conf_home_t (dir (getattr open search)))
                                (allow staff_t systemd_conf_home_t (file (getattr relabelfrom relabelto)))
                                (allow staff_t systemd_conf_home_t (dir (getattr open search)))
                                (allow staff_t systemd_conf_home_t (lnk_file (getattr relabelfrom relabelto)))
                                (allow staff_t systemd_data_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                (allow staff_t systemd_data_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow staff_t systemd_data_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                (allow staff_t systemd_data_home_t (dir (getattr open search)))
                                (allow staff_t systemd_data_home_t (dir (getattr relabelfrom relabelto)))
                                (allow staff_t systemd_data_home_t (dir (getattr open search)))
                                (allow staff_t systemd_data_home_t (file (getattr relabelfrom relabelto)))
                                (allow staff_t systemd_data_home_t (dir (getattr open search)))
                                (allow staff_t systemd_data_home_t (lnk_file (getattr relabelfrom relabelto)))
                                (allow staff_t systemd_user_unit_t (dir (ioctl read getattr lock open search)))
                                (allow staff_t systemd_user_unit_t (file (ioctl read getattr lock open)))
                                (allow staff_t systemd_user_unit_t (lnk_file (read getattr)))
                                (allow staff_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow staff_t systemd_user_runtime_unit_t (dir (ioctl read getattr lock open search)))
                                (allow staff_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow staff_t systemd_user_runtime_unit_t (file (ioctl read getattr lock open)))
                                (allow staff_t systemd_user_runtime_unit_t (dir (getattr open search)))
                                (allow staff_t systemd_user_runtime_unit_t (lnk_file (read getattr)))
                                (allow staff_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow staff_t systemd_user_transient_unit_t (dir (ioctl read getattr lock open search)))
                                (allow staff_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow staff_t systemd_user_transient_unit_t (file (ioctl read getattr lock open)))
                                (allow staff_t systemd_user_transient_unit_t (dir (getattr open search)))
                                (allow staff_t systemd_user_transient_unit_t (lnk_file (read getattr)))
                                (allow staff_t systemd_user_runtime_unit_t (service (status)))
                                (allow staff_t systemd_user_runtime_unit_t (service (reload)))
                                (allow staff_t systemd_user_runtime_unit_t (service (start)))
                                (allow staff_t systemd_user_runtime_unit_t (service (stop)))
                                (allow staff_t systemd_user_transient_unit_t (service (status)))
                                (allow staff_t systemd_user_transient_unit_t (service (reload)))
                                (allow staff_t systemd_user_transient_unit_t (service (start)))
                                (allow staff_t systemd_user_transient_unit_t (service (stop)))
                                (allow staff_t systemd_passwd_runtime_t (dir (watch)))
                                (optional staff_optional_43
                                    (typeattributeset cil_gen_require init_t)
                                    (allow staff_systemd_t init_t (process (sigchld)))
                                    (allow staff_systemd_t init_t (process (signull)))
                                    (optional staff_optional_44
                                        (typeattributeset cil_gen_require rpm_t)
                                        (allow staff_systemd_t rpm_t (fd (use)))
                                        (allow staff_systemd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                    )
                                    (optional staff_optional_45
                                        (typeattributeset cil_gen_require security_t)
                                        (typeattributeset cil_gen_require sysfs_t)
                                        (dontaudit staff_systemd_t security_t (filesystem (getattr)))
                                        (dontaudit staff_systemd_t sysfs_t (filesystem (getattr)))
                                        (dontaudit staff_systemd_t sysfs_t (dir (getattr open search)))
                                        (dontaudit staff_systemd_t security_t (dir (getattr open search)))
                                        (dontaudit staff_systemd_t security_t (file (ioctl read getattr lock open)))
                                        (optional staff_optional_46
                                            (typeattributeset cil_gen_require selinux_config_t)
                                            (dontaudit staff_systemd_t selinux_config_t (dir (getattr open search)))
                                            (dontaudit staff_systemd_t selinux_config_t (file (ioctl read getattr lock open)))
                                            (optional staff_optional_47
                                                (typeattributeset cil_gen_require init_t)
                                                (allow staff_systemd_tmpfiles_t init_t (process (sigchld)))
                                                (allow staff_systemd_tmpfiles_t init_t (process (signull)))
                                                (optional staff_optional_48
                                                    (typeattributeset cil_gen_require rpm_t)
                                                    (allow staff_systemd_tmpfiles_t rpm_t (fd (use)))
                                                    (allow staff_systemd_tmpfiles_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                                )
                                                (optional staff_optional_49
                                                    (typeattributeset cil_gen_require security_t)
                                                    (typeattributeset cil_gen_require sysfs_t)
                                                    (dontaudit staff_systemd_tmpfiles_t security_t (filesystem (getattr)))
                                                    (dontaudit staff_systemd_tmpfiles_t sysfs_t (filesystem (getattr)))
                                                    (dontaudit staff_systemd_tmpfiles_t sysfs_t (dir (getattr open search)))
                                                    (dontaudit staff_systemd_tmpfiles_t security_t (dir (getattr open search)))
                                                    (dontaudit staff_systemd_tmpfiles_t security_t (file (ioctl read getattr lock open)))
                                                    (optional staff_optional_50
                                                        (typeattributeset cil_gen_require selinux_config_t)
                                                        (dontaudit staff_systemd_tmpfiles_t selinux_config_t (dir (getattr open search)))
                                                        (dontaudit staff_systemd_tmpfiles_t selinux_config_t (file (ioctl read getattr lock open)))
                                                        (optional staff_optional_51
                                                            (typeattributeset cil_gen_require user_home_dir_t)
                                                            (typeattributeset cil_gen_require home_root_t)
                                                            (typeattributeset cil_gen_require xdg_data_t)
                                                            (typeattributeset cil_gen_require xdg_config_t)
                                                            (allow staff_systemd_t user_home_dir_t (dir (getattr open search)))
                                                            (allow staff_systemd_t home_root_t (dir (getattr open search)))
                                                            (allow staff_systemd_t home_root_t (lnk_file (read getattr)))
                                                            (allow staff_systemd_t xdg_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                                            (allow staff_systemd_t xdg_config_t (dir (create getattr)))
                                                            (allow staff_systemd_t user_home_dir_t (dir (getattr open search)))
                                                            (allow staff_systemd_t home_root_t (dir (getattr open search)))
                                                            (allow staff_systemd_t home_root_t (lnk_file (read getattr)))
                                                            (allow staff_systemd_t xdg_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                                            (allow staff_systemd_t xdg_data_t (dir (create getattr)))
                                                            (allow staff_systemd_t xdg_config_t (dir (getattr open search)))
                                                            (allow staff_systemd_t xdg_config_t (file (ioctl read getattr lock open)))
                                                            (allow staff_systemd_t xdg_config_t (file (map)))
                                                            (allow staff_systemd_t xdg_config_t (dir (getattr open search)))
                                                            (allow staff_systemd_t xdg_config_t (dir (ioctl read getattr lock open search)))
                                                            (allow staff_systemd_t xdg_config_t (dir (getattr open search)))
                                                            (allow staff_systemd_t xdg_config_t (lnk_file (read getattr)))
                                                            (allow staff_systemd_t user_home_dir_t (dir (getattr open search)))
                                                            (allow staff_systemd_t home_root_t (dir (getattr open search)))
                                                            (allow staff_systemd_t home_root_t (lnk_file (read getattr)))
                                                            (allow staff_systemd_t xdg_data_t (dir (getattr open search)))
                                                            (allow staff_systemd_t xdg_data_t (file (ioctl read getattr lock open)))
                                                            (allow staff_systemd_t xdg_data_t (file (map)))
                                                            (allow staff_systemd_t xdg_data_t (dir (getattr open search)))
                                                            (allow staff_systemd_t xdg_data_t (dir (ioctl read getattr lock open search)))
                                                            (allow staff_systemd_t xdg_data_t (dir (getattr open search)))
                                                            (allow staff_systemd_t xdg_data_t (lnk_file (read getattr)))
                                                            (allow staff_systemd_t user_home_dir_t (dir (getattr open search)))
                                                            (allow staff_systemd_t home_root_t (dir (getattr open search)))
                                                            (allow staff_systemd_t home_root_t (lnk_file (read getattr)))
                                                            (typetransition staff_systemd_t xdg_data_t dir "systemd" systemd_data_home_t)
                                                            (typetransition staff_systemd_t xdg_config_t dir "systemd" systemd_conf_home_t)
                                                        )
                                                    )
                                                )
                                            )
                                        )
                                    )
                                )
                            )
                        )
                    )
                )
            )
            (optional staff_optional_52
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require dpkg_var_lib_t)
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_lib_t (dir (getattr open search)))
                (allow staff_t dpkg_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow staff_t dpkg_var_lib_t (dir (getattr open search)))
                (allow staff_t dpkg_var_lib_t (file (ioctl read getattr lock open)))
                (allow staff_t dpkg_var_lib_t (dir (getattr open search)))
                (allow staff_t dpkg_var_lib_t (lnk_file (read getattr)))
            )
            (optional staff_optional_53
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require gssproxy_t)
                (typeattributeset cil_gen_require gssproxy_run_t)
                (typeattributeset cil_gen_require gssproxy_var_lib_t)
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t gssproxy_run_t (dir (getattr open search)))
                (allow staff_t gssproxy_run_t (sock_file (write getattr append open)))
                (allow staff_t gssproxy_t (unix_stream_socket (connectto)))
                (allow staff_t gssproxy_var_lib_t (dir (getattr open search)))
                (allow staff_t gssproxy_var_lib_t (sock_file (write getattr append open)))
                (allow staff_t gssproxy_t (unix_stream_socket (connectto)))
            )
            (optional staff_optional_54
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require hwloc_dhwd_exec_t)
                (typeattributeset cil_gen_require hwloc_runtime_t)
                (allow staff_t hwloc_dhwd_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t hwloc_runtime_t (dir (getattr open search)))
                (allow staff_t hwloc_runtime_t (file (ioctl read getattr lock open)))
            )
            (optional staff_optional_55
                (typeattributeset cil_gen_require inetd_t)
                (allow staff_t inetd_t (fd (use)))
                (allow staff_t inetd_t (tcp_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
            )
            (optional staff_optional_56
                (typeattributeset cil_gen_require innd_etc_t)
                (typeattributeset cil_gen_require innd_var_lib_t)
                (typeattributeset cil_gen_require news_spool_t)
                (allow staff_t innd_etc_t (dir (ioctl read getattr lock open search)))
                (allow staff_t innd_etc_t (file (ioctl read getattr lock open)))
                (allow staff_t innd_etc_t (lnk_file (read getattr)))
                (allow staff_t innd_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow staff_t innd_var_lib_t (file (ioctl read getattr lock open)))
                (allow staff_t news_spool_t (dir (ioctl read getattr lock open search)))
                (allow staff_t news_spool_t (file (ioctl read getattr lock open)))
                (allow staff_t news_spool_t (lnk_file (read getattr)))
            )
            (optional staff_optional_57
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require krb5_home_t)
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t krb5_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t krb5_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t file ".k5login" krb5_home_t)
            )
            (optional staff_optional_58
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require locate_var_lib_t)
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_lib_t (dir (getattr open search)))
                (allow staff_t locate_var_lib_t (dir (getattr open search)))
                (allow staff_t locate_var_lib_t (file (ioctl read getattr lock open)))
                (allow staff_t locate_var_lib_t (dir (ioctl read getattr lock open search)))
            )
            (optional staff_optional_59
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mpd_user_data_t)
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t mpd_user_data_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mpd_user_data_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t mpd_user_data_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t mpd_user_data_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t mpd_user_data_t (file (getattr relabelfrom relabelto)))
                (allow staff_t mpd_user_data_t (lnk_file (getattr relabelfrom relabelto)))
            )
            (optional staff_optional_60
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require modules_conf_t)
                (typeattributeset cil_gen_require boot_t)
                (allow staff_t etc_t (dir (getattr open search)))
                (allow staff_t boot_t (dir (getattr open search)))
                (allow staff_t modules_conf_t (dir (ioctl read getattr lock open search)))
                (allow staff_t modules_conf_t (file (ioctl read getattr lock open)))
                (allow staff_t modules_conf_t (lnk_file (read getattr)))
            )
            (optional staff_optional_61
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require mail_spool_t)
                (typeattributeset cil_gen_require var_spool_t)
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_spool_t (dir (getattr open search)))
                (allow staff_t mail_spool_t (dir (ioctl read getattr lock open search)))
                (allow staff_t mail_spool_t (file (ioctl read write getattr lock append open)))
                (allow staff_t mail_spool_t (lnk_file (read getattr)))
            )
            (optional staff_optional_62
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mysqld_home_t)
                (typeattributeset cil_gen_require mysqld_t)
                (typeattributeset cil_gen_require mysqld_runtime_t)
                (typeattributeset cil_gen_require mysqld_db_t)
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t mysqld_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t mysqld_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t file ".my.cnf" mysqld_home_t)
                (booleanif (allow_user_mysql_connect)
                    (true
                        (allow staff_t mysqld_t (unix_stream_socket (connectto)))
                        (allow staff_t mysqld_runtime_t (sock_file (write getattr append open)))
                        (allow staff_t mysqld_runtime_t (dir (getattr open search)))
                        (allow staff_t mysqld_db_t (dir (getattr open search)))
                        (allow staff_t var_run_t (dir (getattr open search)))
                        (allow staff_t var_t (dir (getattr open search)))
                        (allow staff_t var_run_t (lnk_file (read getattr)))
                    )
                )
            )
            (optional staff_optional_63
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require oidentd_home_t)
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t oidentd_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t oidentd_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t file ".oidentd.conf" oidentd_home_t)
            )
            (optional staff_optional_64
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require pcscd_t)
                (typeattributeset cil_gen_require pcscd_runtime_t)
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t pcscd_runtime_t (dir (getattr open search)))
                (allow staff_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t pcscd_runtime_t (dir (getattr open search)))
                (allow staff_t pcscd_runtime_t (sock_file (write getattr append open)))
                (allow staff_t pcscd_t (unix_stream_socket (connectto)))
                (allow pcscd_t staff_t (dir (ioctl read getattr lock open search)))
                (allow pcscd_t staff_t (file (ioctl read getattr lock open)))
            )
            (optional staff_optional_65
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require netlabel_peer_t)
                (typeattributeset cil_gen_require postgresql_t)
                (typeattributeset cil_gen_require postgresql_runtime_t)
                (typeattributeset cil_gen_require postgresql_tmp_t)
                (typeattributeset cil_gen_require postgresql_port_t)
                (typeattributeset cil_gen_require postgresql_client_packet_t)
                (booleanif (allow_user_postgresql_connect)
                    (true
                        (allow staff_t postgresql_client_packet_t (packet (recv)))
                        (allow staff_t postgresql_client_packet_t (packet (send)))
                        (allow staff_t postgresql_port_t (tcp_socket (name_connect)))
                        (allow postgresql_t netlabel_peer_t (tcp_socket (recvfrom)))
                        (allow postgresql_t netlabel_peer_t (peer (recv)))
                        (allow staff_t netlabel_peer_t (tcp_socket (recvfrom)))
                        (allow staff_t netlabel_peer_t (peer (recv)))
                        (allow postgresql_t staff_t (peer (recv)))
                        (allow staff_t postgresql_t (peer (recv)))
                        (allow postgresql_t staff_t (tcp_socket (recvfrom)))
                        (allow postgresql_t staff_t (association (recvfrom)))
                        (allow staff_t postgresql_t (tcp_socket (recvfrom)))
                        (allow staff_t postgresql_t (association (recvfrom)))
                        (allow staff_t self (association (sendto)))
                        (allow postgresql_t self (association (sendto)))
                        (allow staff_t tmp_t (dir (getattr open search)))
                        (allow staff_t var_run_t (dir (getattr open search)))
                        (allow staff_t var_t (dir (getattr open search)))
                        (allow staff_t var_run_t (lnk_file (read getattr)))
                        (allow staff_t postgresql_t (unix_stream_socket (connectto)))
                        (allow staff_t postgresql_runtime_t (sock_file (write getattr append open)))
                        (allow staff_t postgresql_tmp_t (sock_file (write getattr append open)))
                        (allow staff_t postgresql_runtime_t (dir (getattr open search)))
                        (allow staff_t postgresql_tmp_t (dir (getattr open search)))
                    )
                )
            )
            (optional staff_optional_66
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require ppp_home_t)
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t ppp_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t ppp_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t file ".ppprc" ppp_home_t)
            )
            (optional staff_optional_67
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require resmgrd_runtime_t)
                (typeattributeset cil_gen_require resmgrd_t)
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t resmgrd_runtime_t (dir (getattr open search)))
                (allow staff_t resmgrd_runtime_t (sock_file (write getattr append open)))
                (allow staff_t resmgrd_t (unix_stream_socket (connectto)))
            )
            (optional staff_optional_68
                (typeattributeset cil_gen_require exports_t)
                (typeattributeset cil_gen_require nfsd_rw_t)
                (dontaudit staff_t exports_t (file (getattr)))
                (allow staff_t nfsd_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t nfsd_rw_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t nfsd_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t nfsd_rw_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t nfsd_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t nfsd_rw_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
            )
            (optional staff_optional_69
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require samba_var_t)
                (typeattributeset cil_gen_require winbind_t)
                (typeattributeset cil_gen_require winbind_runtime_t)
                (typeattributeset cil_gen_require samba_runtime_t)
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t samba_var_t (dir (getattr open search)))
                (allow staff_t winbind_runtime_t (dir (getattr open search)))
                (allow staff_t samba_runtime_t (dir (getattr open search)))
                (allow staff_t winbind_runtime_t (sock_file (write getattr append open)))
                (allow staff_t winbind_t (unix_stream_socket (connectto)))
            )
            (optional staff_optional_70
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_spool_t)
                (typeattributeset cil_gen_require slrnpull_spool_t)
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_spool_t (dir (getattr open search)))
                (allow staff_t slrnpull_spool_t (dir (getattr open search)))
            )
            (optional staff_optional_71
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require udev_runtime_t)
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t udev_runtime_t (dir (getattr open search)))
                (allow staff_t udev_runtime_t (file (ioctl read getattr lock open)))
                (allow staff_t udev_runtime_t (dir (getattr open search)))
                (allow staff_t udev_runtime_t (lnk_file (read getattr)))
            )
            (optional staff_optional_72
                (roleattributeset cil_gen_require usernetctl_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require usernetctl_t)
                (typeattributeset cil_gen_require usernetctl_exec_t)
                (roleattributeset cil_gen_require usernetctl_roles)
                (roleattributeset usernetctl_roles (staff_r ))
                (allow staff_t bin_t (dir (getattr open search)))
                (allow staff_t bin_t (lnk_file (read getattr)))
                (allow staff_t usr_t (dir (getattr open search)))
                (allow staff_t usernetctl_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t usernetctl_t (process (transition)))
                (dontaudit staff_t usernetctl_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t usernetctl_exec_t process usernetctl_t)
                (allow usernetctl_t staff_t (fd (use)))
                (allow usernetctl_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow usernetctl_t staff_t (process (sigchld)))
            )
            (optional staff_optional_73
                (typeattributeset cil_gen_require init_t)
                (typeattributeset cil_gen_require init_runtime_t)
                (typeattributeset cil_gen_require systemd_userdbd_t)
                (typeattributeset cil_gen_require systemd_userdbd_runtime_t)
                (allow staff_t init_runtime_t (dir (getattr open search)))
                (allow staff_t systemd_userdbd_runtime_t (dir (ioctl read getattr lock open search)))
                (allow staff_t systemd_userdbd_runtime_t (lnk_file (read getattr)))
                (allow staff_t systemd_userdbd_runtime_t (dir (getattr open search)))
                (allow staff_t systemd_userdbd_runtime_t (sock_file (write getattr append open)))
                (allow staff_t systemd_userdbd_t (unix_stream_socket (connectto)))
                (allow staff_t init_t (unix_stream_socket (connectto)))
            )
            (optional staff_optional_74
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require virt_home_t)
                (typeattributeset cil_gen_require virt_content_t)
                (typeattributeset cil_gen_require svirt_home_t)
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t virt_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t virt_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir "VirtualMachines" virt_home_t)
                (typetransition staff_t virt_home_t dir "qemu" svirt_home_t)
                (typetransition staff_t virt_home_t dir "isos" virt_content_t)
                (typetransition staff_t user_home_dir_t dir ".virtinst" virt_home_t)
                (typetransition staff_t user_home_dir_t dir ".libvirt" virt_home_t)
            )
            (optional staff_optional_75
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require ping_t)
                (typeattributeset cil_gen_require ping_exec_t)
                (typeattributeset cil_gen_require traceroute_t)
                (typeattributeset cil_gen_require traceroute_exec_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r ping_t)
                (roletype staff_r traceroute_t)
                (booleanif (user_ping)
                    (true
                        (allow ping_t staff_t (process (sigchld)))
                        (allow ping_t staff_t (fifo_file (ioctl read write getattr lock append)))
                        (allow ping_t staff_t (fd (use)))
                        (typetransition staff_t ping_exec_t process ping_t)
                        (dontaudit staff_t ping_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_t ping_t (process (transition)))
                        (allow staff_t ping_exec_t (file (ioctl read getattr map execute open)))
                        (allow staff_t usr_t (dir (getattr open search)))
                        (allow staff_t bin_t (lnk_file (read getattr)))
                        (allow staff_t bin_t (dir (getattr open search)))
                        (allow traceroute_t staff_t (process (sigchld)))
                        (allow traceroute_t staff_t (fifo_file (ioctl read write getattr lock append)))
                        (allow traceroute_t staff_t (fd (use)))
                        (typetransition staff_t traceroute_exec_t process traceroute_t)
                        (dontaudit staff_t traceroute_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_t traceroute_t (process (transition)))
                        (allow staff_t traceroute_exec_t (file (ioctl read getattr map execute open)))
                        (allow staff_t usr_t (dir (getattr open search)))
                        (allow staff_t bin_t (lnk_file (read getattr)))
                        (allow staff_t bin_t (dir (getattr open search)))
                    )
                )
            )
            (optional staff_optional_76
                (roleattributeset cil_gen_require pppd_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require pppd_t)
                (typeattributeset cil_gen_require pppd_exec_t)
                (roleattributeset cil_gen_require pppd_roles)
                (roleattributeset pppd_roles (staff_r ))
                (booleanif (pppd_for_user)
                    (true
                        (allow pppd_t staff_t (process (sigchld)))
                        (allow pppd_t staff_t (fifo_file (ioctl read write getattr lock append)))
                        (allow pppd_t staff_t (fd (use)))
                        (typetransition staff_t pppd_exec_t process pppd_t)
                        (dontaudit staff_t pppd_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_t pppd_t (process (transition)))
                        (allow staff_t pppd_exec_t (file (ioctl read getattr map execute open)))
                        (allow staff_t usr_t (dir (getattr open search)))
                        (allow staff_t bin_t (lnk_file (read getattr)))
                        (allow staff_t bin_t (dir (getattr open search)))
                    )
                )
            )
            (optional staff_optional_77
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require setroubleshootd_t)
                (typeattributeset cil_gen_require setroubleshoot_runtime_t)
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t setroubleshoot_runtime_t (dir (getattr open search)))
                (allow staff_t setroubleshoot_runtime_t (sock_file (write getattr append open)))
                (allow staff_t setroubleshootd_t (unix_stream_socket (connectto)))
                (allow staff_t setroubleshoot_runtime_t (sock_file (read)))
            )
            (optional staff_optional_78
                (typeattributeset cil_gen_require init_t)
                (typeattributeset cil_gen_require systemd_logind_t)
                (typeattributeset cil_gen_require systemd_hostnamed_t)
                (typeattributeset cil_gen_require systemd_logind_inhibit_runtime_t)
                (allow staff_t init_t (unix_stream_socket (ioctl read write getattr)))
                (allow staff_t init_t (fd (use)))
                (allow staff_t init_t (dir (getattr open search)))
                (allow staff_t init_t (file (ioctl read getattr lock open)))
                (allow staff_t init_t (lnk_file (read getattr)))
                (allow staff_t systemd_logind_t (dbus (send_msg)))
                (allow systemd_logind_t staff_t (dbus (send_msg)))
                (allow staff_t systemd_logind_t (fd (use)))
                (allow staff_t systemd_hostnamed_t (dbus (send_msg)))
                (allow systemd_hostnamed_t staff_t (dbus (send_msg)))
                (allow staff_t systemd_logind_t (fd (use)))
                (allow staff_t systemd_logind_inhibit_runtime_t (fifo_file (write)))
            )
            (optional staff_optional_79
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require xdg_data_t)
                (typeattributeset cil_gen_require xdg_config_t)
                (typeattributeset cil_gen_require xdg_cache_type)
                (typeattributeset cil_gen_require xdg_config_type)
                (typeattributeset cil_gen_require xdg_data_type)
                (typeattributeset cil_gen_require xdg_cache_t)
                (typeattributeset cil_gen_require xdg_documents_t)
                (typeattributeset cil_gen_require xdg_downloads_t)
                (typeattributeset cil_gen_require xdg_music_t)
                (typeattributeset cil_gen_require xdg_pictures_t)
                (typeattributeset cil_gen_require xdg_videos_t)
                (allow staff_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_cache_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_cache_type (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_cache_type (file (map)))
                (allow staff_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_cache_type (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_cache_type (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_cache_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_cache_type (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_cache_type (dir (getattr open search)))
                (allow staff_t xdg_cache_type (dir (getattr relabelfrom relabelto)))
                (allow staff_t xdg_cache_type (dir (getattr open search)))
                (allow staff_t xdg_cache_type (file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_cache_type (dir (getattr open search)))
                (allow staff_t xdg_cache_type (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_cache_type (dir (getattr open search)))
                (allow staff_t xdg_cache_type (fifo_file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_cache_type (dir (getattr open search)))
                (allow staff_t xdg_cache_type (sock_file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_cache_type (dir (watch)))
                (allow staff_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_config_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_config_type (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_config_type (file (map)))
                (allow staff_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_config_type (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_config_type (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_config_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_config_type (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_config_type (dir (getattr open search)))
                (allow staff_t xdg_config_type (dir (getattr relabelfrom relabelto)))
                (allow staff_t xdg_config_type (dir (getattr open search)))
                (allow staff_t xdg_config_type (file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_config_type (dir (getattr open search)))
                (allow staff_t xdg_config_type (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_config_type (dir (getattr open search)))
                (allow staff_t xdg_config_type (fifo_file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_config_type (dir (getattr open search)))
                (allow staff_t xdg_config_type (sock_file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_config_type (dir (watch)))
                (allow staff_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_data_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_data_type (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_data_type (file (map)))
                (allow staff_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_data_type (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_data_type (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_data_type (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_data_type (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_data_type (dir (getattr open search)))
                (allow staff_t xdg_data_type (dir (getattr relabelfrom relabelto)))
                (allow staff_t xdg_data_type (dir (getattr open search)))
                (allow staff_t xdg_data_type (file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_data_type (dir (getattr open search)))
                (allow staff_t xdg_data_type (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_data_type (dir (getattr open search)))
                (allow staff_t xdg_data_type (fifo_file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_data_type (dir (getattr open search)))
                (allow staff_t xdg_data_type (sock_file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_data_type (dir (watch)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_documents_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_documents_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t xdg_documents_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_documents_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_documents_t (file (map)))
                (allow staff_t xdg_documents_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_documents_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t xdg_documents_t (dir (getattr open search)))
                (allow staff_t xdg_documents_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t xdg_documents_t (dir (getattr open search)))
                (allow staff_t xdg_documents_t (file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_documents_t (dir (getattr open search)))
                (allow staff_t xdg_documents_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_documents_t (dir (watch)))
                (allow staff_t xdg_downloads_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_downloads_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t xdg_downloads_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_downloads_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_downloads_t (file (map)))
                (allow staff_t xdg_downloads_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_downloads_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t xdg_downloads_t (dir (getattr open search)))
                (allow staff_t xdg_downloads_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t xdg_downloads_t (dir (getattr open search)))
                (allow staff_t xdg_downloads_t (file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_downloads_t (dir (getattr open search)))
                (allow staff_t xdg_downloads_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_downloads_t (dir (watch)))
                (allow staff_t xdg_music_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_music_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t xdg_music_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_music_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_music_t (file (map)))
                (allow staff_t xdg_music_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_music_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t xdg_music_t (dir (getattr open search)))
                (allow staff_t xdg_music_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t xdg_music_t (dir (getattr open search)))
                (allow staff_t xdg_music_t (file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_music_t (dir (getattr open search)))
                (allow staff_t xdg_music_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_music_t (dir (watch)))
                (allow staff_t xdg_pictures_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_pictures_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t xdg_pictures_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_pictures_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_pictures_t (file (map)))
                (allow staff_t xdg_pictures_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_pictures_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t xdg_pictures_t (dir (getattr open search)))
                (allow staff_t xdg_pictures_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t xdg_pictures_t (dir (getattr open search)))
                (allow staff_t xdg_pictures_t (file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_pictures_t (dir (getattr open search)))
                (allow staff_t xdg_pictures_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_pictures_t (dir (watch)))
                (allow staff_t xdg_videos_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_videos_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t xdg_videos_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_videos_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xdg_videos_t (file (map)))
                (allow staff_t xdg_videos_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_videos_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t xdg_videos_t (dir (getattr open search)))
                (allow staff_t xdg_videos_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t xdg_videos_t (dir (getattr open search)))
                (allow staff_t xdg_videos_t (file (getattr relabelfrom relabelto)))
                (allow staff_t xdg_videos_t (dir (getattr open search)))
                (allow staff_t xdg_videos_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_videos_t (dir (watch)))
                (typetransition staff_t user_home_dir_t dir "Videos" xdg_videos_t)
                (typetransition staff_t user_home_dir_t dir "Pictures" xdg_pictures_t)
                (typetransition staff_t user_home_dir_t dir "Music" xdg_music_t)
                (typetransition staff_t user_home_dir_t dir "Downloads" xdg_downloads_t)
                (typetransition staff_t user_home_dir_t dir "Documents" xdg_documents_t)
                (typetransition staff_t user_home_dir_t dir ".local" xdg_data_t)
                (typetransition staff_t user_home_dir_t dir ".config" xdg_config_t)
                (typetransition staff_t user_home_dir_t dir ".cache" xdg_cache_t)
            )
            (optional staff_optional_80
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require usbguard_t)
                (typeattributeset cil_gen_require usbguard_tmpfs_t)
                (booleanif (usbguard_user_modify_rule_files)
                    (true
                        (allow staff_t usbguard_t (unix_stream_socket (connectto)))
                        (allow staff_t usbguard_tmpfs_t (sock_file (write getattr append open)))
                        (allow staff_t usbguard_tmpfs_t (dir (getattr open search)))
                        (allow staff_t var_run_t (dir (getattr open search)))
                        (allow staff_t var_t (dir (getattr open search)))
                        (allow staff_t var_run_t (lnk_file (read getattr)))
                    )
                )
            )
            (optional staff_optional_81
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require httpdcontent)
                (typeattributeset cil_gen_require httpd_user_content_t)
                (typeattributeset cil_gen_require httpd_user_htaccess_t)
                (typeattributeset cil_gen_require httpd_user_script_t)
                (typeattributeset cil_gen_require httpd_user_script_exec_t)
                (typeattributeset cil_gen_require httpd_user_ra_content_t)
                (typeattributeset cil_gen_require httpd_user_rw_content_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r httpd_user_script_t)
                (allow staff_t httpd_user_htaccess_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t httpd_user_content_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t httpd_user_content_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t httpd_user_content_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t httpd_user_ra_content_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t httpd_user_ra_content_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t httpd_user_ra_content_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t httpd_user_rw_content_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t httpd_user_rw_content_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t httpd_user_rw_content_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t httpd_user_script_exec_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t httpd_user_script_exec_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t httpd_user_script_exec_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t httpd_user_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t httpd_user_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t httpd_user_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition staff_t httpd_user_content_t dir "logs" httpd_user_ra_content_t)
                (typetransition staff_t httpd_user_content_t dir "cgi-bin" httpd_user_script_exec_t)
                (typetransition staff_t httpd_user_content_t file ".htaccess" httpd_user_htaccess_t)
                (typetransition staff_t user_home_dir_t dir "www" httpd_user_content_t)
                (typetransition staff_t user_home_dir_t dir "web" httpd_user_content_t)
                (typetransition staff_t user_home_dir_t dir "public_html" httpd_user_content_t)
                (booleanif (and (httpd_enable_cgi) (httpd_unified))
                    (true
                        (allow httpd_user_script_t staff_application_exec_domain (process (sigchld)))
                        (allow httpd_user_script_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow httpd_user_script_t staff_application_exec_domain (fd (use)))
                        (typetransition staff_application_exec_domain httpdcontent process httpd_user_script_t)
                        (dontaudit staff_application_exec_domain httpd_user_script_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_application_exec_domain httpd_user_script_t (process (transition)))
                        (allow staff_application_exec_domain httpdcontent (file (ioctl read getattr map execute open)))
                    )
                )
                (booleanif (httpd_enable_cgi)
                    (true
                        (allow httpd_user_script_t staff_application_exec_domain (process (sigchld)))
                        (allow httpd_user_script_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow httpd_user_script_t staff_application_exec_domain (fd (use)))
                        (typetransition staff_application_exec_domain httpd_user_script_exec_t process httpd_user_script_t)
                        (dontaudit staff_application_exec_domain httpd_user_script_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_application_exec_domain httpd_user_script_t (process (transition)))
                        (allow staff_application_exec_domain httpd_user_script_exec_t (file (ioctl read getattr map execute open)))
                    )
                )
                (optional staff_optional_82
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t httpd_user_script_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t httpd_user_script_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t httpd_user_script_t (lnk_file (read getattr)))
                    (allow staff_systemd_t httpd_user_script_t (process (getattr)))
                    (allow staff_systemd_t httpd_user_script_t (process (sigchld sigkill sigstop signull signal)))
                    (allow httpd_user_script_t staff_systemd_t (fd (use)))
                    (allow httpd_user_script_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow httpd_user_script_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow httpd_user_script_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow httpd_user_script_t staff_systemd_t (lnk_file (read getattr)))
                    (allow httpd_user_script_t staff_systemd_t (process (getattr)))
                    (allow httpd_user_script_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_83
                (roleattributeset cil_gen_require auditadm_r)
                (roleallow staff_r auditadm_r)
            )
            (optional staff_optional_84
                (roleattributeset cil_gen_require container_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require xdg_data_t)
                (typeattributeset cil_gen_require xdg_config_t)
                (typeattributeset cil_gen_require xdg_cache_t)
                (typeattributeset cil_gen_require container_user_domain)
                (typeattributeset cil_gen_require container_engine_user_domain)
                (typeattributeset cil_gen_require container_config_t)
                (typeattributeset cil_gen_require container_engine_t)
                (typeattributeset cil_gen_require container_engine_exec_t)
                (typeattributeset cil_gen_require container_engine_domain)
                (typeattributeset cil_gen_require container_file_t)
                (typeattributeset cil_gen_require container_ro_file_t)
                (typeattributeset cil_gen_require container_user_runtime_t)
                (typeattributeset cil_gen_require container_cache_home_t)
                (typeattributeset cil_gen_require container_conf_home_t)
                (typeattributeset cil_gen_require container_data_home_t)
                (roleattributeset cil_gen_require container_roles)
                (roleattributeset container_roles (staff_r ))
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r container_user_domain)
                (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                (allow staff_application_exec_domain container_engine_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain container_engine_t (process (transition)))
                (dontaudit staff_application_exec_domain container_engine_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain container_engine_exec_t process container_engine_t)
                (allow container_engine_t staff_application_exec_domain (fd (use)))
                (allow container_engine_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow container_engine_t staff_application_exec_domain (process (sigchld)))
                (allow staff_t container_engine_domain (dbus (send_msg)))
                (allow container_engine_domain staff_t (dbus (send_msg)))
                (allow staff_application_exec_domain self (cap_userns (kill sys_ptrace)))
                (allow staff_t etc_t (dir (getattr open search)))
                (allow staff_t container_config_t (dir (getattr open search)))
                (allow staff_t container_config_t (file (ioctl read getattr lock open)))
                (allow staff_t container_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_file_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t container_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_file_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_file_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t container_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_file_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_file_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_file_t (dir (getattr open search)))
                (allow staff_t container_file_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t container_file_t (dir (getattr open search)))
                (allow staff_t container_file_t (file (getattr relabelfrom relabelto)))
                (allow staff_t container_file_t (dir (getattr open search)))
                (allow staff_t container_file_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t container_file_t (dir (getattr open search)))
                (allow staff_t container_file_t (fifo_file (getattr relabelfrom relabelto)))
                (allow staff_t container_file_t (dir (getattr open search)))
                (allow staff_t container_file_t (sock_file (getattr relabelfrom relabelto)))
                (allow staff_t container_file_t (chr_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_file_t (blk_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_ro_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_ro_file_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t container_ro_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_ro_file_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_ro_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_ro_file_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t container_ro_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_ro_file_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_ro_file_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_ro_file_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_ro_file_t (dir (getattr open search)))
                (allow staff_t container_ro_file_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t container_ro_file_t (dir (getattr open search)))
                (allow staff_t container_ro_file_t (file (getattr relabelfrom relabelto)))
                (allow staff_t container_ro_file_t (dir (getattr open search)))
                (allow staff_t container_ro_file_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t container_ro_file_t (dir (getattr open search)))
                (allow staff_t container_ro_file_t (fifo_file (getattr relabelfrom relabelto)))
                (allow staff_t container_ro_file_t (dir (getattr open search)))
                (allow staff_t container_ro_file_t (sock_file (getattr relabelfrom relabelto)))
                (allow staff_t container_ro_file_t (chr_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_ro_file_t (blk_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow container_user_domain staff_application_exec_domain (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                (allow staff_application_exec_domain container_user_domain (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain container_user_domain (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain container_user_domain (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain container_user_domain (lnk_file (read getattr)))
                (allow staff_application_exec_domain container_user_domain (process (getattr)))
                (allow staff_t container_user_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_user_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t container_user_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_user_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_user_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_user_runtime_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t container_user_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_user_runtime_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_user_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_user_runtime_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t container_user_runtime_t (dir (getattr open search)))
                (allow staff_t container_user_runtime_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t container_user_runtime_t (dir (getattr open search)))
                (allow staff_t container_user_runtime_t (file (getattr relabelfrom relabelto)))
                (allow staff_t container_user_runtime_t (dir (getattr open search)))
                (allow staff_t container_user_runtime_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t container_user_runtime_t (dir (getattr open search)))
                (allow staff_t container_user_runtime_t (fifo_file (getattr relabelfrom relabelto)))
                (allow staff_t container_user_runtime_t (dir (getattr open search)))
                (allow staff_t container_user_runtime_t (sock_file (getattr relabelfrom relabelto)))
                (allow staff_t container_cache_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t container_cache_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_cache_t (dir (create getattr)))
                (allow staff_t container_conf_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t container_conf_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_config_t (dir (create getattr)))
                (allow staff_t container_data_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t container_data_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t container_data_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t container_data_home_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t container_data_home_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t container_data_home_t (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t container_data_home_t (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdg_data_t (dir (create getattr)))
                (allow staff_t container_data_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_data_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_data_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_data_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_data_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_data_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t container_data_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition staff_t container_data_home_t dir "volumes" container_file_t)
                (typetransition staff_t container_data_home_t dir "overlay2-layers" container_ro_file_t)
                (typetransition staff_t container_data_home_t dir "overlay2-images" container_ro_file_t)
                (typetransition staff_t container_data_home_t dir "overlay2" container_ro_file_t)
                (typetransition staff_t container_data_home_t dir "overlay-layers" container_ro_file_t)
                (typetransition staff_t container_data_home_t dir "overlay-images" container_ro_file_t)
                (typetransition staff_t container_data_home_t dir "overlay" container_ro_file_t)
                (typetransition staff_t xdg_data_t dir "containers" container_data_home_t)
                (typetransition staff_t xdg_config_t dir "containers" container_conf_home_t)
                (typetransition staff_t xdg_cache_t dir "containers" container_cache_home_t)
                (optional staff_optional_85
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow container_engine_user_domain staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow container_engine_user_domain staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow container_engine_user_domain staff_systemd_t (lnk_file (read getattr)))
                    (allow container_engine_user_domain staff_systemd_t (process (getattr)))
                    (allow container_engine_user_domain staff_systemd_t (system (start)))
                    (allow container_engine_user_domain staff_systemd_t (system (stop)))
                    (allow container_engine_user_domain staff_systemd_t (system (status)))
                    (allow container_engine_user_domain staff_systemd_t (dbus (send_msg)))
                    (allow staff_systemd_t container_engine_user_domain (dbus (send_msg)))
                    (allow staff_systemd_t container_user_domain (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t container_user_domain (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t container_user_domain (lnk_file (read getattr)))
                    (allow staff_systemd_t container_user_domain (process (getattr)))
                    (allow staff_systemd_t container_user_domain (process (sigchld sigkill sigstop signull signal)))
                    (allow container_user_domain staff_systemd_t (fd (use)))
                    (allow container_user_domain staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow container_user_domain staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow container_user_domain staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow container_user_domain staff_systemd_t (lnk_file (read getattr)))
                    (allow container_user_domain staff_systemd_t (process (getattr)))
                    (allow container_user_domain staff_systemd_t (process (sigchld)))
                )
                (optional staff_optional_86
                    (typeattributeset cil_gen_require bin_t)
                    (typeattributeset cil_gen_require usr_t)
                    (typeattributeset cil_gen_require dockerd_user_t)
                    (typeattributeset cil_gen_require dockerd_exec_t)
                    (typeattributeset cil_gen_require dockerc_user_t)
                    (typeattributeset cil_gen_require dockerc_exec_t)
                    (roleattributeset cil_gen_require staff_r)
                    (roletype staff_r dockerd_user_t)
                    (roletype staff_r dockerc_user_t)
                    (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                    (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                    (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                    (allow staff_application_exec_domain dockerd_exec_t (file (ioctl read getattr map execute open)))
                    (allow staff_application_exec_domain dockerd_user_t (process (transition)))
                    (dontaudit staff_application_exec_domain dockerd_user_t (process (noatsecure siginh rlimitinh)))
                    (typetransition staff_application_exec_domain dockerd_exec_t process dockerd_user_t)
                    (allow dockerd_user_t staff_application_exec_domain (fd (use)))
                    (allow dockerd_user_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                    (allow dockerd_user_t staff_application_exec_domain (process (sigchld)))
                    (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                    (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                    (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                    (allow staff_application_exec_domain dockerc_exec_t (file (ioctl read getattr map execute open)))
                    (allow staff_application_exec_domain dockerc_user_t (process (transition)))
                    (dontaudit staff_application_exec_domain dockerc_user_t (process (noatsecure siginh rlimitinh)))
                    (typetransition staff_application_exec_domain dockerc_exec_t process dockerc_user_t)
                    (allow dockerc_user_t staff_application_exec_domain (fd (use)))
                    (allow dockerc_user_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                    (allow dockerc_user_t staff_application_exec_domain (process (sigchld)))
                    (optional staff_optional_87
                        (typeattributeset cil_gen_require staff_dbusd_t)
                        (typeattributeset cil_gen_require dbusd_session_bus_client)
                        (typeattributeset cil_gen_require dbusd_session_bus_client)
                        (typeattributeset dbusd_session_bus_client (dockerd_user_t ))
                        (allow dockerd_user_t staff_dbusd_t (dbus (send_msg)))
                        (allow dockerd_user_t self (dbus (send_msg)))
                        (allow staff_dbusd_t dockerd_user_t (dbus (send_msg)))
                        (allow dockerd_user_t staff_dbusd_t (unix_stream_socket (connectto)))
                        (allow dockerd_user_t staff_dbusd_t (fd (use)))
                    )
                    (optional staff_optional_88
                        (typeattributeset cil_gen_require bin_t)
                        (typeattributeset cil_gen_require usr_t)
                        (typeattributeset cil_gen_require rootlesskit_t)
                        (typeattributeset cil_gen_require rootlesskit_exec_t)
                        (roleattributeset cil_gen_require staff_r)
                        (roletype staff_r rootlesskit_t)
                        (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                        (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                        (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                        (allow staff_application_exec_domain rootlesskit_exec_t (file (ioctl read getattr map execute open)))
                        (allow staff_application_exec_domain rootlesskit_t (process (transition)))
                        (dontaudit staff_application_exec_domain rootlesskit_t (process (noatsecure siginh rlimitinh)))
                        (typetransition staff_application_exec_domain rootlesskit_exec_t process rootlesskit_t)
                        (allow rootlesskit_t staff_application_exec_domain (fd (use)))
                        (allow rootlesskit_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow rootlesskit_t staff_application_exec_domain (process (sigchld)))
                        (optional staff_optional_89
                            (typeattributeset cil_gen_require staff_systemd_t)
                            (allow staff_systemd_t rootlesskit_exec_t (file (ioctl read getattr map execute open)))
                            (allow staff_systemd_t rootlesskit_t (process (transition)))
                            (dontaudit staff_systemd_t rootlesskit_t (process (noatsecure siginh rlimitinh)))
                            (typetransition staff_systemd_t rootlesskit_exec_t process rootlesskit_t)
                            (allow rootlesskit_t staff_systemd_t (fd (use)))
                            (allow rootlesskit_t staff_systemd_t (fifo_file (ioctl read write getattr lock append)))
                            (allow rootlesskit_t staff_systemd_t (process (sigchld)))
                            (allow staff_systemd_t rootlesskit_t (dir (ioctl read getattr lock open search)))
                            (allow staff_systemd_t rootlesskit_t (file (ioctl read getattr lock open)))
                            (allow staff_systemd_t rootlesskit_t (lnk_file (read getattr)))
                            (allow staff_systemd_t rootlesskit_t (process (getattr)))
                            (allow staff_systemd_t rootlesskit_t (process (sigchld sigkill sigstop signull signal)))
                            (allow rootlesskit_t staff_systemd_t (fd (use)))
                            (allow rootlesskit_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                            (allow rootlesskit_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                            (allow rootlesskit_t staff_systemd_t (file (ioctl read getattr lock open)))
                            (allow rootlesskit_t staff_systemd_t (lnk_file (read getattr)))
                            (allow rootlesskit_t staff_systemd_t (process (getattr)))
                            (allow rootlesskit_t staff_systemd_t (process (sigchld)))
                        )
                    )
                )
                (optional staff_optional_90
                    (typeattributeset cil_gen_require bin_t)
                    (typeattributeset cil_gen_require usr_t)
                    (typeattributeset cil_gen_require podman_user_t)
                    (typeattributeset cil_gen_require podman_user_conmon_t)
                    (typeattributeset cil_gen_require podman_exec_t)
                    (typeattributeset cil_gen_require conmon_exec_t)
                    (roleattributeset cil_gen_require staff_r)
                    (roletype staff_r podman_user_t)
                    (roletype staff_r podman_user_conmon_t)
                    (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                    (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                    (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                    (allow staff_application_exec_domain podman_exec_t (file (ioctl read getattr map execute open)))
                    (allow staff_application_exec_domain podman_user_t (process (transition)))
                    (dontaudit staff_application_exec_domain podman_user_t (process (noatsecure siginh rlimitinh)))
                    (typetransition staff_application_exec_domain podman_exec_t process podman_user_t)
                    (allow podman_user_t staff_application_exec_domain (fd (use)))
                    (allow podman_user_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                    (allow podman_user_t staff_application_exec_domain (process (sigchld)))
                    (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                    (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                    (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                    (allow staff_application_exec_domain conmon_exec_t (file (ioctl read getattr map execute open)))
                    (allow staff_application_exec_domain podman_user_conmon_t (process (transition)))
                    (dontaudit staff_application_exec_domain podman_user_conmon_t (process (noatsecure siginh rlimitinh)))
                    (typetransition staff_application_exec_domain conmon_exec_t process podman_user_conmon_t)
                    (allow podman_user_conmon_t staff_application_exec_domain (fd (use)))
                    (allow podman_user_conmon_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                    (allow podman_user_conmon_t staff_application_exec_domain (process (sigchld)))
                    (optional staff_optional_91
                        (typeattributeset cil_gen_require staff_dbusd_t)
                        (typeattributeset cil_gen_require dbusd_session_bus_client)
                        (typeattributeset cil_gen_require dbusd_session_bus_client)
                        (typeattributeset dbusd_session_bus_client (podman_user_t ))
                        (allow podman_user_t staff_dbusd_t (dbus (send_msg)))
                        (allow podman_user_t self (dbus (send_msg)))
                        (allow staff_dbusd_t podman_user_t (dbus (send_msg)))
                        (allow podman_user_t staff_dbusd_t (unix_stream_socket (connectto)))
                        (allow podman_user_t staff_dbusd_t (fd (use)))
                    )
                    (optional staff_optional_92
                        (typeattributeset cil_gen_require staff_systemd_t)
                        (allow staff_systemd_t podman_user_t (dir (ioctl read getattr lock open search)))
                        (allow staff_systemd_t podman_user_t (file (ioctl read getattr lock open)))
                        (allow staff_systemd_t podman_user_t (lnk_file (read getattr)))
                        (allow staff_systemd_t podman_user_t (process (getattr)))
                        (allow staff_systemd_t podman_user_t (process (sigchld sigkill sigstop signull signal)))
                        (allow podman_user_t staff_systemd_t (fd (use)))
                        (allow podman_user_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                        (allow podman_user_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                        (allow podman_user_t staff_systemd_t (file (ioctl read getattr lock open)))
                        (allow podman_user_t staff_systemd_t (lnk_file (read getattr)))
                        (allow podman_user_t staff_systemd_t (process (getattr)))
                        (allow podman_user_t staff_systemd_t (process (sigchld)))
                        (allow staff_systemd_t podman_user_conmon_t (dir (ioctl read getattr lock open search)))
                        (allow staff_systemd_t podman_user_conmon_t (file (ioctl read getattr lock open)))
                        (allow staff_systemd_t podman_user_conmon_t (lnk_file (read getattr)))
                        (allow staff_systemd_t podman_user_conmon_t (process (getattr)))
                        (allow staff_systemd_t podman_user_conmon_t (process (sigchld sigkill sigstop signull signal)))
                        (allow podman_user_conmon_t staff_systemd_t (fd (use)))
                        (allow podman_user_conmon_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                        (allow podman_user_conmon_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                        (allow podman_user_conmon_t staff_systemd_t (file (ioctl read getattr lock open)))
                        (allow podman_user_conmon_t staff_systemd_t (lnk_file (read getattr)))
                        (allow podman_user_conmon_t staff_systemd_t (process (getattr)))
                        (allow podman_user_conmon_t staff_systemd_t (process (sigchld)))
                    )
                )
            )
            (optional staff_optional_93
                (roleattributeset cil_gen_require dbadm_r)
                (roleallow staff_r dbadm_r)
            )
            (optional staff_optional_94
                (type staff_git_t)
                (roletype object_r staff_git_t)
                (roleattributeset cil_gen_require git_session_roles)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_t ))
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_t ))
                (typeattributeset cil_gen_require git_client_domain)
                (typeattributeset cil_gen_require git_exec_t)
                (typeattributeset cil_gen_require git_home_t)
                (typeattributeset cil_gen_require git_home_hook_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require git_session_t)
                (typeattributeset cil_gen_require gitd_exec_t)
                (typeattributeset cil_gen_require git_user_content_t)
                (roleattributeset cil_gen_require git_session_roles)
                (roleattributeset git_session_roles (staff_r ))
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r staff_git_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (git_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (git_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_git_t ))
                (typeattributeset cil_gen_require git_client_domain)
                (typeattributeset git_client_domain (staff_git_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (staff_git_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_git_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (git_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_git_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (git_exec_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (git_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (git_exec_t ))
                (allow staff_git_t git_exec_t (file (entrypoint)))
                (allow staff_git_t git_exec_t (file (ioctl read getattr lock map execute open)))
                (allow staff_application_exec_domain git_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain staff_git_t (process (transition)))
                (dontaudit staff_application_exec_domain staff_git_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain git_exec_t process staff_git_t)
                (allow staff_git_t staff_application_exec_domain (fd (use)))
                (allow staff_git_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow staff_git_t staff_application_exec_domain (process (sigchld)))
                (allow staff_t git_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t git_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t git_home_hook_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t git_home_hook_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute open execute_no_trans)))
                (allow staff_t git_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_application_exec_domain staff_git_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain staff_git_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain staff_git_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain staff_git_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain staff_git_t (process (getattr)))
                (allow staff_application_exec_domain git_home_hook_t (dir (getattr open search)))
                (allow staff_application_exec_domain git_home_hook_t (file (ioctl read getattr map execute open execute_no_trans)))
                (allow staff_git_t git_home_t (file (ioctl read getattr map execute open)))
                (allow staff_git_t staff_t (process (transition)))
                (dontaudit staff_git_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_git_t git_home_t process staff_t)
                (allow staff_t staff_git_t (fd (use)))
                (allow staff_t staff_git_t (fifo_file (ioctl read write getattr lock append)))
                (allow staff_t staff_git_t (process (sigchld)))
                (allow staff_t git_user_content_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t git_user_content_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute open execute_no_trans)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain git_session_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain git_session_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain git_session_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain git_session_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain git_session_t (process (getattr)))
                (typetransition staff_t user_home_dir_t dir "public_git" git_user_content_t)
                (typetransition staff_t git_home_t dir "hooks" git_home_hook_t)
                (typetransition staff_t user_home_dir_t dir ".git" git_home_t)
                (booleanif (git_session_users)
                    (true
                        (allow git_session_t staff_application_exec_domain (process (sigchld)))
                        (allow git_session_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow git_session_t staff_application_exec_domain (fd (use)))
                        (typetransition staff_application_exec_domain gitd_exec_t process git_session_t)
                        (dontaudit staff_application_exec_domain git_session_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_application_exec_domain git_session_t (process (transition)))
                        (allow staff_application_exec_domain gitd_exec_t (file (ioctl read getattr map execute open)))
                    )
                    (false
                        (allow staff_application_exec_domain gitd_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                    )
                )
                (optional staff_optional_95
                    (typeattributeset cil_gen_require init_t)
                    (allow staff_git_t init_t (process (sigchld)))
                    (allow staff_git_t init_t (process (signull)))
                    (optional staff_optional_96
                        (typeattributeset cil_gen_require rpm_t)
                        (allow staff_git_t rpm_t (fd (use)))
                        (allow staff_git_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional staff_optional_97
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit staff_git_t security_t (filesystem (getattr)))
                        (dontaudit staff_git_t sysfs_t (filesystem (getattr)))
                        (dontaudit staff_git_t sysfs_t (dir (getattr open search)))
                        (dontaudit staff_git_t security_t (dir (getattr open search)))
                        (dontaudit staff_git_t security_t (file (ioctl read getattr lock open)))
                        (optional staff_optional_98
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit staff_git_t selinux_config_t (dir (getattr open search)))
                            (dontaudit staff_git_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional staff_optional_99
                                (typeattributeset cil_gen_require ssh_t)
                                (typeattributeset cil_gen_require ssh_exec_t)
                                (allow staff_git_t ssh_exec_t (file (ioctl read getattr map execute open)))
                                (allow staff_git_t ssh_t (process (transition)))
                                (dontaudit staff_git_t ssh_t (process (noatsecure siginh rlimitinh)))
                                (typetransition staff_git_t ssh_exec_t process ssh_t)
                                (allow ssh_t staff_git_t (fd (use)))
                                (allow ssh_t staff_git_t (fifo_file (ioctl read write getattr lock append)))
                                (allow ssh_t staff_git_t (process (sigchld)))
                            )
                            (optional staff_optional_100
                                (typeattributeset cil_gen_require staff_systemd_t)
                                (allow staff_systemd_t staff_git_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t staff_git_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t staff_git_t (lnk_file (read getattr)))
                                (allow staff_systemd_t staff_git_t (process (getattr)))
                                (allow staff_systemd_t staff_git_t (process (sigchld sigkill sigstop signull signal)))
                                (allow staff_git_t staff_systemd_t (fd (use)))
                                (allow staff_git_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow staff_git_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow staff_git_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow staff_git_t staff_systemd_t (lnk_file (read getattr)))
                                (allow staff_git_t staff_systemd_t (process (getattr)))
                                (allow staff_git_t staff_systemd_t (process (sigchld)))
                                (optional staff_optional_101
                                    (typeattributeset cil_gen_require staff_systemd_t)
                                    (allow staff_systemd_t git_session_t (dir (ioctl read getattr lock open search)))
                                    (allow staff_systemd_t git_session_t (file (ioctl read getattr lock open)))
                                    (allow staff_systemd_t git_session_t (lnk_file (read getattr)))
                                    (allow staff_systemd_t git_session_t (process (getattr)))
                                    (allow staff_systemd_t git_session_t (process (sigchld sigkill sigstop signull signal)))
                                    (allow git_session_t staff_systemd_t (fd (use)))
                                    (allow git_session_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                    (allow git_session_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                    (allow git_session_t staff_systemd_t (file (ioctl read getattr lock open)))
                                    (allow git_session_t staff_systemd_t (lnk_file (read getattr)))
                                    (allow git_session_t staff_systemd_t (process (getattr)))
                                    (allow git_session_t staff_systemd_t (process (sigchld)))
                                )
                            )
                        )
                    )
                )
            )
            (optional staff_optional_102
                (typeattributeset cil_gen_require modemmanager_t)
                (allow staff_t modemmanager_t (dbus (send_msg)))
                (allow modemmanager_t staff_t (dbus (send_msg)))
            )
            (optional staff_optional_103
                (typeattributeset cil_gen_require sepgsql_client_type)
                (typeattributeset cil_gen_require sepgsql_database_type)
                (typeattributeset cil_gen_require sepgsql_schema_type)
                (typeattributeset cil_gen_require sepgsql_sysobj_table_type)
                (typeattributeset cil_gen_require sepgsql_trusted_proc_exec_t)
                (typeattributeset cil_gen_require sepgsql_trusted_proc_t)
                (typeattributeset cil_gen_require sepgsql_ranged_proc_exec_t)
                (typeattributeset cil_gen_require sepgsql_ranged_proc_t)
                (typeattributeset cil_gen_require user_sepgsql_blob_t)
                (typeattributeset cil_gen_require user_sepgsql_proc_exec_t)
                (typeattributeset cil_gen_require user_sepgsql_schema_t)
                (typeattributeset cil_gen_require user_sepgsql_seq_t)
                (typeattributeset cil_gen_require user_sepgsql_sysobj_t)
                (typeattributeset cil_gen_require user_sepgsql_table_t)
                (typeattributeset cil_gen_require user_sepgsql_view_t)
                (typeattributeset cil_gen_require sepgsql_temp_object_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r sepgsql_trusted_proc_t)
                (roletype staff_r sepgsql_ranged_proc_t)
                (typeattributeset cil_gen_require sepgsql_client_type)
                (typeattributeset sepgsql_client_type (staff_t ))
                (allow staff_t user_sepgsql_schema_t (db_schema (getattr search add_name remove_name)))
                (typetransition staff_t sepgsql_database_type db_schema user_sepgsql_schema_t)
                (allow staff_t user_sepgsql_table_t (db_table (getattr select update insert delete lock)))
                (allow staff_t user_sepgsql_table_t (db_column (getattr select update insert)))
                (allow staff_t user_sepgsql_table_t (db_tuple (select update insert delete)))
                (typetransition staff_t sepgsql_schema_type db_table user_sepgsql_table_t)
                (allow staff_t user_sepgsql_sysobj_t (db_tuple (use select)))
                (typetransition staff_t sepgsql_sysobj_table_type db_tuple user_sepgsql_sysobj_t)
                (allow staff_t user_sepgsql_seq_t (db_sequence (getattr get_value next_value)))
                (typetransition staff_t sepgsql_schema_type db_sequence user_sepgsql_seq_t)
                (allow staff_t user_sepgsql_view_t (db_view (getattr expand)))
                (typetransition staff_t sepgsql_schema_type db_view user_sepgsql_view_t)
                (allow staff_t user_sepgsql_proc_exec_t (db_procedure (getattr execute)))
                (typetransition staff_t sepgsql_schema_type db_procedure user_sepgsql_proc_exec_t)
                (allow staff_t user_sepgsql_blob_t (db_blob (create drop getattr setattr read write import export)))
                (typetransition staff_t sepgsql_database_type db_blob user_sepgsql_blob_t)
                (allow staff_t sepgsql_ranged_proc_t (process (transition)))
                (typetransition staff_t sepgsql_ranged_proc_exec_t process sepgsql_ranged_proc_t)
                (allow sepgsql_ranged_proc_t staff_t (process (dyntransition)))
                (allow staff_t sepgsql_trusted_proc_t (process (transition)))
                (typetransition staff_t sepgsql_trusted_proc_exec_t process sepgsql_trusted_proc_t)
                (typetransition staff_t sepgsql_database_type db_schema "pg_temp" sepgsql_temp_object_t)
                (booleanif (sepgsql_enable_users_ddl)
                    (true
                        (allow staff_t user_sepgsql_proc_exec_t (db_procedure (create drop setattr)))
                        (allow staff_t user_sepgsql_view_t (db_view (create drop setattr)))
                        (allow staff_t user_sepgsql_seq_t (db_sequence (create drop setattr set_value)))
                        (allow staff_t user_sepgsql_sysobj_t (db_tuple (update insert delete)))
                        (allow staff_t user_sepgsql_table_t (db_column (create drop setattr)))
                        (allow staff_t user_sepgsql_table_t (db_table (create drop setattr)))
                        (allow staff_t user_sepgsql_schema_t (db_schema (create drop setattr)))
                    )
                )
                (optional staff_optional_104
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t sepgsql_ranged_proc_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t sepgsql_ranged_proc_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t sepgsql_ranged_proc_t (lnk_file (read getattr)))
                    (allow staff_systemd_t sepgsql_ranged_proc_t (process (getattr)))
                    (allow staff_systemd_t sepgsql_ranged_proc_t (process (sigchld sigkill sigstop signull signal)))
                    (allow sepgsql_ranged_proc_t staff_systemd_t (fd (use)))
                    (allow sepgsql_ranged_proc_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow sepgsql_ranged_proc_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow sepgsql_ranged_proc_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow sepgsql_ranged_proc_t staff_systemd_t (lnk_file (read getattr)))
                    (allow sepgsql_ranged_proc_t staff_systemd_t (process (getattr)))
                    (allow sepgsql_ranged_proc_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t sepgsql_trusted_proc_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t sepgsql_trusted_proc_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t sepgsql_trusted_proc_t (lnk_file (read getattr)))
                    (allow staff_systemd_t sepgsql_trusted_proc_t (process (getattr)))
                    (allow staff_systemd_t sepgsql_trusted_proc_t (process (sigchld sigkill sigstop signull signal)))
                    (allow sepgsql_trusted_proc_t staff_systemd_t (fd (use)))
                    (allow sepgsql_trusted_proc_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow sepgsql_trusted_proc_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow sepgsql_trusted_proc_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow sepgsql_trusted_proc_t staff_systemd_t (lnk_file (read getattr)))
                    (allow sepgsql_trusted_proc_t staff_systemd_t (process (getattr)))
                    (allow sepgsql_trusted_proc_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_105
                (roleattributeset cil_gen_require secadm_r)
                (roleallow staff_r secadm_r)
            )
            (optional staff_optional_106
                (type staff_ssh_agent_t)
                (roletype object_r staff_ssh_agent_t)
                (typeattributeset cil_gen_require user_devpts_t)
                (typeattributeset cil_gen_require user_tty_device_t)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_t ))
                (typeattributeset cil_gen_require selinux_config_t)
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_t ))
                (typeattributeset cil_gen_require devpts_t)
                (typeattributeset cil_gen_require console_device_t)
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require proc_t)
                (typeattributeset cil_gen_require sysctl_t)
                (typeattributeset cil_gen_require sysctl_kernel_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require etc_runtime_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require lib_t)
                (typeattributeset cil_gen_require locale_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require syslogd_t)
                (typeattributeset cil_gen_require syslogd_runtime_t)
                (typeattributeset cil_gen_require devlog_t)
                (typeattributeset cil_gen_require init_runtime_t)
                (typeattributeset cil_gen_require user_home_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require nfs_t)
                (typeattributeset cil_gen_require cifs_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_t ))
                (typeattributeset cil_gen_require autofs_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require ssh_t)
                (typeattributeset cil_gen_require ssh_exec_t)
                (typeattributeset cil_gen_require ssh_server)
                (typeattributeset cil_gen_require ssh_agent_type)
                (typeattributeset cil_gen_require ssh_home_t)
                (typeattributeset cil_gen_require ssh_agent_exec_t)
                (typeattributeset cil_gen_require ssh_agent_tmp_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r ssh_t)
                (roletype staff_r staff_ssh_agent_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_ssh_agent_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (staff_ssh_agent_t ))
                (typeattributeset cil_gen_require ssh_agent_type)
                (typeattributeset ssh_agent_type (staff_ssh_agent_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_ssh_agent_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_ssh_agent_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (ssh_agent_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (ssh_agent_exec_t ))
                (allow staff_ssh_agent_t ssh_agent_exec_t (file (entrypoint)))
                (allow staff_ssh_agent_t ssh_agent_exec_t (file (ioctl read getattr lock map execute open)))
                (allow staff_application_exec_domain ssh_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain ssh_t (process (transition)))
                (dontaudit staff_application_exec_domain ssh_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain ssh_exec_t process ssh_t)
                (allow ssh_t staff_application_exec_domain (fd (use)))
                (allow ssh_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow ssh_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain ssh_server (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                (allow staff_application_exec_domain ssh_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain ssh_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain ssh_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain ssh_t (process (getattr)))
                (allow staff_application_exec_domain ssh_t (process (signal)))
                (allow ssh_t staff_application_exec_domain (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow ssh_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow ssh_t staff_application_exec_domain (key (view read write search link setattr create)))
                (allow staff_t ssh_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t ssh_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t ssh_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t ssh_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t ssh_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t ssh_home_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t self (process (signal setrlimit)))
                (allow staff_ssh_agent_t self (capability (setgid)))
                (allow staff_ssh_agent_t self (fifo_file (ioctl read write getattr lock append open)))
                (allow staff_ssh_agent_t staff_application_exec_domain (process (signull)))
                (allow staff_ssh_agent_t staff_ssh_agent_t (process (signull)))
                (allow staff_ssh_agent_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
                (allow staff_ssh_agent_t ssh_agent_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_ssh_agent_t ssh_agent_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_ssh_agent_t ssh_agent_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_ssh_agent_t ssh_agent_tmp_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_ssh_agent_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition staff_ssh_agent_t tmp_t sock_file ssh_agent_tmp_t)
                (typetransition staff_ssh_agent_t tmp_t dir ssh_agent_tmp_t)
                (allow staff_application_exec_domain ssh_agent_tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain ssh_agent_tmp_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain staff_ssh_agent_t (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain staff_ssh_agent_t (process (signal)))
                (allow staff_application_exec_domain staff_ssh_agent_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain staff_ssh_agent_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain staff_ssh_agent_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain staff_ssh_agent_t (process (getattr)))
                (allow staff_application_exec_domain ssh_agent_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain staff_ssh_agent_t (process (transition)))
                (dontaudit staff_application_exec_domain staff_ssh_agent_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain ssh_agent_exec_t process staff_ssh_agent_t)
                (allow staff_ssh_agent_t staff_application_exec_domain (fd (use)))
                (allow staff_ssh_agent_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow staff_ssh_agent_t staff_application_exec_domain (process (sigchld)))
                (allow staff_ssh_agent_t proc_t (dir (getattr open search)))
                (allow staff_ssh_agent_t sysctl_t (dir (getattr open search)))
                (allow staff_ssh_agent_t sysctl_kernel_t (dir (getattr open search)))
                (allow staff_ssh_agent_t sysctl_kernel_t (file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t proc_t (dir (getattr open search)))
                (allow staff_ssh_agent_t sysctl_t (dir (getattr open search)))
                (allow staff_ssh_agent_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t device_t (dir (getattr open search)))
                (allow staff_ssh_agent_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t device_t (dir (getattr open search)))
                (allow staff_ssh_agent_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t autofs_t (dir (getattr open search)))
                (allow staff_ssh_agent_t bin_t (dir (getattr open search)))
                (allow staff_ssh_agent_t bin_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t usr_t (dir (getattr open search)))
                (allow staff_ssh_agent_t bin_t (dir (getattr open search)))
                (allow staff_ssh_agent_t bin_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_ssh_agent_t staff_t (process (transition)))
                (dontaudit staff_ssh_agent_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_ssh_agent_t shell_exec_t process staff_t)
                (allow staff_ssh_agent_t bin_t (dir (getattr open search)))
                (allow staff_ssh_agent_t bin_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t usr_t (dir (getattr open search)))
                (allow staff_ssh_agent_t bin_t (file (ioctl read getattr map execute open)))
                (allow staff_ssh_agent_t staff_t (process (transition)))
                (dontaudit staff_ssh_agent_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_ssh_agent_t bin_t process staff_t)
                (allow staff_ssh_agent_t privfd (fd (use)))
                (allow staff_ssh_agent_t etc_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t etc_t (dir (getattr open search)))
                (allow staff_ssh_agent_t etc_t (file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t etc_t (dir (getattr open search)))
                (allow staff_ssh_agent_t etc_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t etc_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t etc_t (dir (getattr open search)))
                (allow staff_ssh_agent_t etc_runtime_t (file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t etc_t (dir (getattr open search)))
                (allow staff_ssh_agent_t etc_runtime_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t usr_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t usr_t (dir (getattr open search)))
                (allow staff_ssh_agent_t usr_t (file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t usr_t (dir (getattr open search)))
                (allow staff_ssh_agent_t usr_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t home_root_t (dir (getattr open search)))
                (allow staff_ssh_agent_t home_root_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t usr_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t lib_t (dir (getattr open search)))
                (allow staff_ssh_agent_t lib_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t lib_t (dir (getattr open search)))
                (allow staff_ssh_agent_t lib_t (file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t lib_t (dir (getattr open search)))
                (allow staff_ssh_agent_t lib_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t devlog_t (sock_file (write getattr append open)))
                (allow staff_ssh_agent_t var_run_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t var_t (dir (getattr open search)))
                (allow staff_ssh_agent_t var_run_t (dir (getattr open search)))
                (allow staff_ssh_agent_t init_runtime_t (dir (getattr open search)))
                (allow staff_ssh_agent_t syslogd_runtime_t (dir (getattr open search)))
                (allow staff_ssh_agent_t syslogd_t (unix_dgram_socket (sendto)))
                (allow staff_ssh_agent_t syslogd_t (unix_stream_socket (connectto)))
                (allow staff_ssh_agent_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_ssh_agent_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_ssh_agent_t device_t (dir (getattr open search)))
                (allow staff_ssh_agent_t device_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t device_t (dir (getattr open search)))
                (allow staff_ssh_agent_t device_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t console_device_t (chr_file (ioctl write getattr lock append open)))
                (dontaudit staff_ssh_agent_t console_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t etc_t (dir (getattr open search)))
                (allow staff_ssh_agent_t etc_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t usr_t (dir (getattr open search)))
                (allow staff_ssh_agent_t locale_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t locale_t (dir (getattr open search)))
                (allow staff_ssh_agent_t locale_t (file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t locale_t (dir (getattr open search)))
                (allow staff_ssh_agent_t locale_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t locale_t (file (map)))
                (allow staff_ssh_agent_t cert_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t cert_t (dir (getattr open search)))
                (allow staff_ssh_agent_t cert_t (file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t cert_t (dir (getattr open search)))
                (allow staff_ssh_agent_t cert_t (lnk_file (read getattr)))
                (dontaudit staff_ssh_agent_t selinux_config_t (dir (getattr open search)))
                (dontaudit staff_ssh_agent_t selinux_config_t (file (ioctl read getattr lock open)))
                (allow staff_ssh_agent_t device_t (dir (getattr open search)))
                (allow staff_ssh_agent_t device_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t device_t (dir (getattr open search)))
                (allow staff_ssh_agent_t device_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t devpts_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t user_devpts_t (chr_file (ioctl read write getattr append open)))
                (allow staff_ssh_agent_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
                (allow staff_ssh_agent_t home_root_t (dir (ioctl read getattr lock open search)))
                (allow staff_ssh_agent_t home_root_t (lnk_file (read getattr)))
                (allow staff_ssh_agent_t user_home_t (dir (getattr open search)))
                (allow staff_ssh_agent_t user_home_dir_t (dir (getattr open search)))
                (allow staff_ssh_agent_t user_home_t (file (ioctl read getattr map execute open)))
                (allow staff_ssh_agent_t staff_t (process (transition)))
                (dontaudit staff_ssh_agent_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_ssh_agent_t user_home_t process staff_t)
                (allow staff_ssh_agent_t user_home_dir_t (dir (getattr open search)))
                (allow staff_ssh_agent_t home_root_t (dir (getattr open search)))
                (allow staff_ssh_agent_t home_root_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain staff_ssh_agent_t (fd (use)))
                (allow staff_application_exec_domain staff_ssh_agent_t (fifo_file (ioctl read write getattr lock append)))
                (allow staff_application_exec_domain staff_ssh_agent_t (process (sigchld)))
                (booleanif (use_samba_home_dirs)
                    (true
                        (typetransition staff_ssh_agent_t cifs_t process staff_t)
                        (dontaudit staff_ssh_agent_t staff_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_ssh_agent_t staff_t (process (transition)))
                        (allow staff_ssh_agent_t cifs_t (file (ioctl read getattr map execute open)))
                        (allow staff_ssh_agent_t cifs_t (dir (getattr open search)))
                        (allow staff_ssh_agent_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                        (allow staff_ssh_agent_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    )
                )
                (booleanif (use_nfs_home_dirs)
                    (true
                        (typetransition staff_ssh_agent_t nfs_t process staff_t)
                        (dontaudit staff_ssh_agent_t staff_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_ssh_agent_t staff_t (process (transition)))
                        (allow staff_ssh_agent_t nfs_t (file (ioctl read getattr map execute open)))
                        (allow staff_ssh_agent_t nfs_t (dir (getattr open search)))
                        (allow staff_ssh_agent_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                        (allow staff_ssh_agent_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    )
                )
                (optional staff_optional_107
                    (typeattributeset cil_gen_require init_t)
                    (allow staff_ssh_agent_t init_t (process (sigchld)))
                    (allow staff_ssh_agent_t init_t (process (signull)))
                    (optional staff_optional_108
                        (typeattributeset cil_gen_require rpm_t)
                        (allow staff_ssh_agent_t rpm_t (fd (use)))
                        (allow staff_ssh_agent_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional staff_optional_109
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit staff_ssh_agent_t security_t (filesystem (getattr)))
                        (dontaudit staff_ssh_agent_t sysfs_t (filesystem (getattr)))
                        (dontaudit staff_ssh_agent_t sysfs_t (dir (getattr open search)))
                        (dontaudit staff_ssh_agent_t security_t (dir (getattr open search)))
                        (dontaudit staff_ssh_agent_t security_t (file (ioctl read getattr lock open)))
                        (optional staff_optional_110
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit staff_ssh_agent_t selinux_config_t (dir (getattr open search)))
                            (dontaudit staff_ssh_agent_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional staff_optional_111
                                (typeattributeset cil_gen_require staff_systemd_t)
                                (allow staff_systemd_t ssh_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t ssh_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t ssh_t (lnk_file (read getattr)))
                                (allow staff_systemd_t ssh_t (process (getattr)))
                                (allow staff_systemd_t ssh_t (process (sigchld sigkill sigstop signull signal)))
                                (allow ssh_t staff_systemd_t (fd (use)))
                                (allow ssh_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow ssh_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow ssh_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow ssh_t staff_systemd_t (lnk_file (read getattr)))
                                (allow ssh_t staff_systemd_t (process (getattr)))
                                (allow ssh_t staff_systemd_t (process (sigchld)))
                            )
                            (optional staff_optional_112
                                (typeattributeset cil_gen_require cockpit_session_t)
                                (allow staff_ssh_agent_t cockpit_session_t (fd (use)))
                                (allow staff_ssh_agent_t cockpit_session_t (fifo_file (ioctl read write getattr lock append open)))
                                (allow cockpit_session_t staff_ssh_agent_t (process (signal)))
                            )
                            (optional staff_optional_113
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require net_conf_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require netlabel_peer_t)
                                (typeattributeset cil_gen_require netif_t)
                                (typeattributeset cil_gen_require node_t)
                                (typeattributeset cil_gen_require port_type)
                                (typeattributeset cil_gen_require port_t)
                                (typeattributeset cil_gen_require defined_port_type)
                                (typeattributeset cil_gen_require reserved_port_type)
                                (typeattributeset cil_gen_require var_yp_t)
                                (typeattributeset cil_gen_require portmap_port_t)
                                (typeattributeset cil_gen_require reserved_port_t)
                                (typeattributeset cil_gen_require portmap_client_packet_t)
                                (typeattributeset cil_gen_require client_packet_t)
                                (typeattributeset cil_gen_require server_packet_t)
                                (booleanif (allow_ypbind)
                                    (true
                                        (allow staff_ssh_agent_t net_conf_t (lnk_file (read getattr)))
                                        (allow staff_ssh_agent_t net_conf_t (file (ioctl read getattr lock open)))
                                        (allow staff_ssh_agent_t net_conf_t (dir (ioctl read getattr lock open search)))
                                        (allow staff_ssh_agent_t var_run_t (dir (getattr open search)))
                                        (allow staff_ssh_agent_t var_t (dir (getattr open search)))
                                        (allow staff_ssh_agent_t var_run_t (lnk_file (read getattr)))
                                        (allow staff_ssh_agent_t etc_t (dir (getattr open search)))
                                        (allow staff_ssh_agent_t server_packet_t (packet (recv)))
                                        (allow staff_ssh_agent_t server_packet_t (packet (send)))
                                        (allow staff_ssh_agent_t client_packet_t (packet (recv)))
                                        (allow staff_ssh_agent_t client_packet_t (packet (send)))
                                        (allow staff_ssh_agent_t portmap_client_packet_t (packet (recv)))
                                        (allow staff_ssh_agent_t portmap_client_packet_t (packet (send)))
                                        (dontaudit staff_ssh_agent_t port_type (tcp_socket (name_connect)))
                                        (allow staff_ssh_agent_t port_t (tcp_socket (name_connect)))
                                        (allow staff_ssh_agent_t reserved_port_t (tcp_socket (name_connect)))
                                        (allow staff_ssh_agent_t portmap_port_t (tcp_socket (name_connect)))
                                        (dontaudit staff_ssh_agent_t port_type (udp_socket (name_bind)))
                                        (dontaudit staff_ssh_agent_t port_type (tcp_socket (name_bind)))
                                        (dontaudit staff_ssh_agent_t reserved_port_type (udp_socket (name_bind)))
                                        (dontaudit staff_ssh_agent_t reserved_port_type (tcp_socket (name_bind)))
                                        (dontaudit staff_ssh_agent_t defined_port_type (udp_socket (name_bind)))
                                        (allow staff_ssh_agent_t port_t (udp_socket (name_bind)))
                                        (dontaudit staff_ssh_agent_t defined_port_type (tcp_socket (name_bind)))
                                        (allow staff_ssh_agent_t port_t (tcp_socket (name_bind)))
                                        (allow staff_ssh_agent_t node_t (udp_socket (node_bind)))
                                        (allow staff_ssh_agent_t node_t (tcp_socket (node_bind)))
                                        (allow staff_ssh_agent_t node_t (node (recvfrom)))
                                        (allow staff_ssh_agent_t node_t (node (sendto)))
                                        (allow staff_ssh_agent_t node_t (node (recvfrom sendto)))
                                        (allow staff_ssh_agent_t netif_t (netif (ingress)))
                                        (allow staff_ssh_agent_t netif_t (netif (egress)))
                                        (allow staff_ssh_agent_t netif_t (netif (ingress egress)))
                                        (allow staff_ssh_agent_t netlabel_peer_t (tcp_socket (recvfrom)))
                                        (allow staff_ssh_agent_t netlabel_peer_t (udp_socket (recvfrom)))
                                        (allow staff_ssh_agent_t netlabel_peer_t (rawip_socket (recvfrom)))
                                        (allow staff_ssh_agent_t netlabel_peer_t (peer (recv)))
                                        (allow staff_ssh_agent_t var_yp_t (lnk_file (read getattr)))
                                        (allow staff_ssh_agent_t var_yp_t (file (ioctl read getattr lock open)))
                                        (allow staff_ssh_agent_t var_yp_t (dir (ioctl read getattr lock open search)))
                                        (allow staff_ssh_agent_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                        (allow staff_ssh_agent_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                        (allow staff_ssh_agent_t self (capability (net_bind_service)))
                                    )
                                )
                            )
                            (optional staff_optional_114
                                (typeattributeset cil_gen_require staff_systemd_t)
                                (allow staff_systemd_t staff_ssh_agent_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t staff_ssh_agent_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t staff_ssh_agent_t (lnk_file (read getattr)))
                                (allow staff_systemd_t staff_ssh_agent_t (process (getattr)))
                                (allow staff_systemd_t staff_ssh_agent_t (process (sigchld sigkill sigstop signull signal)))
                                (allow staff_ssh_agent_t staff_systemd_t (fd (use)))
                                (allow staff_ssh_agent_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow staff_ssh_agent_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow staff_ssh_agent_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow staff_ssh_agent_t staff_systemd_t (lnk_file (read getattr)))
                                (allow staff_ssh_agent_t staff_systemd_t (process (getattr)))
                                (allow staff_ssh_agent_t staff_systemd_t (process (sigchld)))
                            )
                            (optional staff_optional_115
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require user_runtime_t)
                                (typeattributeset cil_gen_require user_runtime_root_t)
                                (typeattributeset cil_gen_require gpg_agent_t)
                                (typeattributeset cil_gen_require gpg_agent_tmp_t)
                                (typeattributeset cil_gen_require gpg_secret_t)
                                (typeattributeset cil_gen_require gpg_runtime_t)
                                (booleanif (ssh_use_gpg_agent)
                                    (true
                                        (allow staff_application_exec_domain home_root_t (lnk_file (read getattr)))
                                        (allow staff_application_exec_domain home_root_t (dir (getattr open search)))
                                        (allow staff_application_exec_domain user_home_dir_t (dir (getattr open search)))
                                        (allow staff_application_exec_domain var_run_t (dir (getattr open search)))
                                        (allow staff_application_exec_domain var_t (dir (getattr open search)))
                                        (allow staff_application_exec_domain var_run_t (lnk_file (read getattr)))
                                        (allow staff_application_exec_domain user_runtime_root_t (dir (getattr open search)))
                                        (allow staff_application_exec_domain user_runtime_t (dir (getattr open search)))
                                        (allow staff_application_exec_domain gpg_secret_t (dir (getattr open search)))
                                        (allow staff_application_exec_domain gpg_runtime_t (dir (getattr open search)))
                                        (allow staff_application_exec_domain gpg_agent_t (unix_stream_socket (connectto)))
                                        (allow staff_application_exec_domain gpg_agent_tmp_t (sock_file (write getattr append open)))
                                        (allow staff_application_exec_domain gpg_agent_tmp_t (dir (getattr open search)))
                                    )
                                )
                            )
                            (optional staff_optional_116
                                (typeattributeset cil_gen_require xdm_t)
                                (typeattributeset cil_gen_require xsession_log_t)
                                (allow staff_ssh_agent_t xdm_t (fd (use)))
                                (allow staff_ssh_agent_t xdm_t (fifo_file (ioctl read write getattr lock append)))
                                (allow staff_ssh_agent_t xdm_t (process (sigchld)))
                                (allow staff_ssh_agent_t xsession_log_t (file (ioctl write getattr lock append)))
                            )
                        )
                    )
                )
            )
            (optional staff_optional_117
                (type staff_sudo_t)
                (roletype object_r staff_sudo_t)
                (typeattributeset cil_gen_require userdomain)
                (typeattributeset userdomain (staff_t ))
                (typeattributeset cil_gen_require user_devpts_t)
                (typeattributeset cil_gen_require user_tty_device_t)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_t ))
                (typeattributeset cil_gen_require init_t)
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require sysfs_t)
                (typeattributeset cil_gen_require selinux_config_t)
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_t ))
                (typeattributeset cil_gen_require ptynode)
                (typeattributeset ptynode (user_devpts_t ))
                (typeattributeset cil_gen_require devpts_t)
                (typeattributeset cil_gen_require device_node)
                (typeattributeset device_node (user_devpts_t user_tty_device_t ))
                (typeattributeset cil_gen_require ttynode)
                (typeattributeset ttynode (user_tty_device_t ))
                (typeattributeset cil_gen_require console_device_t)
                (typeattributeset cil_gen_require tty_device_t)
                (typeattributeset cil_gen_require bsdpty_device_t)
                (typeattributeset cil_gen_require ptmx_t)
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require proc_t)
                (typeattributeset cil_gen_require sysctl_t)
                (typeattributeset cil_gen_require sysctl_kernel_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require locale_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require syslogd_t)
                (typeattributeset cil_gen_require syslogd_runtime_t)
                (typeattributeset cil_gen_require devlog_t)
                (typeattributeset cil_gen_require init_runtime_t)
                (typeattributeset cil_gen_require user_home_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require nfs_t)
                (typeattributeset cil_gen_require cifs_t)
                (typeattributeset cil_gen_require user_tmp_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require user_runtime_t)
                (typeattributeset cil_gen_require user_runtime_root_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_t ))
                (typeattributeset cil_gen_require autofs_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require initrc_runtime_t)
                (typeattributeset cil_gen_require default_context_t)
                (typeattributeset cil_gen_require kernel_t)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_t ))
                (typeattributeset cil_gen_require var_log_t)
                (typeattributeset cil_gen_require usb_device_t)
                (typeattributeset cil_gen_require fs_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require sudo_exec_t)
                (typeattributeset cil_gen_require sudo_log_t)
                (typeattributeset cil_gen_require sudodomain)
                (typeattributeset cil_gen_require can_change_process_role)
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (typeattributeset cil_gen_require auth_cache_t)
                (typeattributeset cil_gen_require faillog_t)
                (typeattributeset cil_gen_require pam_runtime_t)
                (typeattributeset cil_gen_require can_read_shadow_passwords)
                (typeattributeset cil_gen_require pam_domain)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r staff_sudo_t)
                (roletype staff_r chkpwd_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (sudo_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (sudo_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_sudo_t ))
                (typeattributeset cil_gen_require pam_domain)
                (typeattributeset pam_domain (staff_sudo_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (staff_sudo_t ))
                (typeattributeset cil_gen_require sudodomain)
                (typeattributeset sudodomain (staff_sudo_t ))
                (typeattributeset cil_gen_require can_read_shadow_passwords)
                (typeattributeset can_read_shadow_passwords (staff_sudo_t ))
                (typeattributeset cil_gen_require can_change_process_role)
                (typeattributeset can_change_process_role (staff_sudo_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_sudo_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (sudo_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_sudo_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (sudo_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_sudo_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (sudo_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (sudo_exec_t ))
                (allow staff_sudo_t sudo_exec_t (file (entrypoint)))
                (allow staff_sudo_t sudo_exec_t (file (ioctl read getattr lock map execute open)))
                (allow staff_sudo_t self (capability (chown dac_override fowner kill setgid setuid sys_nice sys_resource)))
                (allow staff_sudo_t self (process (transition sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap share getattr noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit)))
                (allow staff_sudo_t self (process (setexec setrlimit)))
                (allow staff_sudo_t self (fd (use)))
                (allow staff_sudo_t self (fifo_file (ioctl read write getattr lock append open)))
                (allow staff_sudo_t self (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
                (allow staff_sudo_t self (sem (create destroy getattr setattr read write associate unix_read unix_write)))
                (allow staff_sudo_t self (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
                (allow staff_sudo_t self (msg (send receive)))
                (allow staff_sudo_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_sudo_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_sudo_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                (allow staff_sudo_t self (unix_dgram_socket (sendto)))
                (allow staff_sudo_t self (unix_stream_socket (connectto)))
                (allow staff_sudo_t self (key (view read write search link setattr create)))
                (dontaudit staff_sudo_t self (capability (dac_read_search sys_ptrace)))
                (allow staff_sudo_t sudo_log_t (dir (ioctl write getattr lock open add_name search)))
                (allow staff_sudo_t sudo_log_t (file (ioctl create getattr lock append open)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_log_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (typetransition staff_sudo_t var_log_t file sudo_log_t)
                (allow staff_sudo_t var_log_t (lnk_file (read getattr)))
                (allow staff_sudo_t staff_t (process (getpgid)))
                (allow staff_sudo_t staff_t (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_sudo_t staff_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t staff_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t staff_t (lnk_file (read getattr)))
                (allow staff_sudo_t staff_t (process (getattr)))
                (dontaudit staff_sudo_t staff_application_exec_domain (tcp_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (udp_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (rawip_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (packet_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (unix_stream_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (unix_dgram_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_route_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_tcpdiag_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_nflog_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_xfrm_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_selinux_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_audit_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_dnrt_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_kobject_uevent_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (appletalk_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (tun_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_iscsi_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_fib_lookup_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_connector_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_netfilter_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_generic_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_scsitransport_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_rdma_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netlink_crypto_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (sctp_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (icmp_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (ax25_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (ipx_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (netrom_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (atmpvc_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (x25_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (rose_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (decnet_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (atmsvc_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (rds_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (irda_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (pppox_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (llc_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (can_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (tipc_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (bluetooth_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (iucv_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (rxrpc_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (isdn_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (phonet_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (ieee802154_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (caif_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (alg_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (nfc_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (vsock_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (kcm_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (qipcrtr_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (smc_socket (read write)))
                (dontaudit staff_sudo_t staff_application_exec_domain (xdp_socket (read write)))
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (lnk_file (read getattr)))
                (allow staff_sudo_t usr_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_sudo_t staff_t (process (transition)))
                (dontaudit staff_sudo_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_sudo_t shell_exec_t process staff_t)
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (lnk_file (read getattr)))
                (allow staff_sudo_t usr_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (file (ioctl read getattr map execute open)))
                (allow staff_sudo_t staff_t (process (transition)))
                (dontaudit staff_sudo_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_sudo_t bin_t process staff_t)
                (allow staff_sudo_t proc_t (dir (getattr open search)))
                (allow staff_sudo_t sysctl_t (dir (getattr open search)))
                (allow staff_sudo_t sysctl_kernel_t (dir (getattr open search)))
                (allow staff_sudo_t sysctl_kernel_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t proc_t (dir (getattr open search)))
                (allow staff_sudo_t sysctl_t (dir (getattr open search)))
                (allow staff_sudo_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t proc_t (dir (getattr open search)))
                (allow staff_sudo_t proc_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t proc_t (dir (getattr open search)))
                (allow staff_sudo_t proc_t (lnk_file (read getattr)))
                (allow staff_sudo_t proc_t (dir (getattr open search)))
                (allow staff_sudo_t proc_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t kernel_t (key (link)))
                (dontaudit staff_sudo_t proc_t (filesystem (getattr)))
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (lnk_file (read getattr)))
                (allow staff_sudo_t usr_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t exec_type (file (ioctl read getattr lock map execute open execute_no_trans)))
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t exec_type (lnk_file (read getattr)))
                (allow staff_sudo_t device_t (filesystem (getattr)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t usb_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t sysfs_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t sysfs_t (lnk_file (read getattr)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t sysfs_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t privfd (fd (use)))
                (allow staff_sudo_t privfd (process (sigchld)))
                (allow staff_sudo_t entry_type (lnk_file (read getattr)))
                (allow staff_sudo_t entry_type (file (getattr)))
                (allow staff_sudo_t etc_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t etc_t (dir (getattr open search)))
                (allow staff_sudo_t etc_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t etc_t (dir (getattr open search)))
                (allow staff_sudo_t etc_t (lnk_file (read getattr)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t usr_t (dir (getattr open search)))
                (allow staff_sudo_t usr_t (lnk_file (read getattr)))
                (allow staff_sudo_t usr_t (dir (getattr open search)))
                (allow staff_sudo_t usr_t (file (getattr)))
                (dontaudit staff_sudo_t home_root_t (dir (getattr open search)))
                (dontaudit staff_sudo_t home_root_t (lnk_file (read getattr)))
                (allow staff_sudo_t tmp_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t autofs_t (dir (getattr open search)))
                (allow staff_sudo_t fs_t (filesystem (getattr)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t security_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t security_t (file (ioctl read write getattr map open)))
                (allow staff_sudo_t security_t (security (check_context)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t security_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t security_t (file (ioctl read write getattr map open)))
                (allow staff_sudo_t security_t (security (compute_relabel)))
                (allow staff_sudo_t devpts_t (filesystem (getattr)))
                (dontaudit staff_sudo_t tty_device_t (chr_file (getattr)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (lnk_file (read getattr)))
                (allow staff_sudo_t ttynode (chr_file (getattr relabelfrom relabelto)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (lnk_file (read getattr)))
                (allow staff_sudo_t devpts_t (dir (getattr open search)))
                (allow staff_sudo_t ptynode (chr_file (getattr relabelfrom relabelto)))
                (allow staff_sudo_t auth_cache_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (lnk_file (read getattr)))
                (allow staff_sudo_t usr_t (dir (getattr open search)))
                (allow staff_sudo_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_sudo_t chkpwd_t (process (transition)))
                (dontaudit staff_sudo_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_sudo_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t staff_sudo_t (fd (use)))
                (allow chkpwd_t staff_sudo_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t staff_sudo_t (process (sigchld)))
                (dontaudit staff_sudo_t shadow_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_log_t (dir (getattr open search)))
                (allow staff_sudo_t var_log_t (lnk_file (read getattr)))
                (allow staff_sudo_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow staff_sudo_t self (capability (audit_write)))
                (allow staff_sudo_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow staff_sudo_t cert_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t cert_t (dir (getattr open search)))
                (allow staff_sudo_t cert_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t cert_t (dir (getattr open search)))
                (allow staff_sudo_t cert_t (lnk_file (read getattr)))
                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                (allow staff_sudo_t pam_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_sudo_t pam_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                (allow staff_sudo_t pam_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_sudo_t pam_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_sudo_t auth_cache_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (lnk_file (read getattr)))
                (allow staff_sudo_t usr_t (dir (getattr open search)))
                (allow staff_sudo_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_sudo_t chkpwd_t (process (transition)))
                (dontaudit staff_sudo_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_sudo_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t staff_sudo_t (fd (use)))
                (allow chkpwd_t staff_sudo_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t staff_sudo_t (process (sigchld)))
                (dontaudit staff_sudo_t shadow_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_log_t (dir (getattr open search)))
                (allow staff_sudo_t var_log_t (lnk_file (read getattr)))
                (allow staff_sudo_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow staff_sudo_t self (capability (audit_write)))
                (allow staff_sudo_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow staff_sudo_t cert_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t cert_t (dir (getattr open search)))
                (allow staff_sudo_t cert_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t cert_t (dir (getattr open search)))
                (allow staff_sudo_t cert_t (lnk_file (read getattr)))
                (allow staff_sudo_t security_t (filesystem (getattr)))
                (allow staff_sudo_t sysfs_t (filesystem (getattr)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t security_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t security_t (file (ioctl read getattr map open)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                (allow staff_sudo_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_sudo_t init_t (process (getpgid)))
                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_run_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
                (allow staff_sudo_t self (capability (audit_write)))
                (allow staff_sudo_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow staff_sudo_t devlog_t (sock_file (write getattr append open)))
                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                (allow staff_sudo_t init_runtime_t (dir (getattr open search)))
                (allow staff_sudo_t syslogd_runtime_t (dir (getattr open search)))
                (allow staff_sudo_t syslogd_t (unix_dgram_socket (sendto)))
                (allow staff_sudo_t syslogd_t (unix_stream_socket (connectto)))
                (allow staff_sudo_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_sudo_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (lnk_file (read getattr)))
                (allow staff_sudo_t console_device_t (chr_file (ioctl write getattr lock append open)))
                (dontaudit staff_sudo_t console_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_sudo_t etc_t (dir (getattr open search)))
                (allow staff_sudo_t etc_t (lnk_file (read getattr)))
                (allow staff_sudo_t usr_t (dir (getattr open search)))
                (allow staff_sudo_t locale_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t locale_t (dir (getattr open search)))
                (allow staff_sudo_t locale_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t locale_t (dir (getattr open search)))
                (allow staff_sudo_t locale_t (lnk_file (read getattr)))
                (allow staff_sudo_t locale_t (file (map)))
                (allow staff_sudo_t etc_t (dir (getattr open search)))
                (allow staff_sudo_t selinux_config_t (dir (getattr open search)))
                (allow staff_sudo_t default_context_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t default_context_t (dir (getattr open search)))
                (allow staff_sudo_t default_context_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t security_t (filesystem (getattr)))
                (allow staff_sudo_t sysfs_t (filesystem (getattr)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                (allow staff_sudo_t proc_t (dir (getattr open search)))
                (allow staff_sudo_t proc_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t proc_t (dir (getattr open search)))
                (allow staff_sudo_t proc_t (lnk_file (read getattr)))
                (allow staff_sudo_t proc_t (dir (getattr open search)))
                (allow staff_sudo_t proc_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t etc_t (dir (getattr open search)))
                (allow staff_sudo_t selinux_config_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t selinux_config_t (dir (getattr open search)))
                (allow staff_sudo_t selinux_config_t (file (ioctl read getattr lock open)))
                (allow staff_sudo_t selinux_config_t (dir (getattr open search)))
                (allow staff_sudo_t selinux_config_t (lnk_file (read getattr)))
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (lnk_file (read getattr)))
                (allow staff_sudo_t usr_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (dir (getattr open search)))
                (allow staff_sudo_t bin_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_sudo_t userdomain (process (transition)))
                (dontaudit staff_sudo_t userdomain (process (noatsecure siginh rlimitinh)))
                (allow userdomain staff_sudo_t (fd (use)))
                (allow userdomain staff_sudo_t (fifo_file (ioctl read write getattr lock append)))
                (allow userdomain staff_sudo_t (process (sigchld)))
                (allow staff_sudo_t userdomain (key (create)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (lnk_file (read getattr)))
                (allow staff_sudo_t ptmx_t (chr_file (ioctl read write getattr lock append open)))
                (allow staff_sudo_t devpts_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t devpts_t (filesystem (getattr)))
                (dontaudit staff_sudo_t bsdpty_device_t (chr_file (read write getattr)))
                (typetransition staff_sudo_t devpts_t chr_file user_devpts_t)
                (allow staff_sudo_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_sudo_t user_home_t (file (ioctl read write create getattr setattr lock append map unlink link rename open)))
                (allow staff_sudo_t user_home_dir_t (dir (getattr open search)))
                (allow staff_sudo_t home_root_t (dir (getattr open search)))
                (allow staff_sudo_t home_root_t (lnk_file (read getattr)))
                (allow staff_sudo_t user_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_sudo_t user_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_sudo_t user_home_dir_t (dir (getattr open search)))
                (allow staff_sudo_t home_root_t (dir (getattr open search)))
                (allow staff_sudo_t home_root_t (lnk_file (read getattr)))
                (allow staff_sudo_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_sudo_t user_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_sudo_t tmp_t (dir (getattr open search)))
                (allow staff_sudo_t user_runtime_t (dir (getattr open search)))
                (allow staff_sudo_t user_runtime_root_t (dir (getattr open search)))
                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                (allow staff_sudo_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_sudo_t user_tmp_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_sudo_t tmp_t (dir (getattr open search)))
                (allow staff_sudo_t user_runtime_t (dir (getattr open search)))
                (allow staff_sudo_t user_runtime_root_t (dir (getattr open search)))
                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                (allow staff_sudo_t var_t (dir (getattr open search)))
                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                (allow staff_sudo_t user_devpts_t (chr_file (setattr)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t device_t (dir (getattr open search)))
                (allow staff_sudo_t device_t (lnk_file (read getattr)))
                (allow staff_sudo_t devpts_t (dir (ioctl read getattr lock open search)))
                (allow staff_sudo_t user_devpts_t (chr_file (ioctl read write getattr append open)))
                (allow staff_sudo_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
                (dontaudit staff_sudo_t user_tmp_t (fifo_file (ioctl read write getattr lock append open)))
                (dontaudit staff_sudo_t user_home_t (dir (getattr open search)))
                (dontaudit staff_sudo_t user_home_dir_t (dir (getattr open search)))
                (allow staff_sudo_t userdomain (process (signal)))
                (dontaudit staff_sudo_t device_node (blk_file (getattr)))
                (dontaudit staff_sudo_t device_t (blk_file (getattr)))
                (dontaudit staff_sudo_t device_node (chr_file (getattr)))
                (dontaudit staff_sudo_t device_t (chr_file (getattr)))
                (typetransition staff_sudo_t var_run_t dir "sudo" pam_runtime_t)
                (booleanif (use_samba_home_dirs)
                    (true
                        (allow staff_sudo_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                        (allow staff_sudo_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    )
                )
                (booleanif (use_nfs_home_dirs)
                    (true
                        (allow staff_sudo_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                        (allow staff_sudo_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    )
                )
                (booleanif (sudo_allow_user_exec_domains)
                    (true
                        (allow staff_application_exec_domain staff_sudo_t (process (sigchld sigkill sigstop signull signal)))
                        (allow staff_application_exec_domain staff_sudo_t (fifo_file (ioctl read write getattr lock append open)))
                        (allow staff_application_exec_domain staff_sudo_t (fd (use)))
                        (allow staff_sudo_t staff_application_exec_domain (process (sigchld)))
                        (allow staff_sudo_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow staff_sudo_t staff_application_exec_domain (fd (use)))
                        (typetransition staff_application_exec_domain sudo_exec_t process staff_sudo_t)
                        (dontaudit staff_application_exec_domain staff_sudo_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_application_exec_domain staff_sudo_t (process (transition)))
                        (allow staff_application_exec_domain sudo_exec_t (file (ioctl read getattr map execute open)))
                        (allow staff_sudo_t staff_application_exec_domain (process (signal)))
                        (allow staff_sudo_t staff_application_exec_domain (process (getattr)))
                        (allow staff_sudo_t staff_application_exec_domain (lnk_file (read getattr)))
                        (allow staff_sudo_t staff_application_exec_domain (file (ioctl read getattr lock open)))
                        (allow staff_sudo_t staff_application_exec_domain (dir (ioctl read getattr lock open search)))
                        (allow staff_sudo_t staff_application_exec_domain (key (search)))
                    )
                    (false
                        (allow staff_t staff_sudo_t (process (sigchld sigkill sigstop signull signal)))
                        (allow staff_t staff_sudo_t (fifo_file (ioctl read write getattr lock append open)))
                        (allow staff_t staff_sudo_t (fd (use)))
                        (allow staff_sudo_t staff_t (process (sigchld)))
                        (allow staff_sudo_t staff_t (fifo_file (ioctl read write getattr lock append)))
                        (allow staff_sudo_t staff_t (fd (use)))
                        (typetransition staff_t sudo_exec_t process staff_sudo_t)
                        (dontaudit staff_t staff_sudo_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_t staff_sudo_t (process (transition)))
                        (allow staff_t sudo_exec_t (file (ioctl read getattr map execute open)))
                        (allow staff_sudo_t staff_t (process (signal)))
                        (allow staff_sudo_t staff_t (key (search)))
                    )
                )
                (booleanif (allow_polyinstantiation)
                    (true
                        (allow staff_sudo_t fs_t (filesystem (unmount)))
                        (allow staff_sudo_t fs_t (filesystem (mount)))
                        (allow staff_sudo_t self (capability (sys_admin)))
                    )
                )
                (optional staff_optional_118
                    (typeattributeset cil_gen_require init_t)
                    (allow staff_sudo_t init_t (process (sigchld)))
                    (allow staff_sudo_t init_t (process (signull)))
                    (optional staff_optional_119
                        (typeattributeset cil_gen_require rpm_t)
                        (allow staff_sudo_t rpm_t (fd (use)))
                        (allow staff_sudo_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional staff_optional_120
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit staff_sudo_t security_t (filesystem (getattr)))
                        (dontaudit staff_sudo_t sysfs_t (filesystem (getattr)))
                        (dontaudit staff_sudo_t sysfs_t (dir (getattr open search)))
                        (dontaudit staff_sudo_t security_t (dir (getattr open search)))
                        (dontaudit staff_sudo_t security_t (file (ioctl read getattr lock open)))
                        (optional staff_optional_121
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit staff_sudo_t selinux_config_t (dir (getattr open search)))
                            (dontaudit staff_sudo_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional staff_optional_122
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require krb5_keytab_t)
                                (allow staff_sudo_t etc_t (dir (getattr open search)))
                                (allow staff_sudo_t krb5_keytab_t (file (ioctl read getattr lock open)))
                            )
                            (optional staff_optional_123
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require pcscd_t)
                                (typeattributeset cil_gen_require pcscd_runtime_t)
                                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow staff_sudo_t var_t (dir (getattr open search)))
                                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                                (allow staff_sudo_t pcscd_runtime_t (dir (getattr open search)))
                                (allow staff_sudo_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow staff_sudo_t var_t (dir (getattr open search)))
                                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                                (allow staff_sudo_t pcscd_runtime_t (dir (getattr open search)))
                                (allow staff_sudo_t pcscd_runtime_t (sock_file (write getattr append open)))
                                (allow staff_sudo_t pcscd_t (unix_stream_socket (connectto)))
                                (allow pcscd_t staff_sudo_t (dir (ioctl read getattr lock open search)))
                                (allow pcscd_t staff_sudo_t (file (ioctl read getattr lock open)))
                            )
                            (optional staff_optional_124
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require krb5_keytab_t)
                                (allow staff_sudo_t etc_t (dir (getattr open search)))
                                (allow staff_sudo_t krb5_keytab_t (file (ioctl read getattr lock open)))
                            )
                            (optional staff_optional_125
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require pcscd_t)
                                (typeattributeset cil_gen_require pcscd_runtime_t)
                                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow staff_sudo_t var_t (dir (getattr open search)))
                                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                                (allow staff_sudo_t pcscd_runtime_t (dir (getattr open search)))
                                (allow staff_sudo_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow staff_sudo_t var_t (dir (getattr open search)))
                                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                                (allow staff_sudo_t pcscd_runtime_t (dir (getattr open search)))
                                (allow staff_sudo_t pcscd_runtime_t (sock_file (write getattr append open)))
                                (allow staff_sudo_t pcscd_t (unix_stream_socket (connectto)))
                                (allow pcscd_t staff_sudo_t (dir (ioctl read getattr lock open search)))
                                (allow pcscd_t staff_sudo_t (file (ioctl read getattr lock open)))
                            )
                            (optional staff_optional_126
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (staff_sudo_t ))
                                (allow staff_sudo_t system_dbusd_t (dbus (send_msg)))
                                (allow staff_sudo_t self (dbus (send_msg)))
                                (allow system_dbusd_t staff_sudo_t (dbus (send_msg)))
                                (allow staff_sudo_t var_t (dir (getattr open search)))
                                (allow staff_sudo_t var_lib_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow staff_sudo_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow staff_sudo_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow staff_sudo_t var_t (dir (getattr open search)))
                                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow staff_sudo_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow staff_sudo_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow staff_sudo_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow staff_sudo_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow staff_sudo_t system_dbusd_runtime_t (sock_file (read)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (optional staff_optional_127
                                    (typeattributeset cil_gen_require fprintd_t)
                                    (allow staff_sudo_t fprintd_t (dbus (send_msg)))
                                    (allow fprintd_t staff_sudo_t (dbus (send_msg)))
                                )
                                (optional staff_optional_128
                                    (typeattributeset cil_gen_require systemd_logind_t)
                                    (typeattributeset cil_gen_require systemd_sessions_runtime_t)
                                    (allow staff_sudo_t systemd_logind_t (dbus (send_msg)))
                                    (allow systemd_logind_t staff_sudo_t (dbus (send_msg)))
                                    (allow staff_sudo_t systemd_logind_t (fd (use)))
                                    (allow staff_sudo_t systemd_sessions_runtime_t (fifo_file (write)))
                                    (allow systemd_logind_t staff_sudo_t (process (signal)))
                                )
                            )
                            (optional staff_optional_129
                                (typeattributeset cil_gen_require security_t)
                                (typeattributeset cil_gen_require sysfs_t)
                                (typeattributeset cil_gen_require selinux_config_t)
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require tmp_t)
                                (typeattributeset cil_gen_require krb5_host_rcache_t)
                                (typeattributeset cil_gen_require krb5_conf_t)
                                (typeattributeset cil_gen_require krb5_home_t)
                                (typeattributeset cil_gen_require default_context_t)
                                (typeattributeset cil_gen_require file_context_t)
                                (typeattributeset cil_gen_require can_change_object_identity)
                                (typeattributeset cil_gen_require can_change_object_identity)
                                (typeattributeset can_change_object_identity (staff_sudo_t ))
                                (allow staff_sudo_t etc_t (dir (getattr open search)))
                                (allow staff_sudo_t krb5_conf_t (file (ioctl read getattr lock open)))
                                (allow staff_sudo_t user_home_dir_t (dir (getattr open search)))
                                (allow staff_sudo_t home_root_t (dir (getattr open search)))
                                (allow staff_sudo_t home_root_t (lnk_file (read getattr)))
                                (allow staff_sudo_t krb5_home_t (file (ioctl read getattr lock open)))
                                (booleanif (allow_kerberos)
                                    (true
                                        (allow staff_sudo_t krb5_host_rcache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                        (allow staff_sudo_t tmp_t (dir (getattr open search)))
                                        (allow staff_sudo_t file_context_t (file (map)))
                                        (allow staff_sudo_t file_context_t (file (ioctl read getattr lock open)))
                                        (allow staff_sudo_t file_context_t (dir (getattr open search)))
                                        (allow staff_sudo_t selinux_config_t (dir (getattr open search)))
                                        (allow staff_sudo_t default_context_t (dir (getattr open search)))
                                        (allow staff_sudo_t etc_t (dir (getattr open search)))
                                        (allow staff_sudo_t security_t (security (check_context)))
                                        (allow staff_sudo_t security_t (file (ioctl read write getattr map open)))
                                        (allow staff_sudo_t security_t (dir (ioctl read getattr lock open search)))
                                        (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                                        (allow staff_sudo_t sysfs_t (dir (getattr open search)))
                                        (allow staff_sudo_t self (process (setfscreate)))
                                    )
                                )
                            )
                            (optional staff_optional_130
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require etc_runtime_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require systemd_machined_t)
                                (typeattributeset cil_gen_require systemd_logind_t)
                                (typeattributeset cil_gen_require systemd_sessions_runtime_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (staff_sudo_t ))
                                (allow staff_sudo_t system_dbusd_t (dbus (send_msg)))
                                (allow staff_sudo_t self (dbus (send_msg)))
                                (allow system_dbusd_t staff_sudo_t (dbus (send_msg)))
                                (allow staff_sudo_t var_t (dir (getattr open search)))
                                (allow staff_sudo_t var_lib_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow staff_sudo_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow staff_sudo_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow staff_sudo_t var_run_t (lnk_file (read getattr)))
                                (allow staff_sudo_t var_t (dir (getattr open search)))
                                (allow staff_sudo_t var_run_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow staff_sudo_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow staff_sudo_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow staff_sudo_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow staff_sudo_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow staff_sudo_t system_dbusd_runtime_t (sock_file (read)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_sudo_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow staff_sudo_t systemd_machined_t (unix_stream_socket (connectto)))
                                (allow staff_sudo_t systemd_logind_t (dbus (send_msg)))
                                (allow systemd_logind_t staff_sudo_t (dbus (send_msg)))
                                (allow systemd_logind_t staff_sudo_t (dir (ioctl read getattr lock open search)))
                                (allow systemd_logind_t staff_sudo_t (file (ioctl read getattr lock open)))
                                (allow staff_sudo_t etc_t (dir (ioctl read getattr lock open search)))
                                (allow staff_sudo_t etc_t (dir (getattr open search)))
                                (allow staff_sudo_t etc_runtime_t (file (ioctl read getattr lock open)))
                                (allow staff_sudo_t etc_t (dir (getattr open search)))
                                (allow staff_sudo_t etc_runtime_t (lnk_file (read getattr)))
                                (allow staff_sudo_t systemd_logind_t (dbus (send_msg)))
                                (allow systemd_logind_t staff_sudo_t (dbus (send_msg)))
                                (allow staff_sudo_t systemd_logind_t (fd (use)))
                                (allow staff_sudo_t systemd_sessions_runtime_t (fifo_file (write)))
                                (allow systemd_logind_t staff_sudo_t (process (signal)))
                            )
                            (optional staff_optional_131
                                (typeattributeset cil_gen_require fprintd_t)
                                (allow staff_sudo_t fprintd_t (dbus (send_msg)))
                                (allow fprintd_t staff_sudo_t (dbus (send_msg)))
                            )
                            (optional staff_optional_132
                                (typeattributeset cil_gen_require sudomain)
                                (allow staff_sudo_t sudomain (process (signal)))
                            )
                        )
                    )
                )
            )
            (optional staff_optional_133
                (roleattributeset cil_gen_require sysadm_r)
                (typeattributeset cil_gen_require user_devpts_t)
                (typeattributeset cil_gen_require user_tty_device_t)
                (typeattributeset cil_gen_require sysadm_t)
                (dontaudit staff_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
                (dontaudit staff_t user_devpts_t (chr_file (ioctl read write getattr append open)))
                (roleallow staff_r sysadm_r)
                (booleanif (sysadm_allow_rw_inherited_fifo)
                    (true
                        (allow sysadm_t staff_t (fifo_file (ioctl read write getattr lock append)))
                    )
                )
            )
            (optional staff_optional_134
                (roleattributeset cil_gen_require syncthing_roles)
                (typeattributeset cil_gen_require syncthing_t)
                (typeattributeset cil_gen_require syncthing_exec_t)
                (typeattributeset cil_gen_require syncthing_xdg_config_t)
                (roleattributeset cil_gen_require syncthing_roles)
                (roleattributeset syncthing_roles (staff_r ))
                (allow staff_application_exec_domain syncthing_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain syncthing_t (process (transition)))
                (dontaudit staff_application_exec_domain syncthing_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain syncthing_exec_t process syncthing_t)
                (allow syncthing_t staff_application_exec_domain (fd (use)))
                (allow syncthing_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow syncthing_t staff_application_exec_domain (process (sigchld)))
                (allow staff_t syncthing_xdg_config_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t syncthing_xdg_config_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t syncthing_xdg_config_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (optional staff_optional_135
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t syncthing_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t syncthing_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t syncthing_t (lnk_file (read getattr)))
                    (allow staff_systemd_t syncthing_t (process (getattr)))
                    (allow staff_systemd_t syncthing_t (process (sigchld sigkill sigstop signull signal)))
                    (allow syncthing_t staff_systemd_t (fd (use)))
                    (allow syncthing_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow syncthing_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow syncthing_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow syncthing_t staff_systemd_t (lnk_file (read getattr)))
                    (allow syncthing_t staff_systemd_t (process (getattr)))
                    (allow syncthing_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_136
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require virtd_t)
                (typeattributeset cil_gen_require virt_runtime_t)
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t virt_runtime_t (dir (getattr open search)))
                (allow staff_t virt_runtime_t (sock_file (write getattr append open)))
                (allow staff_t virtd_t (unix_stream_socket (connectto)))
            )
            (optional staff_optional_137
                (roleattributeset cil_gen_require vlock_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require vlock_t)
                (typeattributeset cil_gen_require vlock_exec_t)
                (roleattributeset cil_gen_require vlock_roles)
                (roleattributeset vlock_roles (staff_r ))
                (allow staff_t bin_t (dir (getattr open search)))
                (allow staff_t bin_t (lnk_file (read getattr)))
                (allow staff_t usr_t (dir (getattr open search)))
                (allow staff_t vlock_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t vlock_t (process (transition)))
                (dontaudit staff_t vlock_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t vlock_exec_t process vlock_t)
                (allow vlock_t staff_t (fd (use)))
                (allow vlock_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow vlock_t staff_t (process (sigchld)))
            )
            (optional staff_optional_138
                (roleattributeset cil_gen_require xscreensaver_roles)
                (roleattributeset cil_gen_require xscreensaver_helper_roles)
                (typeattributeset cil_gen_require xscreensaver_t)
                (typeattributeset cil_gen_require xscreensaver_exec_t)
                (typeattributeset cil_gen_require xscreensaver_helper_t)
                (typeattributeset cil_gen_require xscreensaver_config_t)
                (typeattributeset cil_gen_require xscreensaver_tmpfs_t)
                (roleattributeset cil_gen_require xscreensaver_roles)
                (roleattributeset xscreensaver_roles (staff_r ))
                (roleattributeset cil_gen_require xscreensaver_helper_roles)
                (roleattributeset xscreensaver_helper_roles (staff_r ))
                (allow staff_application_exec_domain xscreensaver_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain xscreensaver_t (process (transition)))
                (dontaudit staff_application_exec_domain xscreensaver_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain xscreensaver_exec_t process xscreensaver_t)
                (allow xscreensaver_t staff_application_exec_domain (fd (use)))
                (allow xscreensaver_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow xscreensaver_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain xscreensaver_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain xscreensaver_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain xscreensaver_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain xscreensaver_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain xscreensaver_t (process (getattr)))
                (allow staff_t xscreensaver_config_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t xscreensaver_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t xscreensaver_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow xscreensaver_helper_t staff_application_exec_domain (fd (use)))
                (optional staff_optional_139
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t xscreensaver_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t xscreensaver_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t xscreensaver_t (lnk_file (read getattr)))
                    (allow staff_systemd_t xscreensaver_t (process (getattr)))
                    (allow staff_systemd_t xscreensaver_t (process (sigchld sigkill sigstop signull signal)))
                    (allow xscreensaver_t staff_systemd_t (fd (use)))
                    (allow xscreensaver_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow xscreensaver_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow xscreensaver_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow xscreensaver_t staff_systemd_t (lnk_file (read getattr)))
                    (allow xscreensaver_t staff_systemd_t (process (getattr)))
                    (allow xscreensaver_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_140
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require lib_t)
                (typeattributeset cil_gen_require fonts_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require xdm_t)
                (typeattributeset cil_gen_require xdg_cache_t)
                (typeattributeset cil_gen_require xsession_log_t)
                (typeattributeset cil_gen_require iceauth_home_t)
                (typeattributeset cil_gen_require xserver_t)
                (typeattributeset cil_gen_require xserver_tmp_t)
                (typeattributeset cil_gen_require xserver_tmpfs_t)
                (typeattributeset cil_gen_require xauth_home_t)
                (typeattributeset cil_gen_require user_fonts_t)
                (typeattributeset cil_gen_require user_fonts_cache_t)
                (typeattributeset cil_gen_require user_fonts_config_t)
                (typeattributeset cil_gen_require mesa_shader_cache_t)
                (typeattributeset cil_gen_require iceauth_t)
                (typeattributeset cil_gen_require iceauth_exec_t)
                (typeattributeset cil_gen_require xauth_t)
                (typeattributeset cil_gen_require xauth_exec_t)
                (typeattributeset cil_gen_require xdm_tmp_t)
                (typeattributeset cil_gen_require xserver_misc_device_t)
                (typeattributeset cil_gen_require power_device_t)
                (typeattributeset cil_gen_require event_device_t)
                (typeattributeset cil_gen_require misc_device_t)
                (typeattributeset cil_gen_require agp_device_t)
                (typeattributeset cil_gen_require dri_device_t)
                (typeattributeset cil_gen_require usbfs_t)
                (typeattributeset cil_gen_require fonts_cache_t)
                (typeattributeset cil_gen_require root_xdrawable_t)
                (typeattributeset cil_gen_require xevent_t)
                (typeattributeset cil_gen_require client_xevent_t)
                (typeattributeset cil_gen_require input_xevent_t)
                (typeattributeset cil_gen_require user_input_xevent_t)
                (typeattributeset cil_gen_require x_domain)
                (typeattributeset cil_gen_require xdrawable_type)
                (typeattributeset cil_gen_require xcolormap_type)
                (typeattributeset cil_gen_require input_xevent_type)
                (typeattributeset cil_gen_require xserver_exec_t)
                (typeattributeset cil_gen_require xserver_unconfined_type)
                (typeattributeset cil_gen_require xsession_exec_t)
                (typeattributeset cil_gen_require xserver_log_t)
                (typeattributeset cil_gen_require xdm_var_run_t)
                (typeattributeset cil_gen_require xkb_var_lib_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r xserver_t)
                (roletype staff_r iceauth_t)
                (roletype staff_r xauth_t)
                (typeattributeset cil_gen_require x_domain)
                (typeattributeset x_domain (staff_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (xsession_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (xsession_exec_t ))
                (typeattributeset cil_gen_require xdrawable_type)
                (typeattributeset xdrawable_type (staff_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (xsession_exec_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (xsession_exec_t ))
                (typeattributeset cil_gen_require xserver_unconfined_type)
                (typeattributeset xserver_unconfined_type (staff_t ))
                (typeattributeset cil_gen_require xcolormap_type)
                (typeattributeset xcolormap_type (staff_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (xsession_exec_t ))
                (allow xserver_t staff_t (fd (use)))
                (allow xserver_t staff_t (shm (getattr read write associate unix_read unix_write lock)))
                (allow xserver_t staff_t (process (signal)))
                (allow staff_t user_fonts_t (dir (ioctl read getattr lock open search)))
                (allow staff_t user_fonts_t (file (ioctl read getattr lock open)))
                (allow staff_t user_fonts_config_t (dir (ioctl read getattr lock open search)))
                (allow staff_t user_fonts_config_t (file (ioctl read getattr lock open)))
                (allow staff_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xserver_tmp_t (dir (getattr open search)))
                (allow staff_t xserver_tmp_t (sock_file (write getattr append open)))
                (allow staff_t xserver_t (unix_stream_socket (connectto)))
                (allow staff_t tmp_t (dir (getattr open search)))
                (allow staff_t xserver_t (fd (use)))
                (allow staff_t xserver_t (shm (getattr read associate unix_read)))
                (allow staff_t xserver_tmpfs_t (file (ioctl read getattr lock map open)))
                (allow staff_t iceauth_t (dir (ioctl read getattr lock open search)))
                (allow staff_t iceauth_t (file (ioctl read getattr lock open)))
                (allow staff_t iceauth_t (lnk_file (read getattr)))
                (allow staff_t iceauth_t (process (getattr)))
                (allow staff_t iceauth_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t iceauth_t (process (transition)))
                (dontaudit staff_t iceauth_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t iceauth_exec_t process iceauth_t)
                (allow iceauth_t staff_t (fd (use)))
                (allow iceauth_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow iceauth_t staff_t (process (sigchld)))
                (allow staff_t iceauth_home_t (file (ioctl read getattr lock open)))
                (allow staff_t xauth_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t xauth_t (process (transition)))
                (dontaudit staff_t xauth_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t xauth_exec_t process xauth_t)
                (allow xauth_t staff_t (fd (use)))
                (allow xauth_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow xauth_t staff_t (process (sigchld)))
                (allow staff_t xauth_t (process (signal)))
                (allow staff_t xauth_t (dir (ioctl read getattr lock open search)))
                (allow staff_t xauth_t (file (ioctl read getattr lock open)))
                (allow staff_t xauth_t (lnk_file (read getattr)))
                (allow staff_t xauth_t (process (getattr)))
                (allow staff_t xserver_t (process (signal)))
                (allow staff_t xauth_home_t (file (ioctl read getattr lock open)))
                (allow staff_t xdm_t (fd (use)))
                (allow staff_t xdm_t (fifo_file (ioctl read write getattr lock append)))
                (allow staff_t xdm_tmp_t (dir (search)))
                (allow staff_t xdm_tmp_t (sock_file (read write)))
                (dontaudit staff_t xdm_t (tcp_socket (read write)))
                (allow staff_t xserver_tmp_t (file (ioctl read getattr lock)))
                (allow staff_t device_t (dir (getattr open search)))
                (allow staff_t xserver_misc_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow staff_t xserver_misc_device_t (chr_file (map)))
                (allow staff_t device_t (dir (getattr open search)))
                (allow staff_t power_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow staff_t device_t (dir (getattr open search)))
                (allow staff_t event_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_t device_t (dir (getattr open search)))
                (allow staff_t misc_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_t device_t (dir (getattr open search)))
                (allow staff_t misc_device_t (chr_file (ioctl write getattr lock append open)))
                (allow staff_t device_t (dir (getattr open search)))
                (allow staff_t agp_device_t (chr_file (getattr)))
                (dontaudit staff_t dri_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow staff_t usbfs_t (dir (getattr open search)))
                (allow staff_t usbfs_t (dir (ioctl read getattr lock open search)))
                (allow staff_t usbfs_t (dir (getattr open search)))
                (allow staff_t usbfs_t (file (ioctl read write getattr lock append open)))
                (allow staff_t usbfs_t (dir (getattr open search)))
                (allow staff_t usbfs_t (lnk_file (read getattr)))
                (allow staff_t usr_t (dir (getattr open search)))
                (allow staff_t lib_t (dir (getattr open search)))
                (allow staff_t fonts_t (dir (ioctl read getattr lock open search)))
                (allow staff_t fonts_t (dir (getattr open search)))
                (allow staff_t fonts_t (file (ioctl read getattr lock open)))
                (allow staff_t fonts_t (file (map)))
                (allow staff_t fonts_t (dir (getattr open search)))
                (allow staff_t fonts_t (lnk_file (read getattr)))
                (allow staff_t fonts_cache_t (dir (ioctl read getattr lock open search)))
                (allow staff_t fonts_cache_t (dir (getattr open search)))
                (allow staff_t fonts_cache_t (file (ioctl read getattr lock open)))
                (allow staff_t fonts_cache_t (file (map)))
                (allow staff_t fonts_cache_t (dir (getattr open search)))
                (allow staff_t fonts_cache_t (lnk_file (read getattr)))
                (allow staff_t fonts_t (dir (watch)))
                (typetransition staff_t root_xdrawable_t x_drawable staff_t)
                (typetransition staff_t input_xevent_t x_event user_input_xevent_t)
                (allow staff_t user_input_xevent_t (x_event (send)))
                (allow staff_t user_input_xevent_t (x_synthetic_event (send)))
                (allow staff_t user_input_xevent_t (x_event (receive)))
                (allow staff_t user_input_xevent_t (x_synthetic_event (receive)))
                (allow staff_t client_xevent_t (x_event (receive)))
                (allow staff_t client_xevent_t (x_synthetic_event (receive)))
                (allow staff_t xevent_t (x_event (receive)))
                (allow staff_t xevent_t (x_synthetic_event (receive)))
                (dontaudit staff_t input_xevent_type (x_event (send)))
                (allow staff_t xserver_t (process (siginh)))
                (allow staff_t xserver_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t xserver_t (process (transition)))
                (dontaudit staff_t xserver_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t xserver_exec_t process xserver_t)
                (allow xserver_t staff_t (fd (use)))
                (allow xserver_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow xserver_t staff_t (process (sigchld)))
                (allow staff_t xsession_exec_t (file (entrypoint)))
                (allow staff_t xsession_exec_t (file (ioctl read getattr lock map execute open)))
                (dontaudit staff_t xserver_log_t (file (ioctl write append)))
                (allow staff_t tmp_t (dir (getattr open search)))
                (allow staff_t xdm_tmp_t (dir (getattr open search)))
                (allow staff_t xdm_tmp_t (sock_file (write getattr append open)))
                (allow staff_t xdm_t (unix_stream_socket (connectto)))
                (allow staff_t user_fonts_t (dir (ioctl read getattr lock open watch search)))
                (allow staff_t user_fonts_t (file (ioctl read getattr lock map open)))
                (allow staff_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_fonts_cache_t (file (ioctl read getattr lock map open)))
                (allow staff_t user_fonts_config_t (dir (ioctl read getattr lock open search)))
                (allow staff_t user_fonts_config_t (file (ioctl read getattr lock open)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xdg_cache_t (dir (getattr open search)))
                (allow staff_t xdg_cache_t (dir (getattr open search)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t var_run_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_run_t (dir (getattr open search)))
                (allow staff_t xdm_var_run_t (dir (getattr open search)))
                (allow staff_t xdm_var_run_t (file (ioctl read getattr lock open)))
                (allow staff_t tmp_t (dir (getattr open search)))
                (allow staff_t xdm_tmp_t (dir (ioctl read getattr lock open search)))
                (allow staff_t xdm_tmp_t (dir (ioctl write getattr lock open add_name search)))
                (allow staff_t xdm_tmp_t (sock_file (create getattr open)))
                (allow staff_t xdm_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t xdm_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t xsession_log_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xserver_tmp_t (file (ioctl read write getattr lock append open)))
                (allow staff_t iceauth_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t iceauth_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t xauth_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t xauth_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t user_fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t user_fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_fonts_t (dir (getattr open search)))
                (allow staff_t user_fonts_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t user_fonts_t (dir (getattr open search)))
                (allow staff_t user_fonts_t (file (getattr relabelfrom relabelto)))
                (allow staff_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_fonts_cache_t (dir (getattr open search)))
                (allow staff_t user_fonts_cache_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t user_fonts_cache_t (dir (getattr open search)))
                (allow staff_t user_fonts_cache_t (file (getattr relabelfrom relabelto)))
                (allow staff_t user_fonts_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_config_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t user_fonts_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_fonts_config_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t user_fonts_config_t (dir (getattr open search)))
                (allow staff_t user_fonts_config_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t user_fonts_config_t (dir (getattr open search)))
                (allow staff_t user_fonts_config_t (file (getattr relabelfrom relabelto)))
                (allow staff_t mesa_shader_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t mesa_shader_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mesa_shader_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t mesa_shader_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t mesa_shader_cache_t (file (map)))
                (allow staff_t mesa_shader_cache_t (dir (getattr open search)))
                (allow staff_t mesa_shader_cache_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t mesa_shader_cache_t (dir (getattr open search)))
                (allow staff_t mesa_shader_cache_t (file (getattr relabelfrom relabelto)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t var_t (dir (getattr open search)))
                (allow staff_t var_lib_t (dir (getattr open search)))
                (allow staff_t xkb_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow staff_t xkb_var_lib_t (dir (getattr open search)))
                (allow staff_t xkb_var_lib_t (file (ioctl read getattr lock open)))
                (allow staff_t xkb_var_lib_t (dir (getattr open search)))
                (allow staff_t xkb_var_lib_t (lnk_file (read getattr)))
                (allow staff_t xkb_var_lib_t (file (map)))
                (allow staff_t xdm_t (unix_stream_socket (accept)))
                (typetransition staff_t user_home_dir_t file ".ICEauthority" iceauth_home_t)
                (typetransition staff_t user_home_dir_t file ".xsession-errors" xsession_log_t)
                (booleanif (xserver_allow_dri)
                    (true
                        (allow staff_t dri_device_t (chr_file (map)))
                        (allow staff_t dri_device_t (chr_file (ioctl read write getattr lock append open)))
                        (allow staff_t device_t (dir (getattr open search)))
                    )
                )
                (booleanif (or (allow_write_xshm) (xserver_client_writes_xserver_tmpfs))
                    (true
                        (allow staff_t xserver_tmpfs_t (file (ioctl read write getattr lock append open)))
                        (allow staff_t xserver_tmpfs_t (file (ioctl read write getattr lock append open)))
                    )
                )
                (booleanif (allow_write_xshm)
                    (true
                        (allow staff_t xserver_t (shm (getattr read write associate unix_read unix_write lock)))
                        (allow staff_t xserver_t (shm (getattr read write associate unix_read unix_write lock)))
                    )
                )
                (optional staff_optional_141
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t iceauth_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t iceauth_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t iceauth_t (lnk_file (read getattr)))
                    (allow staff_systemd_t iceauth_t (process (getattr)))
                    (allow staff_systemd_t iceauth_t (process (sigchld sigkill sigstop signull signal)))
                    (allow iceauth_t staff_systemd_t (fd (use)))
                    (allow iceauth_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow iceauth_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow iceauth_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow iceauth_t staff_systemd_t (lnk_file (read getattr)))
                    (allow iceauth_t staff_systemd_t (process (getattr)))
                    (allow iceauth_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t xauth_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t xauth_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t xauth_t (lnk_file (read getattr)))
                    (allow staff_systemd_t xauth_t (process (getattr)))
                    (allow staff_systemd_t xauth_t (process (sigchld sigkill sigstop signull signal)))
                    (allow xauth_t staff_systemd_t (fd (use)))
                    (allow xauth_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow xauth_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow xauth_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow xauth_t staff_systemd_t (lnk_file (read getattr)))
                    (allow xauth_t staff_systemd_t (process (getattr)))
                    (allow xauth_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t xserver_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t xserver_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t xserver_t (lnk_file (read getattr)))
                    (allow staff_systemd_t xserver_t (process (getattr)))
                    (allow staff_systemd_t xserver_t (process (sigchld sigkill sigstop signull signal)))
                    (allow xserver_t staff_systemd_t (fd (use)))
                    (allow xserver_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow xserver_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow xserver_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow xserver_t staff_systemd_t (lnk_file (read getattr)))
                    (allow xserver_t staff_systemd_t (process (getattr)))
                    (allow xserver_t staff_systemd_t (process (sigchld)))
                    (optional staff_optional_142
                        (typeattributeset cil_gen_require staff_systemd_t)
                        (allow staff_systemd_t xserver_t (dir (ioctl read getattr lock open search)))
                        (allow staff_systemd_t xserver_t (file (ioctl read getattr lock open)))
                        (allow staff_systemd_t xserver_t (lnk_file (read getattr)))
                        (allow staff_systemd_t xserver_t (process (getattr)))
                        (allow staff_systemd_t xserver_t (process (sigchld sigkill sigstop signull signal)))
                        (allow xserver_t staff_systemd_t (fd (use)))
                        (allow xserver_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                        (allow xserver_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                        (allow xserver_t staff_systemd_t (file (ioctl read getattr lock open)))
                        (allow xserver_t staff_systemd_t (lnk_file (read getattr)))
                        (allow xserver_t staff_systemd_t (process (getattr)))
                        (allow xserver_t staff_systemd_t (process (sigchld)))
                    )
                )
                (optional staff_optional_143
                    (typeattributeset cil_gen_require user_home_dir_t)
                    (typeattributeset cil_gen_require home_root_t)
                    (typeattributeset cil_gen_require xdg_cache_t)
                    (allow staff_t user_home_dir_t (dir (getattr open search)))
                    (allow staff_t home_root_t (dir (getattr open search)))
                    (allow staff_t home_root_t (lnk_file (read getattr)))
                    (allow staff_t xdg_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                    (allow staff_t xdg_cache_t (dir (create getattr)))
                    (typetransition staff_t xdg_cache_t dir "mesa_shader_cache" mesa_shader_cache_t)
                )
            )
            (optional staff_optional_144
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r chkpwd_t)
                (allow staff_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t chkpwd_t (process (transition)))
                (dontaudit staff_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t staff_t (fd (use)))
                (allow chkpwd_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t staff_t (process (sigchld)))
                (allow staff_t chkpwd_t (dir (ioctl read getattr lock open search)))
                (allow staff_t chkpwd_t (file (ioctl read getattr lock open)))
                (allow staff_t chkpwd_t (lnk_file (read getattr)))
                (allow staff_t chkpwd_t (process (getattr)))
                (dontaudit staff_t shadow_t (file (ioctl read getattr lock open)))
            )
            (optional staff_optional_145
                (roleattributeset cil_gen_require bluetooth_helper_roles)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require bluetooth_t)
                (typeattributeset cil_gen_require bluetooth_helper_t)
                (typeattributeset cil_gen_require bluetooth_helper_exec_t)
                (typeattributeset cil_gen_require bluetooth_helper_tmp_t)
                (typeattributeset cil_gen_require bluetooth_helper_tmpfs_t)
                (typeattributeset cil_gen_require bluetooth_runtime_t)
                (roleattributeset cil_gen_require bluetooth_helper_roles)
                (roleattributeset bluetooth_helper_roles (staff_r ))
                (allow staff_application_exec_domain bluetooth_helper_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain bluetooth_helper_t (process (transition)))
                (dontaudit staff_application_exec_domain bluetooth_helper_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain bluetooth_helper_exec_t process bluetooth_helper_t)
                (allow bluetooth_helper_t staff_application_exec_domain (fd (use)))
                (allow bluetooth_helper_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow bluetooth_helper_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain bluetooth_helper_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain bluetooth_helper_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain bluetooth_helper_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain bluetooth_helper_t (process (getattr)))
                (allow staff_application_exec_domain bluetooth_helper_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain bluetooth_t (socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_t bluetooth_helper_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t bluetooth_helper_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t bluetooth_helper_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t bluetooth_helper_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t bluetooth_helper_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_application_exec_domain bluetooth_runtime_t (dir (getattr open search)))
                (allow staff_application_exec_domain bluetooth_runtime_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain bluetooth_t (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain var_run_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain var_t (dir (getattr open search)))
                (allow staff_application_exec_domain var_run_t (dir (getattr open search)))
                (optional staff_optional_146
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t bluetooth_helper_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t bluetooth_helper_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t bluetooth_helper_t (lnk_file (read getattr)))
                    (allow staff_systemd_t bluetooth_helper_t (process (getattr)))
                    (allow staff_systemd_t bluetooth_helper_t (process (sigchld sigkill sigstop signull signal)))
                    (allow bluetooth_helper_t staff_systemd_t (fd (use)))
                    (allow bluetooth_helper_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow bluetooth_helper_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow bluetooth_helper_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow bluetooth_helper_t staff_systemd_t (lnk_file (read getattr)))
                    (allow bluetooth_helper_t staff_systemd_t (process (getattr)))
                    (allow bluetooth_helper_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_147
                (roleattributeset cil_gen_require cdrecord_roles)
                (typeattributeset cil_gen_require cdrecord_t)
                (typeattributeset cil_gen_require cdrecord_exec_t)
                (roleattributeset cil_gen_require cdrecord_roles)
                (roleattributeset cdrecord_roles (staff_r ))
                (allow staff_application_exec_domain cdrecord_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain cdrecord_t (process (transition)))
                (dontaudit staff_application_exec_domain cdrecord_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain cdrecord_exec_t process cdrecord_t)
                (allow cdrecord_t staff_application_exec_domain (fd (use)))
                (allow cdrecord_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow cdrecord_t staff_application_exec_domain (process (sigchld)))
                (allow cdrecord_t staff_application_exec_domain (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_application_exec_domain cdrecord_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain cdrecord_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain cdrecord_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain cdrecord_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain cdrecord_t (process (getattr)))
                (optional staff_optional_148
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t cdrecord_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t cdrecord_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t cdrecord_t (lnk_file (read getattr)))
                    (allow staff_systemd_t cdrecord_t (process (getattr)))
                    (allow staff_systemd_t cdrecord_t (process (sigchld sigkill sigstop signull signal)))
                    (allow cdrecord_t staff_systemd_t (fd (use)))
                    (allow cdrecord_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow cdrecord_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow cdrecord_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow cdrecord_t staff_systemd_t (lnk_file (read getattr)))
                    (allow cdrecord_t staff_systemd_t (process (getattr)))
                    (allow cdrecord_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_149
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require chromium_t)
                (typeattributeset cil_gen_require chromium_renderer_t)
                (typeattributeset cil_gen_require chromium_sandbox_t)
                (typeattributeset cil_gen_require chromium_naclhelper_t)
                (typeattributeset cil_gen_require chromium_exec_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r chromium_t)
                (roletype staff_r chromium_renderer_t)
                (roletype staff_r chromium_sandbox_t)
                (roletype staff_r chromium_naclhelper_t)
                (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                (allow staff_application_exec_domain chromium_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain chromium_t (process (transition)))
                (dontaudit staff_application_exec_domain chromium_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain chromium_exec_t process chromium_t)
                (allow chromium_t staff_application_exec_domain (fd (use)))
                (allow chromium_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow chromium_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain chromium_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain chromium_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain chromium_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain chromium_t (process (getattr)))
                (allow staff_application_exec_domain chromium_renderer_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain chromium_renderer_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain chromium_renderer_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain chromium_renderer_t (process (getattr)))
                (allow staff_application_exec_domain chromium_t (process (sigchld sigkill sigstop signull signal)))
                (allow staff_application_exec_domain chromium_renderer_t (process (sigchld sigkill sigstop signull signal)))
                (allow staff_application_exec_domain chromium_sandbox_t (process (sigchld sigkill sigstop signull signal)))
                (allow staff_application_exec_domain chromium_naclhelper_t (process (sigchld sigkill sigstop signull signal)))
                (allow chromium_t staff_application_exec_domain (process (signull signal)))
                (allow staff_application_exec_domain chromium_t (unix_stream_socket (connectto)))
                (allow chromium_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow chromium_sandbox_t staff_application_exec_domain (fd (use)))
                (allow chromium_naclhelper_t staff_application_exec_domain (fd (use)))
                (allow staff_application_exec_domain chromium_t (dbus (send_msg)))
                (allow chromium_t staff_application_exec_domain (dbus (send_msg)))
                (optional staff_optional_150
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t chromium_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t chromium_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t chromium_t (lnk_file (read getattr)))
                    (allow staff_systemd_t chromium_t (process (getattr)))
                    (allow staff_systemd_t chromium_t (process (sigchld sigkill sigstop signull signal)))
                    (allow chromium_t staff_systemd_t (fd (use)))
                    (allow chromium_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow chromium_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow chromium_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow chromium_t staff_systemd_t (lnk_file (read getattr)))
                    (allow chromium_t staff_systemd_t (process (getattr)))
                    (allow chromium_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_151
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require cronjob_t)
                (typeattributeset cil_gen_require crontab_t)
                (typeattributeset cil_gen_require crontab_exec_t)
                (typeattributeset cil_gen_require user_cron_spool_t)
                (typeattributeset cil_gen_require crond_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r cronjob_t)
                (roletype staff_r crontab_t)
                (allow staff_t crontab_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t crontab_t (process (transition)))
                (dontaudit staff_t crontab_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t crontab_exec_t process crontab_t)
                (allow crontab_t staff_t (fd (use)))
                (allow crontab_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow crontab_t staff_t (process (sigchld)))
                (dontaudit crond_t staff_application_exec_domain (process (noatsecure siginh rlimitinh)))
                (allow staff_t crond_t (process (sigchld)))
                (allow staff_t user_cron_spool_t (file (ioctl read write getattr lock append)))
                (allow staff_t crontab_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t crontab_t (dir (ioctl read getattr lock open search)))
                (allow staff_t crontab_t (file (ioctl read getattr lock open)))
                (allow staff_t crontab_t (lnk_file (read getattr)))
                (allow staff_t crontab_t (process (getattr)))
                (allow crontab_t bin_t (dir (getattr open search)))
                (allow crontab_t bin_t (lnk_file (read getattr)))
                (allow crontab_t usr_t (dir (getattr open search)))
                (allow crontab_t bin_t (dir (getattr open search)))
                (allow crontab_t bin_t (dir (ioctl read getattr lock open search)))
                (allow crontab_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                (allow crontab_t bin_t (dir (getattr open search)))
                (allow crontab_t bin_t (lnk_file (read getattr)))
                (allow crontab_t usr_t (dir (getattr open search)))
                (allow crontab_t bin_t (dir (getattr open search)))
                (allow crontab_t bin_t (dir (ioctl read getattr lock open search)))
                (allow crontab_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                (booleanif (cron_userdomain_transition)
                    (true
                        (allow staff_t cronjob_t (process (getattr)))
                        (allow staff_t cronjob_t (lnk_file (read getattr)))
                        (allow staff_t cronjob_t (file (ioctl read getattr lock open)))
                        (allow staff_t cronjob_t (dir (ioctl read getattr lock open search)))
                        (allow staff_t cronjob_t (process (sigchld sigkill sigstop signull signal ptrace)))
                        (allow staff_t crond_t (fifo_file (ioctl read write getattr lock append open)))
                        (allow staff_t user_cron_spool_t (file (entrypoint)))
                        (allow crond_t staff_t (key (view read write search link setattr create)))
                        (allow crond_t staff_t (fd (use)))
                        (allow crond_t staff_t (process (transition)))
                    )
                    (false
                        (dontaudit staff_t cronjob_t (process (sigchld sigkill sigstop signull signal ptrace)))
                        (dontaudit staff_t crond_t (fifo_file (ioctl read write getattr lock append open)))
                        (dontaudit staff_t user_cron_spool_t (file (entrypoint)))
                        (dontaudit crond_t staff_t (key (view read write search link setattr create)))
                        (dontaudit crond_t staff_t (fd (use)))
                        (dontaudit crond_t staff_t (process (transition)))
                    )
                )
                (optional staff_optional_152
                    (typeattributeset cil_gen_require system_dbusd_t)
                    (allow cronjob_t staff_t (dbus (send_msg)))
                )
            )
            (optional staff_optional_153
                (typeattributeset cil_gen_require dirmngr_t)
                (typeattributeset cil_gen_require dirmngr_exec_t)
                (typeattributeset cil_gen_require dirmngr_tmp_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r dirmngr_t)
                (allow staff_application_exec_domain dirmngr_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain dirmngr_t (process (transition)))
                (dontaudit staff_application_exec_domain dirmngr_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain dirmngr_exec_t process dirmngr_t)
                (allow dirmngr_t staff_application_exec_domain (fd (use)))
                (allow dirmngr_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow dirmngr_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain dirmngr_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain dirmngr_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain dirmngr_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain dirmngr_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain dirmngr_t (process (getattr)))
                (allow dirmngr_t staff_application_exec_domain (fd (use)))
                (allow dirmngr_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow staff_t dirmngr_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (optional staff_optional_154
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t dirmngr_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t dirmngr_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t dirmngr_t (lnk_file (read getattr)))
                    (allow staff_systemd_t dirmngr_t (process (getattr)))
                    (allow staff_systemd_t dirmngr_t (process (sigchld sigkill sigstop signull signal)))
                    (allow dirmngr_t staff_systemd_t (fd (use)))
                    (allow dirmngr_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow dirmngr_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow dirmngr_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow dirmngr_t staff_systemd_t (lnk_file (read getattr)))
                    (allow dirmngr_t staff_systemd_t (process (getattr)))
                    (allow dirmngr_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_155
                (roleattributeset cil_gen_require evolution_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require evolution_t)
                (typeattributeset cil_gen_require evolution_exec_t)
                (typeattributeset cil_gen_require evolution_home_t)
                (typeattributeset cil_gen_require evolution_alarm_t)
                (typeattributeset cil_gen_require evolution_alarm_exec_t)
                (typeattributeset cil_gen_require evolution_alarm_orbit_tmp_t)
                (typeattributeset cil_gen_require evolution_exchange_t)
                (typeattributeset cil_gen_require evolution_exchange_exec_t)
                (typeattributeset cil_gen_require evolution_exchange_tmp_t)
                (typeattributeset cil_gen_require evolution_exchange_orbit_tmp_t)
                (typeattributeset cil_gen_require evolution_orbit_tmp_t)
                (typeattributeset cil_gen_require evolution_server_orbit_tmp_t)
                (typeattributeset cil_gen_require evolution_server_t)
                (typeattributeset cil_gen_require evolution_server_exec_t)
                (typeattributeset cil_gen_require evolution_webcal_t)
                (typeattributeset cil_gen_require evolution_webcal_exec_t)
                (typeattributeset cil_gen_require evolution_alarm_tmpfs_t)
                (typeattributeset cil_gen_require evolution_exchange_tmpfs_t)
                (typeattributeset cil_gen_require evolution_tmpfs_t)
                (typeattributeset cil_gen_require evolution_webcal_tmpfs_t)
                (roleattributeset cil_gen_require evolution_roles)
                (roleattributeset evolution_roles (staff_r ))
                (allow staff_application_exec_domain evolution_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain evolution_t (process (transition)))
                (dontaudit staff_application_exec_domain evolution_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain evolution_exec_t process evolution_t)
                (allow evolution_t staff_application_exec_domain (fd (use)))
                (allow evolution_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain evolution_alarm_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain evolution_alarm_t (process (transition)))
                (dontaudit staff_application_exec_domain evolution_alarm_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain evolution_alarm_exec_t process evolution_alarm_t)
                (allow evolution_alarm_t staff_application_exec_domain (fd (use)))
                (allow evolution_alarm_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_alarm_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain evolution_exchange_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain evolution_exchange_t (process (transition)))
                (dontaudit staff_application_exec_domain evolution_exchange_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain evolution_exchange_exec_t process evolution_exchange_t)
                (allow evolution_exchange_t staff_application_exec_domain (fd (use)))
                (allow evolution_exchange_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_exchange_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain evolution_server_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain evolution_server_t (process (transition)))
                (dontaudit staff_application_exec_domain evolution_server_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain evolution_server_exec_t process evolution_server_t)
                (allow evolution_server_t staff_application_exec_domain (fd (use)))
                (allow evolution_server_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_server_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain evolution_webcal_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain evolution_webcal_t (process (transition)))
                (dontaudit staff_application_exec_domain evolution_webcal_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain evolution_webcal_exec_t process evolution_webcal_t)
                (allow evolution_webcal_t staff_application_exec_domain (fd (use)))
                (allow evolution_webcal_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow evolution_webcal_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain evolution_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow staff_application_exec_domain evolution_alarm_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow staff_application_exec_domain evolution_exchange_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow staff_application_exec_domain evolution_server_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow staff_application_exec_domain evolution_webcal_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure)))
                (allow staff_application_exec_domain evolution_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain evolution_alarm_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain evolution_exchange_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain evolution_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain evolution_alarm_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain evolution_exchange_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain evolution_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain evolution_alarm_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain evolution_exchange_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain evolution_t (process (getattr)))
                (allow staff_application_exec_domain evolution_alarm_t (process (getattr)))
                (allow staff_application_exec_domain evolution_exchange_t (process (getattr)))
                (allow staff_application_exec_domain evolution_server_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain evolution_webcal_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain evolution_server_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain evolution_webcal_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain evolution_server_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain evolution_webcal_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain evolution_server_t (process (getattr)))
                (allow staff_application_exec_domain evolution_webcal_t (process (getattr)))
                (allow evolution_t staff_application_exec_domain (dir (getattr open search)))
                (allow evolution_t staff_application_exec_domain (file (ioctl read getattr lock open)))
                (allow evolution_t staff_application_exec_domain (lnk_file (read getattr)))
                (allow staff_t evolution_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t evolution_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t evolution_exchange_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t evolution_alarm_orbit_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_exchange_orbit_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_orbit_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_server_orbit_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_alarm_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t evolution_exchange_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t evolution_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t evolution_webcal_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t evolution_alarm_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_exchange_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_webcal_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_alarm_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t evolution_exchange_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t evolution_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t evolution_webcal_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t evolution_alarm_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_exchange_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_webcal_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_alarm_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_exchange_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t evolution_webcal_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow evolution_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow evolution_exchange_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain evolution_orbit_tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain evolution_orbit_tmp_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain evolution_t (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain evolution_exchange_orbit_tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain evolution_exchange_orbit_tmp_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain evolution_exchange_t (unix_stream_socket (connectto)))
                (typetransition staff_t user_home_dir_t dir ".evolution" evolution_home_t)
                (typetransition staff_t user_home_dir_t dir ".camel_certs" evolution_home_t)
                (optional staff_optional_156
                    (typeattributeset cil_gen_require evolution_t)
                    (typeattributeset cil_gen_require evolution_alarm_t)
                    (allow staff_application_exec_domain evolution_t (dbus (send_msg)))
                    (allow evolution_t staff_application_exec_domain (dbus (send_msg)))
                    (allow staff_application_exec_domain evolution_alarm_t (dbus (send_msg)))
                    (allow evolution_alarm_t staff_application_exec_domain (dbus (send_msg)))
                )
                (optional staff_optional_157
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t evolution_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t evolution_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t evolution_t (lnk_file (read getattr)))
                    (allow staff_systemd_t evolution_t (process (getattr)))
                    (allow staff_systemd_t evolution_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_t staff_systemd_t (fd (use)))
                    (allow evolution_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_t staff_systemd_t (lnk_file (read getattr)))
                    (allow evolution_t staff_systemd_t (process (getattr)))
                    (allow evolution_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t evolution_alarm_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t evolution_alarm_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t evolution_alarm_t (lnk_file (read getattr)))
                    (allow staff_systemd_t evolution_alarm_t (process (getattr)))
                    (allow staff_systemd_t evolution_alarm_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_alarm_t staff_systemd_t (fd (use)))
                    (allow evolution_alarm_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_alarm_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_alarm_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_alarm_t staff_systemd_t (lnk_file (read getattr)))
                    (allow evolution_alarm_t staff_systemd_t (process (getattr)))
                    (allow evolution_alarm_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t evolution_exchange_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t evolution_exchange_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t evolution_exchange_t (lnk_file (read getattr)))
                    (allow staff_systemd_t evolution_exchange_t (process (getattr)))
                    (allow staff_systemd_t evolution_exchange_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_exchange_t staff_systemd_t (fd (use)))
                    (allow evolution_exchange_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_exchange_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_exchange_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_exchange_t staff_systemd_t (lnk_file (read getattr)))
                    (allow evolution_exchange_t staff_systemd_t (process (getattr)))
                    (allow evolution_exchange_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t evolution_server_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t evolution_server_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t evolution_server_t (lnk_file (read getattr)))
                    (allow staff_systemd_t evolution_server_t (process (getattr)))
                    (allow staff_systemd_t evolution_server_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_server_t staff_systemd_t (fd (use)))
                    (allow evolution_server_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_server_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_server_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_server_t staff_systemd_t (lnk_file (read getattr)))
                    (allow evolution_server_t staff_systemd_t (process (getattr)))
                    (allow evolution_server_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t evolution_webcal_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t evolution_webcal_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t evolution_webcal_t (lnk_file (read getattr)))
                    (allow staff_systemd_t evolution_webcal_t (process (getattr)))
                    (allow staff_systemd_t evolution_webcal_t (process (sigchld sigkill sigstop signull signal)))
                    (allow evolution_webcal_t staff_systemd_t (fd (use)))
                    (allow evolution_webcal_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow evolution_webcal_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow evolution_webcal_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow evolution_webcal_t staff_systemd_t (lnk_file (read getattr)))
                    (allow evolution_webcal_t staff_systemd_t (process (getattr)))
                    (allow evolution_webcal_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_158
                (roleattributeset cil_gen_require games_roles)
                (typeattributeset cil_gen_require games_t)
                (typeattributeset cil_gen_require games_exec_t)
                (typeattributeset cil_gen_require games_tmp_t)
                (typeattributeset cil_gen_require games_tmpfs_t)
                (roleattributeset cil_gen_require games_roles)
                (roleattributeset games_roles (staff_r ))
                (allow staff_application_exec_domain games_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain games_t (process (transition)))
                (dontaudit staff_application_exec_domain games_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain games_exec_t process games_t)
                (allow games_t staff_application_exec_domain (fd (use)))
                (allow games_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow games_t staff_application_exec_domain (process (sigchld)))
                (allow staff_t games_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t games_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t games_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t games_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t games_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_application_exec_domain games_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain games_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain games_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain games_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain games_t (process (getattr)))
                (allow staff_application_exec_domain games_tmpfs_t (dir (getattr open search)))
                (allow staff_application_exec_domain games_tmpfs_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain games_t (unix_stream_socket (connectto)))
                (allow games_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (optional staff_optional_159
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t games_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t games_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t games_t (lnk_file (read getattr)))
                    (allow staff_systemd_t games_t (process (getattr)))
                    (allow staff_systemd_t games_t (process (sigchld sigkill sigstop signull signal)))
                    (allow games_t staff_systemd_t (fd (use)))
                    (allow games_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow games_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow games_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow games_t staff_systemd_t (lnk_file (read getattr)))
                    (allow games_t staff_systemd_t (process (getattr)))
                    (allow games_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_160
                (type staff_gkeyringd_t)
                (roletype object_r staff_gkeyringd_t)
                (roleattributeset cil_gen_require gconfd_roles)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_t ))
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require process_user_target)
                (typeattributeset process_user_target (staff_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_t ))
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require user_runtime_t)
                (typeattributeset cil_gen_require user_runtime_root_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require gnomedomain)
                (typeattributeset cil_gen_require gkeyringd_domain)
                (typeattributeset cil_gen_require gkeyringd_exec_t)
                (typeattributeset cil_gen_require gnome_keyring_home_t)
                (typeattributeset cil_gen_require gnome_keyring_tmp_t)
                (typeattributeset cil_gen_require gconfd_t)
                (typeattributeset cil_gen_require gconfd_exec_t)
                (typeattributeset cil_gen_require gconf_tmp_t)
                (typeattributeset cil_gen_require gconf_home_t)
                (typeattributeset cil_gen_require gnome_home_t)
                (typeattributeset cil_gen_require staff_gkeyringd_t)
                (roleattributeset cil_gen_require gconfd_roles)
                (roleattributeset gconfd_roles (staff_r ))
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r staff_gkeyringd_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_gkeyringd_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (staff_gkeyringd_t ))
                (typeattributeset cil_gen_require gnomedomain)
                (typeattributeset gnomedomain (staff_gkeyringd_t ))
                (typeattributeset cil_gen_require process_user_target)
                (typeattributeset process_user_target (staff_gkeyringd_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_gkeyringd_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (gkeyringd_exec_t ))
                (typeattributeset cil_gen_require gkeyringd_domain)
                (typeattributeset gkeyringd_domain (staff_gkeyringd_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (gkeyringd_exec_t ))
                (allow staff_gkeyringd_t gkeyringd_exec_t (file (entrypoint)))
                (allow staff_gkeyringd_t gkeyringd_exec_t (file (ioctl read getattr lock map execute open)))
                (allow staff_application_exec_domain gconfd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain gconfd_t (process (transition)))
                (dontaudit staff_application_exec_domain gconfd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain gconfd_exec_t process gconfd_t)
                (allow gconfd_t staff_application_exec_domain (fd (use)))
                (allow gconfd_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gconfd_t staff_application_exec_domain (process (sigchld)))
                (allow staff_t gconf_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t gconf_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t gconf_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t gconf_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain gconfd_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain gconfd_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain gconfd_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain gconfd_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain gconfd_t (process (getattr)))
                (allow staff_application_exec_domain gkeyringd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain staff_gkeyringd_t (process (transition)))
                (dontaudit staff_application_exec_domain staff_gkeyringd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain gkeyringd_exec_t process staff_gkeyringd_t)
                (allow staff_gkeyringd_t staff_application_exec_domain (fd (use)))
                (allow staff_gkeyringd_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow staff_gkeyringd_t staff_application_exec_domain (process (sigchld)))
                (allow staff_t gnome_keyring_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t gnome_keyring_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t gnome_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t gnome_keyring_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t gnome_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (getattr open search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t gnome_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t gnome_keyring_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_application_exec_domain staff_gkeyringd_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain staff_gkeyringd_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain staff_gkeyringd_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain staff_gkeyringd_t (process (getattr)))
                (allow staff_application_exec_domain staff_gkeyringd_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_gkeyringd_t bin_t (dir (getattr open search)))
                (allow staff_gkeyringd_t bin_t (lnk_file (read getattr)))
                (allow staff_gkeyringd_t usr_t (dir (getattr open search)))
                (allow staff_gkeyringd_t bin_t (file (ioctl read getattr map execute open)))
                (allow staff_gkeyringd_t staff_t (process (transition)))
                (dontaudit staff_gkeyringd_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_gkeyringd_t bin_t process staff_t)
                (allow staff_gkeyringd_t bin_t (dir (getattr open search)))
                (allow staff_gkeyringd_t bin_t (lnk_file (read getattr)))
                (allow staff_gkeyringd_t usr_t (dir (getattr open search)))
                (allow staff_gkeyringd_t bin_t (dir (getattr open search)))
                (allow staff_gkeyringd_t bin_t (dir (ioctl read getattr lock open search)))
                (allow staff_gkeyringd_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_gkeyringd_t staff_t (process (transition)))
                (dontaudit staff_gkeyringd_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_gkeyringd_t shell_exec_t process staff_t)
                (allow staff_application_exec_domain tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain user_runtime_t (dir (getattr open search)))
                (allow staff_application_exec_domain user_runtime_root_t (dir (getattr open search)))
                (allow staff_application_exec_domain var_run_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain var_t (dir (getattr open search)))
                (allow staff_application_exec_domain var_run_t (dir (getattr open search)))
                (allow staff_application_exec_domain gnome_keyring_tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain gnome_keyring_tmp_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain staff_gkeyringd_t (unix_stream_socket (connectto)))
                (typetransition staff_t gnome_home_t dir "keyrings" gnome_keyring_home_t)
                (typetransition staff_t user_home_dir_t dir ".gnome2_private" gnome_home_t)
                (typetransition staff_t user_home_dir_t dir ".gnome2" gnome_home_t)
                (typetransition staff_t user_home_dir_t dir ".gnome" gnome_home_t)
                (typetransition staff_t user_home_dir_t dir ".gconfd" gconf_home_t)
                (typetransition staff_t user_home_dir_t dir ".gconf" gconf_home_t)
                (optional staff_optional_161
                    (typeattributeset cil_gen_require init_t)
                    (allow staff_gkeyringd_t init_t (process (sigchld)))
                    (allow staff_gkeyringd_t init_t (process (signull)))
                    (optional staff_optional_162
                        (typeattributeset cil_gen_require rpm_t)
                        (allow staff_gkeyringd_t rpm_t (fd (use)))
                        (allow staff_gkeyringd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional staff_optional_163
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit staff_gkeyringd_t security_t (filesystem (getattr)))
                        (dontaudit staff_gkeyringd_t sysfs_t (filesystem (getattr)))
                        (dontaudit staff_gkeyringd_t sysfs_t (dir (getattr open search)))
                        (dontaudit staff_gkeyringd_t security_t (dir (getattr open search)))
                        (dontaudit staff_gkeyringd_t security_t (file (ioctl read getattr lock open)))
                        (optional staff_optional_164
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit staff_gkeyringd_t selinux_config_t (dir (getattr open search)))
                            (dontaudit staff_gkeyringd_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional staff_optional_165
                                (typeattributeset cil_gen_require staff_systemd_t)
                                (allow staff_systemd_t gconfd_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t gconfd_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t gconfd_t (lnk_file (read getattr)))
                                (allow staff_systemd_t gconfd_t (process (getattr)))
                                (allow staff_systemd_t gconfd_t (process (sigchld sigkill sigstop signull signal)))
                                (allow gconfd_t staff_systemd_t (fd (use)))
                                (allow gconfd_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow gconfd_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow gconfd_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow gconfd_t staff_systemd_t (lnk_file (read getattr)))
                                (allow gconfd_t staff_systemd_t (process (getattr)))
                                (allow gconfd_t staff_systemd_t (process (sigchld)))
                            )
                            (optional staff_optional_166
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require staff_dbusd_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require dbusd_session_bus_client)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (staff_gkeyringd_t ))
                                (typeattributeset cil_gen_require dbusd_session_bus_client)
                                (typeattributeset dbusd_session_bus_client (staff_gkeyringd_t ))
                                (allow staff_dbusd_t gkeyringd_exec_t (file (ioctl read getattr map execute open)))
                                (allow staff_dbusd_t staff_gkeyringd_t (process (transition)))
                                (dontaudit staff_dbusd_t staff_gkeyringd_t (process (noatsecure siginh rlimitinh)))
                                (typetransition staff_dbusd_t gkeyringd_exec_t process staff_gkeyringd_t)
                                (allow staff_gkeyringd_t staff_dbusd_t (fd (use)))
                                (allow staff_gkeyringd_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                                (allow staff_gkeyringd_t staff_dbusd_t (process (sigchld)))
                                (allow staff_gkeyringd_t staff_dbusd_t (dbus (send_msg)))
                                (allow staff_gkeyringd_t self (dbus (send_msg)))
                                (allow staff_dbusd_t staff_gkeyringd_t (dbus (send_msg)))
                                (allow staff_gkeyringd_t staff_dbusd_t (unix_stream_socket (connectto)))
                                (allow staff_gkeyringd_t staff_dbusd_t (fd (use)))
                                (allow staff_gkeyringd_t staff_dbusd_t (dbus (acquire_svc)))
                                (allow staff_gkeyringd_t system_dbusd_t (dbus (send_msg)))
                                (allow staff_gkeyringd_t self (dbus (send_msg)))
                                (allow system_dbusd_t staff_gkeyringd_t (dbus (send_msg)))
                                (allow staff_gkeyringd_t var_t (dir (getattr open search)))
                                (allow staff_gkeyringd_t var_lib_t (dir (getattr open search)))
                                (allow staff_gkeyringd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_gkeyringd_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow staff_gkeyringd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_gkeyringd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow staff_gkeyringd_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow staff_gkeyringd_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow staff_gkeyringd_t var_run_t (lnk_file (read getattr)))
                                (allow staff_gkeyringd_t var_t (dir (getattr open search)))
                                (allow staff_gkeyringd_t var_run_t (dir (getattr open search)))
                                (allow staff_gkeyringd_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow staff_gkeyringd_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow staff_gkeyringd_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow staff_gkeyringd_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow staff_gkeyringd_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow staff_gkeyringd_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow staff_gkeyringd_t system_dbusd_runtime_t (sock_file (read)))
                                (allow staff_gkeyringd_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_gkeyringd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (optional staff_optional_167
                                    (typeattributeset cil_gen_require evolution_t)
                                    (allow staff_gkeyringd_t evolution_t (dbus (send_msg)))
                                    (allow evolution_t staff_gkeyringd_t (dbus (send_msg)))
                                )
                                (optional staff_optional_168
                                    (typeattributeset cil_gen_require gconfd_t)
                                    (typeattributeset cil_gen_require staff_gkeyringd_t)
                                    (allow staff_application_exec_domain gconfd_t (dbus (send_msg)))
                                    (allow gconfd_t staff_application_exec_domain (dbus (send_msg)))
                                    (allow staff_application_exec_domain staff_gkeyringd_t (dbus (send_msg)))
                                    (allow staff_gkeyringd_t staff_application_exec_domain (dbus (send_msg)))
                                    (optional staff_optional_169
                                        (typeattributeset cil_gen_require staff_wm_t)
                                        (allow staff_gkeyringd_t staff_wm_t (dbus (send_msg)))
                                        (allow staff_wm_t staff_gkeyringd_t (dbus (send_msg)))
                                    )
                                )
                            )
                            (optional staff_optional_170
                                (typeattributeset cil_gen_require staff_systemd_t)
                                (allow staff_systemd_t staff_gkeyringd_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t staff_gkeyringd_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t staff_gkeyringd_t (lnk_file (read getattr)))
                                (allow staff_systemd_t staff_gkeyringd_t (process (getattr)))
                                (allow staff_systemd_t staff_gkeyringd_t (process (sigchld sigkill sigstop signull signal)))
                                (allow staff_gkeyringd_t staff_systemd_t (fd (use)))
                                (allow staff_gkeyringd_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow staff_gkeyringd_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow staff_gkeyringd_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow staff_gkeyringd_t staff_systemd_t (lnk_file (read getattr)))
                                (allow staff_gkeyringd_t staff_systemd_t (process (getattr)))
                                (allow staff_gkeyringd_t staff_systemd_t (process (sigchld)))
                            )
                        )
                    )
                )
            )
            (optional staff_optional_171
                (roleattributeset cil_gen_require gpg_roles)
                (roleattributeset cil_gen_require gpg_agent_roles)
                (roleattributeset cil_gen_require gpg_helper_roles)
                (roleattributeset cil_gen_require gpg_pinentry_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require gpg_agent_t)
                (typeattributeset cil_gen_require gpg_agent_tmp_t)
                (typeattributeset cil_gen_require gpg_secret_t)
                (typeattributeset cil_gen_require gpg_t)
                (typeattributeset cil_gen_require gpg_exec_t)
                (typeattributeset cil_gen_require gpg_agent_exec_t)
                (typeattributeset cil_gen_require gpg_helper_t)
                (typeattributeset cil_gen_require gpg_pinentry_t)
                (typeattributeset cil_gen_require gpg_pinentry_tmp_t)
                (roleattributeset cil_gen_require gpg_pinentry_roles)
                (roleattributeset gpg_pinentry_roles (staff_r ))
                (roleattributeset cil_gen_require gpg_agent_roles)
                (roleattributeset gpg_agent_roles (staff_r ))
                (roleattributeset cil_gen_require gpg_helper_roles)
                (roleattributeset gpg_helper_roles (staff_r ))
                (roleattributeset cil_gen_require gpg_roles)
                (roleattributeset gpg_roles (staff_r ))
                (allow staff_application_exec_domain gpg_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain gpg_t (process (transition)))
                (dontaudit staff_application_exec_domain gpg_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain gpg_exec_t process gpg_t)
                (allow gpg_t staff_application_exec_domain (fd (use)))
                (allow gpg_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain gpg_agent_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain gpg_agent_t (process (transition)))
                (dontaudit staff_application_exec_domain gpg_agent_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain gpg_agent_exec_t process gpg_agent_t)
                (allow gpg_agent_t staff_application_exec_domain (fd (use)))
                (allow gpg_agent_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_agent_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain self (process (setrlimit)))
                (allow staff_application_exec_domain gpg_agent_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain gpg_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain gpg_helper_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain gpg_pinentry_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain gpg_agent_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain gpg_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain gpg_helper_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain gpg_pinentry_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain gpg_agent_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain gpg_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain gpg_helper_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain gpg_pinentry_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain gpg_agent_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain gpg_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain gpg_helper_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain gpg_pinentry_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain gpg_agent_t (process (getattr)))
                (allow staff_application_exec_domain gpg_t (process (getattr)))
                (allow staff_application_exec_domain gpg_helper_t (process (getattr)))
                (allow staff_application_exec_domain gpg_pinentry_t (process (getattr)))
                (allow gpg_pinentry_t staff_application_exec_domain (process (signull)))
                (allow gpg_helper_t staff_application_exec_domain (fd (use)))
                (allow gpg_agent_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_helper_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow gpg_pinentry_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow staff_t gpg_agent_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t gpg_secret_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t gpg_agent_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t gpg_secret_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t gpg_secret_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t gpg_agent_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t gpg_secret_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t gpg_pinentry_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t gpg_secret_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".gnupg" gpg_secret_t)
                (typetransition staff_t gpg_secret_t sock_file "log-socket" gpg_agent_tmp_t)
                (optional staff_optional_172
                    (typeattributeset cil_gen_require gpg_pinentry_t)
                    (allow staff_application_exec_domain gpg_pinentry_t (dbus (send_msg)))
                    (allow gpg_pinentry_t staff_application_exec_domain (dbus (send_msg)))
                )
                (optional staff_optional_173
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t gpg_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t gpg_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t gpg_t (lnk_file (read getattr)))
                    (allow staff_systemd_t gpg_t (process (getattr)))
                    (allow staff_systemd_t gpg_t (process (sigchld sigkill sigstop signull signal)))
                    (allow gpg_t staff_systemd_t (fd (use)))
                    (allow gpg_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow gpg_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow gpg_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow gpg_t staff_systemd_t (lnk_file (read getattr)))
                    (allow gpg_t staff_systemd_t (process (getattr)))
                    (allow gpg_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t gpg_agent_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t gpg_agent_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t gpg_agent_t (lnk_file (read getattr)))
                    (allow staff_systemd_t gpg_agent_t (process (getattr)))
                    (allow staff_systemd_t gpg_agent_t (process (sigchld sigkill sigstop signull signal)))
                    (allow gpg_agent_t staff_systemd_t (fd (use)))
                    (allow gpg_agent_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow gpg_agent_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow gpg_agent_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow gpg_agent_t staff_systemd_t (lnk_file (read getattr)))
                    (allow gpg_agent_t staff_systemd_t (process (getattr)))
                    (allow gpg_agent_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_174
                (roleattributeset cil_gen_require irc_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require irc_t)
                (typeattributeset cil_gen_require irc_exec_t)
                (typeattributeset cil_gen_require irc_home_t)
                (typeattributeset cil_gen_require irc_tmp_t)
                (typeattributeset cil_gen_require irc_log_home_t)
                (roleattributeset cil_gen_require irc_roles)
                (roleattributeset irc_roles (staff_r ))
                (allow staff_application_exec_domain irc_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain irc_t (process (transition)))
                (dontaudit staff_application_exec_domain irc_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain irc_exec_t process irc_t)
                (allow irc_t staff_application_exec_domain (fd (use)))
                (allow irc_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow irc_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain irc_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain irc_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain irc_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain irc_t (process (getattr)))
                (allow staff_application_exec_domain irc_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t irc_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t irc_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t irc_log_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t irc_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t irc_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t irc_log_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t irc_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t irc_tmp_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t irc_log_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir "irclogs" irc_log_home_t)
                (typetransition staff_t user_home_dir_t file ".ircmotd" irc_home_t)
                (typetransition staff_t user_home_dir_t dir ".irssi" irc_home_t)
                (optional staff_optional_175
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t irc_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t irc_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t irc_t (lnk_file (read getattr)))
                    (allow staff_systemd_t irc_t (process (getattr)))
                    (allow staff_systemd_t irc_t (process (sigchld sigkill sigstop signull signal)))
                    (allow irc_t staff_systemd_t (fd (use)))
                    (allow irc_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow irc_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow irc_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow irc_t staff_systemd_t (lnk_file (read getattr)))
                    (allow irc_t staff_systemd_t (process (getattr)))
                    (allow irc_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_176
                (roleattributeset cil_gen_require java_roles)
                (typeattributeset cil_gen_require java_t)
                (typeattributeset cil_gen_require java_exec_t)
                (typeattributeset cil_gen_require java_tmp_t)
                (typeattributeset cil_gen_require java_tmpfs_t)
                (typeattributeset cil_gen_require java_home_t)
                (roleattributeset cil_gen_require java_roles)
                (roleattributeset java_roles (staff_r ))
                (allow staff_application_exec_domain java_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain java_t (process (transition)))
                (dontaudit staff_application_exec_domain java_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain java_exec_t process java_t)
                (allow java_t staff_application_exec_domain (fd (use)))
                (allow java_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow java_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain java_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure siginh rlimitinh)))
                (allow staff_application_exec_domain java_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain java_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain java_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain java_t (process (getattr)))
                (allow staff_t java_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t java_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t java_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t java_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t java_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t java_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow java_t staff_application_exec_domain (process (signull)))
                (allow java_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow java_t staff_application_exec_domain (unix_stream_socket (read write)))
                (allow java_t staff_application_exec_domain (tcp_socket (read write)))
                (allow staff_t java_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t java_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t java_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t java_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (optional staff_optional_177
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t java_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t java_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t java_t (lnk_file (read getattr)))
                    (allow staff_systemd_t java_t (process (getattr)))
                    (allow staff_systemd_t java_t (process (sigchld sigkill sigstop signull signal)))
                    (allow java_t staff_systemd_t (fd (use)))
                    (allow java_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow java_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow java_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow java_t staff_systemd_t (lnk_file (read getattr)))
                    (allow java_t staff_systemd_t (process (getattr)))
                    (allow java_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_178
                (roleattributeset cil_gen_require libmtp_roles)
                (typeattributeset cil_gen_require libmtp_t)
                (typeattributeset cil_gen_require libmtp_exec_t)
                (roleattributeset cil_gen_require libmtp_roles)
                (roleattributeset libmtp_roles (staff_r ))
                (allow staff_application_exec_domain libmtp_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain libmtp_t (process (transition)))
                (dontaudit staff_application_exec_domain libmtp_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain libmtp_exec_t process libmtp_t)
                (allow libmtp_t staff_application_exec_domain (fd (use)))
                (allow libmtp_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow libmtp_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain libmtp_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain libmtp_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain libmtp_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain libmtp_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain libmtp_t (process (getattr)))
                (optional staff_optional_179
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t libmtp_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t libmtp_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t libmtp_t (lnk_file (read getattr)))
                    (allow staff_systemd_t libmtp_t (process (getattr)))
                    (allow staff_systemd_t libmtp_t (process (sigchld sigkill sigstop signull signal)))
                    (allow libmtp_t staff_systemd_t (fd (use)))
                    (allow libmtp_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow libmtp_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow libmtp_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow libmtp_t staff_systemd_t (lnk_file (read getattr)))
                    (allow libmtp_t staff_systemd_t (process (getattr)))
                    (allow libmtp_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_180
                (roleattributeset cil_gen_require lpr_roles)
                (typeattributeset cil_gen_require lpr_t)
                (typeattributeset cil_gen_require lpr_exec_t)
                (roleattributeset cil_gen_require lpr_roles)
                (roleattributeset lpr_roles (staff_r ))
                (allow staff_application_exec_domain lpr_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain lpr_t (process (transition)))
                (dontaudit staff_application_exec_domain lpr_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain lpr_exec_t process lpr_t)
                (allow lpr_t staff_application_exec_domain (fd (use)))
                (allow lpr_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow lpr_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain lpr_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain lpr_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain lpr_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain lpr_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain lpr_t (process (getattr)))
                (dontaudit lpr_t staff_application_exec_domain (unix_stream_socket (read write)))
                (optional staff_optional_181
                    (typeattributeset cil_gen_require etc_t)
                    (typeattributeset cil_gen_require cupsd_etc_t)
                    (typeattributeset cil_gen_require cupsd_rw_etc_t)
                    (allow staff_application_exec_domain etc_t (dir (getattr open search)))
                    (allow staff_application_exec_domain cupsd_etc_t (dir (getattr open search)))
                    (allow staff_application_exec_domain cupsd_rw_etc_t (dir (getattr open search)))
                    (allow staff_application_exec_domain cupsd_etc_t (file (ioctl read getattr lock open)))
                    (allow staff_application_exec_domain cupsd_rw_etc_t (file (ioctl read getattr lock open)))
                )
                (optional staff_optional_182
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t lpr_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t lpr_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t lpr_t (lnk_file (read getattr)))
                    (allow staff_systemd_t lpr_t (process (getattr)))
                    (allow staff_systemd_t lpr_t (process (sigchld sigkill sigstop signull signal)))
                    (allow lpr_t staff_systemd_t (fd (use)))
                    (allow lpr_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow lpr_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow lpr_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow lpr_t staff_systemd_t (lnk_file (read getattr)))
                    (allow lpr_t staff_systemd_t (process (getattr)))
                    (allow lpr_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_183
                (roleattributeset cil_gen_require mozilla_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mozilla_t)
                (typeattributeset cil_gen_require mozilla_exec_t)
                (typeattributeset cil_gen_require mozilla_home_t)
                (typeattributeset cil_gen_require mozilla_tmp_t)
                (typeattributeset cil_gen_require mozilla_tmpfs_t)
                (typeattributeset cil_gen_require mozilla_plugin_tmp_t)
                (typeattributeset cil_gen_require mozilla_plugin_tmpfs_t)
                (typeattributeset cil_gen_require mozilla_plugin_home_t)
                (roleattributeset cil_gen_require mozilla_roles)
                (roleattributeset mozilla_roles (staff_r ))
                (allow staff_application_exec_domain mozilla_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain mozilla_t (process (transition)))
                (dontaudit staff_application_exec_domain mozilla_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain mozilla_exec_t process mozilla_t)
                (allow mozilla_t staff_application_exec_domain (fd (use)))
                (allow mozilla_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow mozilla_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain mozilla_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure siginh rlimitinh)))
                (allow staff_application_exec_domain mozilla_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain mozilla_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain mozilla_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain mozilla_t (process (getattr)))
                (allow mozilla_t staff_application_exec_domain (process (signull)))
                (allow mozilla_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain mozilla_t (fd (use)))
                (allow staff_application_exec_domain mozilla_t (shm (getattr read write associate unix_read unix_write lock)))
                (allow staff_application_exec_domain mozilla_tmpfs_t (dir (getattr open search)))
                (allow staff_application_exec_domain mozilla_tmpfs_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain mozilla_t (unix_stream_socket (connectto)))
                (allow staff_t mozilla_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mozilla_plugin_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mozilla_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_plugin_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t mozilla_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t mozilla_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mozilla_plugin_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mozilla_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_plugin_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_plugin_tmp_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mozilla_plugin_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mozilla_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_plugin_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_plugin_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mozilla_plugin_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (typetransition staff_t mozilla_home_t dir "plugins" mozilla_plugin_home_t)
                (typetransition staff_t user_home_dir_t dir ".phoenix" mozilla_home_t)
                (typetransition staff_t user_home_dir_t dir ".netscape" mozilla_home_t)
                (typetransition staff_t user_home_dir_t dir ".mozilla" mozilla_home_t)
                (typetransition staff_t user_home_dir_t dir ".galeon" mozilla_home_t)
                (optional staff_optional_184
                    (typeattributeset cil_gen_require mozilla_t)
                    (allow staff_application_exec_domain mozilla_t (dbus (send_msg)))
                    (allow mozilla_t staff_application_exec_domain (dbus (send_msg)))
                )
                (optional staff_optional_185
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t mozilla_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t mozilla_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t mozilla_t (lnk_file (read getattr)))
                    (allow staff_systemd_t mozilla_t (process (getattr)))
                    (allow staff_systemd_t mozilla_t (process (sigchld sigkill sigstop signull signal)))
                    (allow mozilla_t staff_systemd_t (fd (use)))
                    (allow mozilla_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow mozilla_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow mozilla_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow mozilla_t staff_systemd_t (lnk_file (read getattr)))
                    (allow mozilla_t staff_systemd_t (process (getattr)))
                    (allow mozilla_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_186
                (roleattributeset cil_gen_require mencoder_roles)
                (roleattributeset cil_gen_require mplayer_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mencoder_t)
                (typeattributeset cil_gen_require mencoder_exec_t)
                (typeattributeset cil_gen_require mplayer_home_t)
                (typeattributeset cil_gen_require mplayer_t)
                (typeattributeset cil_gen_require mplayer_exec_t)
                (typeattributeset cil_gen_require mplayer_tmpfs_t)
                (roleattributeset cil_gen_require mplayer_roles)
                (roleattributeset mplayer_roles (staff_r ))
                (roleattributeset cil_gen_require mencoder_roles)
                (roleattributeset mencoder_roles (staff_r ))
                (allow staff_application_exec_domain mencoder_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain mencoder_t (process (transition)))
                (dontaudit staff_application_exec_domain mencoder_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain mencoder_exec_t process mencoder_t)
                (allow mencoder_t staff_application_exec_domain (fd (use)))
                (allow mencoder_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow mencoder_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain mplayer_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain mplayer_t (process (transition)))
                (dontaudit staff_application_exec_domain mplayer_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain mplayer_exec_t process mplayer_t)
                (allow mplayer_t staff_application_exec_domain (fd (use)))
                (allow mplayer_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow mplayer_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain mencoder_t (process (sigchld sigkill sigstop signull signal ptrace getsched)))
                (allow staff_application_exec_domain mplayer_t (process (sigchld sigkill sigstop signull signal ptrace getsched)))
                (allow staff_application_exec_domain mencoder_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain mplayer_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain mencoder_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain mplayer_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain mencoder_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain mplayer_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain mencoder_t (process (getattr)))
                (allow staff_application_exec_domain mplayer_t (process (getattr)))
                (allow staff_t mplayer_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mplayer_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mplayer_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t mplayer_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mplayer_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t mplayer_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mplayer_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (typetransition staff_t user_home_dir_t dir ".mplayer" mplayer_home_t)
                (optional staff_optional_187
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t mencoder_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t mencoder_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t mencoder_t (lnk_file (read getattr)))
                    (allow staff_systemd_t mencoder_t (process (getattr)))
                    (allow staff_systemd_t mencoder_t (process (sigchld sigkill sigstop signull signal)))
                    (allow mencoder_t staff_systemd_t (fd (use)))
                    (allow mencoder_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow mencoder_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow mencoder_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow mencoder_t staff_systemd_t (lnk_file (read getattr)))
                    (allow mencoder_t staff_systemd_t (process (getattr)))
                    (allow mencoder_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t mplayer_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t mplayer_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t mplayer_t (lnk_file (read getattr)))
                    (allow staff_systemd_t mplayer_t (process (getattr)))
                    (allow staff_systemd_t mplayer_t (process (sigchld sigkill sigstop signull signal)))
                    (allow mplayer_t staff_systemd_t (fd (use)))
                    (allow mplayer_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow mplayer_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow mplayer_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow mplayer_t staff_systemd_t (lnk_file (read getattr)))
                    (allow mplayer_t staff_systemd_t (process (getattr)))
                    (allow mplayer_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_188
                (roleattributeset cil_gen_require user_mail_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require mta_user_agent)
                (typeattributeset cil_gen_require user_mail_t)
                (typeattributeset cil_gen_require sendmail_exec_t)
                (typeattributeset cil_gen_require mail_home_t)
                (typeattributeset cil_gen_require user_mail_tmp_t)
                (typeattributeset cil_gen_require mail_home_rw_t)
                (roleattributeset cil_gen_require user_mail_roles)
                (roleattributeset user_mail_roles (staff_r ))
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r mta_user_agent)
                (allow staff_application_exec_domain sendmail_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain user_mail_t (process (transition)))
                (dontaudit staff_application_exec_domain user_mail_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain sendmail_exec_t process user_mail_t)
                (allow user_mail_t staff_application_exec_domain (fd (use)))
                (allow user_mail_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow user_mail_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain sendmail_exec_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain mta_user_agent (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain user_mail_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain mta_user_agent (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain user_mail_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain mta_user_agent (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain user_mail_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain mta_user_agent (lnk_file (read getattr)))
                (allow staff_application_exec_domain user_mail_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain mta_user_agent (process (getattr)))
                (allow staff_application_exec_domain user_mail_t (process (getattr)))
                (allow staff_t mail_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t mail_home_rw_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mail_home_rw_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t mail_home_rw_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_mail_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t user_mail_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (typetransition staff_t user_home_dir_t dir ".maildir" mail_home_rw_t)
                (typetransition staff_t user_home_dir_t dir "Maildir" mail_home_rw_t)
                (typetransition staff_t user_home_dir_t file "dead.letter" mail_home_t)
                (typetransition staff_t user_home_dir_t file ".mailrc" mail_home_t)
                (typetransition staff_t user_home_dir_t file ".forward" mail_home_t)
                (typetransition staff_t user_home_dir_t file ".esmtp_queue" mail_home_t)
                (optional staff_optional_189
                    (roleattributeset cil_gen_require exim_roles)
                    (typeattributeset cil_gen_require bin_t)
                    (typeattributeset cil_gen_require usr_t)
                    (typeattributeset cil_gen_require exim_t)
                    (typeattributeset cil_gen_require exim_exec_t)
                    (roleattributeset cil_gen_require exim_roles)
                    (roleattributeset exim_roles (staff_r ))
                    (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                    (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                    (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                    (allow staff_application_exec_domain exim_exec_t (file (ioctl read getattr map execute open)))
                    (allow staff_application_exec_domain exim_t (process (transition)))
                    (dontaudit staff_application_exec_domain exim_t (process (noatsecure siginh rlimitinh)))
                    (typetransition staff_application_exec_domain exim_exec_t process exim_t)
                    (allow exim_t staff_application_exec_domain (fd (use)))
                    (allow exim_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                    (allow exim_t staff_application_exec_domain (process (sigchld)))
                )
                (optional staff_optional_190
                    (roleattributeset cil_gen_require mailman_roles)
                    (typeattributeset cil_gen_require lib_t)
                    (typeattributeset cil_gen_require mailman_mail_exec_t)
                    (typeattributeset cil_gen_require mailman_mail_t)
                    (roleattributeset cil_gen_require mailman_roles)
                    (roleattributeset mailman_roles (staff_r ))
                    (allow staff_application_exec_domain lib_t (dir (getattr open search)))
                    (allow staff_application_exec_domain mailman_mail_exec_t (file (ioctl read getattr map execute open)))
                    (allow staff_application_exec_domain mailman_mail_t (process (transition)))
                    (dontaudit staff_application_exec_domain mailman_mail_t (process (noatsecure siginh rlimitinh)))
                    (typetransition staff_application_exec_domain mailman_mail_exec_t process mailman_mail_t)
                    (allow mailman_mail_t staff_application_exec_domain (fd (use)))
                    (allow mailman_mail_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                    (allow mailman_mail_t staff_application_exec_domain (process (sigchld)))
                )
                (optional staff_optional_191
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t user_mail_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t user_mail_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t user_mail_t (lnk_file (read getattr)))
                    (allow staff_systemd_t user_mail_t (process (getattr)))
                    (allow staff_systemd_t user_mail_t (process (sigchld sigkill sigstop signull signal)))
                    (allow user_mail_t staff_systemd_t (fd (use)))
                    (allow user_mail_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow user_mail_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow user_mail_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow user_mail_t staff_systemd_t (lnk_file (read getattr)))
                    (allow user_mail_t staff_systemd_t (process (getattr)))
                    (allow user_mail_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_192
                (roleattributeset cil_gen_require ooffice_roles)
                (typeattributeset cil_gen_require ooffice_t)
                (typeattributeset cil_gen_require ooffice_exec_t)
                (roleattributeset cil_gen_require ooffice_roles)
                (roleattributeset ooffice_roles (staff_r ))
                (allow ooffice_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain ooffice_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain ooffice_t (process (transition)))
                (dontaudit staff_application_exec_domain ooffice_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain ooffice_exec_t process ooffice_t)
                (allow ooffice_t staff_application_exec_domain (fd (use)))
                (allow ooffice_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow ooffice_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain ooffice_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain ooffice_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain ooffice_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain ooffice_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain ooffice_t (process (getattr)))
                (optional staff_optional_193
                    (typeattributeset cil_gen_require ooffice_t)
                    (allow staff_application_exec_domain ooffice_t (dbus (send_msg)))
                    (allow ooffice_t staff_application_exec_domain (dbus (send_msg)))
                )
                (optional staff_optional_194
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t ooffice_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t ooffice_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t ooffice_t (lnk_file (read getattr)))
                    (allow staff_systemd_t ooffice_t (process (getattr)))
                    (allow staff_systemd_t ooffice_t (process (sigchld sigkill sigstop signull signal)))
                    (allow ooffice_t staff_systemd_t (fd (use)))
                    (allow ooffice_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow ooffice_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow ooffice_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow ooffice_t staff_systemd_t (lnk_file (read getattr)))
                    (allow ooffice_t staff_systemd_t (process (getattr)))
                    (allow ooffice_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_195
                (roleattributeset cil_gen_require pulseaudio_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require pulseaudio_tmpfsfile)
                (typeattributeset cil_gen_require pulseaudio_t)
                (typeattributeset cil_gen_require pulseaudio_home_t)
                (typeattributeset cil_gen_require pulseaudio_tmpfs_t)
                (typeattributeset cil_gen_require pulseaudio_tmp_t)
                (typeattributeset cil_gen_require pulseaudio_client)
                (typeattributeset cil_gen_require pulseaudio_exec_t)
                (roleattributeset cil_gen_require pulseaudio_roles)
                (roleattributeset pulseaudio_roles (staff_r ))
                (typeattributeset cil_gen_require pulseaudio_client)
                (typeattributeset pulseaudio_client (staff_t ))
                (allow staff_t bin_t (dir (getattr open search)))
                (allow staff_t bin_t (lnk_file (read getattr)))
                (allow staff_t usr_t (dir (getattr open search)))
                (allow staff_t pulseaudio_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t pulseaudio_t (process (transition)))
                (dontaudit staff_t pulseaudio_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t pulseaudio_exec_t process pulseaudio_t)
                (allow pulseaudio_t staff_t (fd (use)))
                (allow pulseaudio_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow pulseaudio_t staff_t (process (sigchld)))
                (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                (allow staff_application_exec_domain pulseaudio_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain pulseaudio_t (process (transition)))
                (dontaudit staff_application_exec_domain pulseaudio_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain pulseaudio_exec_t process pulseaudio_t)
                (allow pulseaudio_t staff_application_exec_domain (fd (use)))
                (allow pulseaudio_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow pulseaudio_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain pulseaudio_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain pulseaudio_t (fd (use)))
                (allow staff_application_exec_domain pulseaudio_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain pulseaudio_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain pulseaudio_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain pulseaudio_t (process (getattr)))
                (allow staff_t pulseaudio_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t pulseaudio_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t pulseaudio_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t pulseaudio_tmpfsfile (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t pulseaudio_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t pulseaudio_tmpfsfile (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename open)))
                (allow staff_t pulseaudio_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename open)))
                (allow staff_t pulseaudio_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t pulseaudio_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t pulseaudio_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow pulseaudio_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow pulseaudio_t staff_application_exec_domain (process (signull)))
                (optional staff_optional_196
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t pulseaudio_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t pulseaudio_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t pulseaudio_t (lnk_file (read getattr)))
                    (allow staff_systemd_t pulseaudio_t (process (getattr)))
                    (allow staff_systemd_t pulseaudio_t (process (sigchld sigkill sigstop signull signal)))
                    (allow pulseaudio_t staff_systemd_t (fd (use)))
                    (allow pulseaudio_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow pulseaudio_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow pulseaudio_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow pulseaudio_t staff_systemd_t (lnk_file (read getattr)))
                    (allow pulseaudio_t staff_systemd_t (process (getattr)))
                    (allow pulseaudio_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_197
                (roleattributeset cil_gen_require pyzor_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require pyzor_t)
                (typeattributeset cil_gen_require pyzor_exec_t)
                (typeattributeset cil_gen_require pyzor_home_t)
                (typeattributeset cil_gen_require pyzor_tmp_t)
                (roleattributeset cil_gen_require pyzor_roles)
                (roleattributeset pyzor_roles (staff_r ))
                (allow staff_application_exec_domain pyzor_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain pyzor_t (process (transition)))
                (dontaudit staff_application_exec_domain pyzor_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain pyzor_exec_t process pyzor_t)
                (allow pyzor_t staff_application_exec_domain (fd (use)))
                (allow pyzor_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow pyzor_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain pyzor_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain pyzor_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain pyzor_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain pyzor_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain pyzor_t (process (getattr)))
                (allow staff_t pyzor_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t pyzor_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t pyzor_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t pyzor_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t pyzor_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".pyzor" pyzor_home_t)
                (optional staff_optional_198
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t pyzor_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t pyzor_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t pyzor_t (lnk_file (read getattr)))
                    (allow staff_systemd_t pyzor_t (process (getattr)))
                    (allow staff_systemd_t pyzor_t (process (sigchld sigkill sigstop signull signal)))
                    (allow pyzor_t staff_systemd_t (fd (use)))
                    (allow pyzor_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow pyzor_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow pyzor_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow pyzor_t staff_systemd_t (lnk_file (read getattr)))
                    (allow pyzor_t staff_systemd_t (process (getattr)))
                    (allow pyzor_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_199
                (roleattributeset cil_gen_require razor_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require razor_t)
                (typeattributeset cil_gen_require razor_exec_t)
                (typeattributeset cil_gen_require razor_home_t)
                (typeattributeset cil_gen_require razor_tmp_t)
                (roleattributeset cil_gen_require razor_roles)
                (roleattributeset razor_roles (staff_r ))
                (allow staff_application_exec_domain razor_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain razor_t (process (transition)))
                (dontaudit staff_application_exec_domain razor_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain razor_exec_t process razor_t)
                (allow razor_t staff_application_exec_domain (fd (use)))
                (allow razor_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow razor_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain razor_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain razor_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain razor_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain razor_t (process (getattr)))
                (allow staff_application_exec_domain razor_t (process (signal)))
                (allow staff_t razor_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t razor_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t razor_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t razor_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t razor_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".razor" razor_home_t)
                (optional staff_optional_200
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t razor_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t razor_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t razor_t (lnk_file (read getattr)))
                    (allow staff_systemd_t razor_t (process (getattr)))
                    (allow staff_systemd_t razor_t (process (sigchld sigkill sigstop signull signal)))
                    (allow razor_t staff_systemd_t (fd (use)))
                    (allow razor_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow razor_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow razor_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow razor_t staff_systemd_t (lnk_file (read getattr)))
                    (allow razor_t staff_systemd_t (process (getattr)))
                    (allow razor_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_201
                (roleattributeset cil_gen_require rssh_roles)
                (typeattributeset cil_gen_require rssh_t)
                (typeattributeset cil_gen_require rssh_exec_t)
                (typeattributeset cil_gen_require rssh_ro_t)
                (typeattributeset cil_gen_require rssh_rw_t)
                (roleattributeset cil_gen_require rssh_roles)
                (roleattributeset rssh_roles (staff_r ))
                (allow staff_t rssh_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t rssh_t (process (transition)))
                (dontaudit staff_t rssh_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t rssh_exec_t process rssh_t)
                (allow rssh_t staff_t (fd (use)))
                (allow rssh_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow rssh_t staff_t (process (sigchld)))
                (allow staff_t rssh_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t rssh_t (dir (ioctl read getattr lock open search)))
                (allow staff_t rssh_t (file (ioctl read getattr lock open)))
                (allow staff_t rssh_t (lnk_file (read getattr)))
                (allow staff_t rssh_t (process (getattr)))
                (allow staff_t rssh_ro_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t rssh_rw_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t rssh_ro_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t rssh_rw_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
            )
            (optional staff_optional_202
                (type staff_screen_t)
                (roletype object_r staff_screen_t)
                (roleattributeset cil_gen_require screen_roles)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_t ))
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require user_home_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require nfs_t)
                (typeattributeset cil_gen_require cifs_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_t ))
                (typeattributeset cil_gen_require var_log_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (typeattributeset cil_gen_require auth_cache_t)
                (typeattributeset cil_gen_require faillog_t)
                (typeattributeset cil_gen_require screen_domain)
                (typeattributeset cil_gen_require screen_exec_t)
                (typeattributeset cil_gen_require screen_tmp_t)
                (typeattributeset cil_gen_require screen_home_t)
                (typeattributeset cil_gen_require screen_runtime_t)
                (roleattributeset cil_gen_require screen_roles)
                (roleattributeset screen_roles (staff_r ))
                (roletype screen_roles staff_screen_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (screen_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (screen_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_screen_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (staff_screen_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_screen_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (screen_exec_t ))
                (typeattributeset cil_gen_require screen_domain)
                (typeattributeset screen_domain (staff_screen_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_screen_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (screen_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_screen_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (screen_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (screen_exec_t ))
                (allow staff_screen_t screen_exec_t (file (entrypoint)))
                (allow staff_screen_t screen_exec_t (file (ioctl read getattr lock map execute open)))
                (dontaudit staff_screen_t self (capability (sys_tty_config)))
                (dontaudit staff_screen_t self (cap_userns (sys_ptrace)))
                (allow staff_application_exec_domain screen_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain staff_screen_t (process (transition)))
                (dontaudit staff_application_exec_domain staff_screen_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain screen_exec_t process staff_screen_t)
                (allow staff_screen_t staff_application_exec_domain (fd (use)))
                (allow staff_screen_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow staff_screen_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain staff_screen_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain staff_screen_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain staff_screen_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain staff_screen_t (process (getattr)))
                (allow staff_application_exec_domain staff_screen_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (dontaudit staff_application_exec_domain staff_screen_t (unix_stream_socket (read write)))
                (allow staff_screen_t staff_application_exec_domain (process (signal)))
                (allow staff_t screen_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t screen_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t screen_tmp_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t screen_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t screen_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t screen_home_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t screen_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t screen_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t screen_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t screen_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t screen_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t screen_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t screen_runtime_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t screen_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t screen_runtime_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_screen_t bin_t (dir (getattr open search)))
                (allow staff_screen_t bin_t (lnk_file (read getattr)))
                (allow staff_screen_t usr_t (dir (getattr open search)))
                (allow staff_screen_t bin_t (file (ioctl read getattr map execute open)))
                (allow staff_screen_t staff_t (process (transition)))
                (dontaudit staff_screen_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_screen_t bin_t process staff_t)
                (allow staff_screen_t bin_t (dir (getattr open search)))
                (allow staff_screen_t bin_t (lnk_file (read getattr)))
                (allow staff_screen_t usr_t (dir (getattr open search)))
                (allow staff_screen_t bin_t (dir (getattr open search)))
                (allow staff_screen_t bin_t (dir (ioctl read getattr lock open search)))
                (allow staff_screen_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_screen_t staff_t (process (transition)))
                (dontaudit staff_screen_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_screen_t shell_exec_t process staff_t)
                (allow staff_screen_t auth_cache_t (dir (getattr open search)))
                (allow staff_screen_t bin_t (dir (getattr open search)))
                (allow staff_screen_t bin_t (lnk_file (read getattr)))
                (allow staff_screen_t usr_t (dir (getattr open search)))
                (allow staff_screen_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_screen_t chkpwd_t (process (transition)))
                (dontaudit staff_screen_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_screen_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t staff_screen_t (fd (use)))
                (allow chkpwd_t staff_screen_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t staff_screen_t (process (sigchld)))
                (dontaudit staff_screen_t shadow_t (file (ioctl read getattr lock open)))
                (allow staff_screen_t device_t (dir (getattr open search)))
                (allow staff_screen_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_screen_t device_t (dir (getattr open search)))
                (allow staff_screen_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_screen_t var_t (dir (getattr open search)))
                (allow staff_screen_t var_log_t (dir (getattr open search)))
                (allow staff_screen_t var_log_t (lnk_file (read getattr)))
                (allow staff_screen_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow staff_screen_t self (capability (audit_write)))
                (allow staff_screen_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow staff_screen_t cert_t (dir (ioctl read getattr lock open search)))
                (allow staff_screen_t cert_t (dir (getattr open search)))
                (allow staff_screen_t cert_t (file (ioctl read getattr lock open)))
                (allow staff_screen_t cert_t (dir (getattr open search)))
                (allow staff_screen_t cert_t (lnk_file (read getattr)))
                (allow staff_screen_t user_home_t (file (ioctl read getattr map execute open)))
                (allow staff_screen_t staff_t (process (transition)))
                (dontaudit staff_screen_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_screen_t user_home_t process staff_t)
                (allow staff_screen_t user_home_dir_t (dir (getattr open search)))
                (allow staff_screen_t home_root_t (dir (getattr open search)))
                (allow staff_screen_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t file ".tmux.conf" screen_home_t)
                (typetransition staff_t user_home_dir_t file ".screenrc" screen_home_t)
                (typetransition staff_t user_home_dir_t dir ".screen" screen_home_t)
                (booleanif (use_nfs_home_dirs)
                    (true
                        (typetransition staff_screen_t nfs_t process staff_t)
                        (dontaudit staff_screen_t staff_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_screen_t staff_t (process (transition)))
                        (allow staff_screen_t nfs_t (file (ioctl read getattr map execute open)))
                        (allow staff_screen_t nfs_t (dir (getattr open search)))
                    )
                )
                (booleanif (use_samba_home_dirs)
                    (true
                        (typetransition staff_screen_t cifs_t process staff_t)
                        (dontaudit staff_screen_t staff_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_screen_t staff_t (process (transition)))
                        (allow staff_screen_t cifs_t (file (ioctl read getattr map execute open)))
                        (allow staff_screen_t cifs_t (dir (getattr open search)))
                    )
                )
                (optional staff_optional_203
                    (typeattributeset cil_gen_require init_t)
                    (allow staff_screen_t init_t (process (sigchld)))
                    (allow staff_screen_t init_t (process (signull)))
                    (optional staff_optional_204
                        (typeattributeset cil_gen_require rpm_t)
                        (allow staff_screen_t rpm_t (fd (use)))
                        (allow staff_screen_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional staff_optional_205
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit staff_screen_t security_t (filesystem (getattr)))
                        (dontaudit staff_screen_t sysfs_t (filesystem (getattr)))
                        (dontaudit staff_screen_t sysfs_t (dir (getattr open search)))
                        (dontaudit staff_screen_t security_t (dir (getattr open search)))
                        (dontaudit staff_screen_t security_t (file (ioctl read getattr lock open)))
                        (optional staff_optional_206
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit staff_screen_t selinux_config_t (dir (getattr open search)))
                            (dontaudit staff_screen_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional staff_optional_207
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require krb5_keytab_t)
                                (allow staff_screen_t etc_t (dir (getattr open search)))
                                (allow staff_screen_t krb5_keytab_t (file (ioctl read getattr lock open)))
                            )
                            (optional staff_optional_208
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require pcscd_t)
                                (typeattributeset cil_gen_require pcscd_runtime_t)
                                (allow staff_screen_t var_run_t (lnk_file (read getattr)))
                                (allow staff_screen_t var_t (dir (getattr open search)))
                                (allow staff_screen_t var_run_t (dir (getattr open search)))
                                (allow staff_screen_t pcscd_runtime_t (dir (getattr open search)))
                                (allow staff_screen_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                (allow staff_screen_t var_run_t (lnk_file (read getattr)))
                                (allow staff_screen_t var_t (dir (getattr open search)))
                                (allow staff_screen_t var_run_t (dir (getattr open search)))
                                (allow staff_screen_t pcscd_runtime_t (dir (getattr open search)))
                                (allow staff_screen_t pcscd_runtime_t (sock_file (write getattr append open)))
                                (allow staff_screen_t pcscd_t (unix_stream_socket (connectto)))
                                (allow pcscd_t staff_screen_t (dir (ioctl read getattr lock open search)))
                                (allow pcscd_t staff_screen_t (file (ioctl read getattr lock open)))
                            )
                            (optional staff_optional_209
                                (typeattributeset cil_gen_require staff_systemd_t)
                                (allow staff_systemd_t staff_screen_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t staff_screen_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t staff_screen_t (lnk_file (read getattr)))
                                (allow staff_systemd_t staff_screen_t (process (getattr)))
                                (allow staff_systemd_t staff_screen_t (process (sigchld sigkill sigstop signull signal)))
                                (allow staff_screen_t staff_systemd_t (fd (use)))
                                (allow staff_screen_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow staff_screen_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow staff_screen_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow staff_screen_t staff_systemd_t (lnk_file (read getattr)))
                                (allow staff_screen_t staff_systemd_t (process (getattr)))
                                (allow staff_screen_t staff_systemd_t (process (sigchld)))
                            )
                        )
                    )
                )
            )
            (optional staff_optional_210
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require spamc_t)
                (typeattributeset cil_gen_require spamc_exec_t)
                (typeattributeset cil_gen_require spamc_tmp_t)
                (typeattributeset cil_gen_require spamassassin_t)
                (typeattributeset cil_gen_require spamassassin_exec_t)
                (typeattributeset cil_gen_require spamd_home_t)
                (typeattributeset cil_gen_require spamd_update_t)
                (typeattributeset cil_gen_require spamd_update_exec_t)
                (typeattributeset cil_gen_require spamassassin_home_t)
                (typeattributeset cil_gen_require spamassassin_tmp_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r spamc_t)
                (roletype staff_r spamassassin_t)
                (roletype staff_r spamd_update_t)
                (allow staff_application_exec_domain spamassassin_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain spamassassin_t (process (transition)))
                (dontaudit staff_application_exec_domain spamassassin_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain spamassassin_exec_t process spamassassin_t)
                (allow spamassassin_t staff_application_exec_domain (fd (use)))
                (allow spamassassin_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow spamassassin_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain spamc_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain spamc_t (process (transition)))
                (dontaudit staff_application_exec_domain spamc_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain spamc_exec_t process spamc_t)
                (allow spamc_t staff_application_exec_domain (fd (use)))
                (allow spamc_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow spamc_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain spamd_update_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain spamd_update_t (process (transition)))
                (dontaudit staff_application_exec_domain spamd_update_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain spamd_update_exec_t process spamd_update_t)
                (allow spamd_update_t staff_application_exec_domain (fd (use)))
                (allow spamd_update_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow spamd_update_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain spamc_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain spamassassin_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain spamd_update_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain spamc_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain spamassassin_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain spamd_update_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain spamc_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain spamassassin_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain spamd_update_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain spamc_t (process (getattr)))
                (allow staff_application_exec_domain spamassassin_t (process (getattr)))
                (allow staff_application_exec_domain spamd_update_t (process (getattr)))
                (allow staff_application_exec_domain spamc_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain spamassassin_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain spamd_update_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t spamc_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t spamd_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t spamassassin_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t spamassassin_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t spamc_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t spamd_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t spamassassin_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t spamassassin_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t spamc_tmp_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t spamd_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t spamassassin_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t spamassassin_tmp_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".spamd" spamd_home_t)
                (typetransition staff_t user_home_dir_t dir ".spamassassin" spamassassin_home_t)
                (optional staff_optional_211
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t spamassassin_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t spamassassin_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t spamassassin_t (lnk_file (read getattr)))
                    (allow staff_systemd_t spamassassin_t (process (getattr)))
                    (allow staff_systemd_t spamassassin_t (process (sigchld sigkill sigstop signull signal)))
                    (allow spamassassin_t staff_systemd_t (fd (use)))
                    (allow spamassassin_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow spamassassin_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow spamassassin_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow spamassassin_t staff_systemd_t (lnk_file (read getattr)))
                    (allow spamassassin_t staff_systemd_t (process (getattr)))
                    (allow spamassassin_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t spamc_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t spamc_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t spamc_t (lnk_file (read getattr)))
                    (allow staff_systemd_t spamc_t (process (getattr)))
                    (allow staff_systemd_t spamc_t (process (sigchld sigkill sigstop signull signal)))
                    (allow spamc_t staff_systemd_t (fd (use)))
                    (allow spamc_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow spamc_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow spamc_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow spamc_t staff_systemd_t (lnk_file (read getattr)))
                    (allow spamc_t staff_systemd_t (process (getattr)))
                    (allow spamc_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_212
                (type staff_su_t)
                (roletype object_r staff_su_t)
                (typeattributeset cil_gen_require user_devpts_t)
                (typeattributeset cil_gen_require user_tty_device_t)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_t ))
                (typeattributeset cil_gen_require init_t)
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require sysfs_t)
                (typeattributeset cil_gen_require selinux_config_t)
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_t ))
                (typeattributeset cil_gen_require devpts_t)
                (typeattributeset cil_gen_require console_device_t)
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require proc_t)
                (typeattributeset cil_gen_require sysctl_t)
                (typeattributeset cil_gen_require sysctl_kernel_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require etc_runtime_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require locale_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require syslogd_t)
                (typeattributeset cil_gen_require syslogd_runtime_t)
                (typeattributeset cil_gen_require devlog_t)
                (typeattributeset cil_gen_require init_runtime_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require nfs_t)
                (typeattributeset cil_gen_require cifs_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_t ))
                (typeattributeset cil_gen_require autofs_t)
                (typeattributeset cil_gen_require wtmp_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require initrc_runtime_t)
                (typeattributeset cil_gen_require kernel_t)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_t ))
                (typeattributeset cil_gen_require var_log_t)
                (typeattributeset cil_gen_require fs_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (typeattributeset cil_gen_require auth_cache_t)
                (typeattributeset cil_gen_require faillog_t)
                (typeattributeset cil_gen_require sudomain)
                (typeattributeset cil_gen_require su_exec_t)
                (typeattributeset cil_gen_require lastlog_t)
                (typeattributeset cil_gen_require mlsfilewrite)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r staff_su_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (su_exec_t ))
                (typeattributeset cil_gen_require sudomain)
                (typeattributeset sudomain (staff_su_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (su_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_su_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (staff_su_t ))
                (typeattributeset cil_gen_require mlsfilewrite)
                (typeattributeset mlsfilewrite (staff_su_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_su_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (su_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_su_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (su_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_su_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (su_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (su_exec_t ))
                (allow staff_su_t su_exec_t (file (entrypoint)))
                (allow staff_su_t su_exec_t (file (ioctl read getattr lock map execute open)))
                (allow staff_su_t staff_t (process (sigkill signal)))
                (allow staff_su_t self (capability (chown dac_override fowner setgid setuid net_bind_service sys_nice sys_resource audit_write audit_control)))
                (dontaudit staff_su_t self (capability (net_admin sys_tty_config)))
                (allow staff_su_t self (process (signal setsched setexec setrlimit)))
                (allow staff_su_t self (fifo_file (ioctl read write getattr lock append open)))
                (allow staff_su_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write nlmsg_relay)))
                (allow staff_su_t self (key (write search)))
                (allow staff_su_t bin_t (dir (getattr open search)))
                (allow staff_su_t bin_t (lnk_file (read getattr)))
                (allow staff_su_t usr_t (dir (getattr open search)))
                (allow staff_su_t bin_t (dir (getattr open search)))
                (allow staff_su_t bin_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_su_t staff_t (process (transition)))
                (dontaudit staff_su_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_su_t shell_exec_t process staff_t)
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t proc_t (file (ioctl read getattr lock open)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t proc_t (lnk_file (read getattr)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t proc_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t sysctl_t (dir (getattr open search)))
                (allow staff_su_t sysctl_kernel_t (dir (getattr open search)))
                (allow staff_su_t sysctl_kernel_t (file (ioctl read getattr lock open)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t sysctl_t (dir (getattr open search)))
                (allow staff_su_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t kernel_t (key (search)))
                (allow staff_su_t kernel_t (key (link)))
                (dontaudit staff_su_t proc_t (filesystem (getattr)))
                (allow staff_su_t device_t (dir (getattr open search)))
                (allow staff_su_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_su_t autofs_t (dir (getattr open search)))
                (allow staff_su_t sysfs_t (dir (getattr open search)))
                (allow staff_su_t sysfs_t (dir (getattr open search)))
                (allow staff_su_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_su_t security_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t security_t (file (ioctl read write getattr map open)))
                (allow staff_su_t security_t (security (compute_av)))
                (allow staff_su_t sysfs_t (dir (getattr open search)))
                (allow staff_su_t sysfs_t (dir (getattr open search)))
                (allow staff_su_t security_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t security_t (file (ioctl read getattr map open)))
                (allow staff_su_t auth_cache_t (dir (getattr open search)))
                (allow staff_su_t bin_t (dir (getattr open search)))
                (allow staff_su_t bin_t (lnk_file (read getattr)))
                (allow staff_su_t usr_t (dir (getattr open search)))
                (allow staff_su_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_su_t chkpwd_t (process (transition)))
                (dontaudit staff_su_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_su_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t staff_su_t (fd (use)))
                (allow chkpwd_t staff_su_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t staff_su_t (process (sigchld)))
                (dontaudit staff_su_t shadow_t (file (ioctl read getattr lock open)))
                (allow staff_su_t device_t (dir (getattr open search)))
                (allow staff_su_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_su_t device_t (dir (getattr open search)))
                (allow staff_su_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_su_t var_t (dir (getattr open search)))
                (allow staff_su_t var_log_t (dir (getattr open search)))
                (allow staff_su_t var_log_t (lnk_file (read getattr)))
                (allow staff_su_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow staff_su_t self (capability (audit_write)))
                (allow staff_su_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow staff_su_t cert_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t cert_t (dir (getattr open search)))
                (allow staff_su_t cert_t (file (ioctl read getattr lock open)))
                (allow staff_su_t cert_t (dir (getattr open search)))
                (allow staff_su_t cert_t (lnk_file (read getattr)))
                (dontaudit staff_su_t shadow_t (file (ioctl read getattr lock open)))
                (allow staff_su_t faillog_t (dir (ioctl write getattr lock open add_name search)))
                (allow staff_su_t faillog_t (file (create getattr open)))
                (allow staff_su_t var_t (dir (getattr open search)))
                (allow staff_su_t var_log_t (dir (getattr open search)))
                (allow staff_su_t var_log_t (lnk_file (read getattr)))
                (allow staff_su_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow staff_su_t faillog_t (dir (getattr open search)))
                (allow staff_su_t faillog_t (file (setattr)))
                (allow staff_su_t var_t (dir (getattr open search)))
                (allow staff_su_t var_log_t (dir (getattr open search)))
                (allow staff_su_t var_log_t (lnk_file (read getattr)))
                (allow staff_su_t lastlog_t (file (ioctl read write getattr setattr lock append open)))
                (allow staff_su_t wtmp_t (file (ioctl write getattr lock append open)))
                (allow staff_su_t bin_t (dir (getattr open search)))
                (allow staff_su_t bin_t (lnk_file (read getattr)))
                (allow staff_su_t usr_t (dir (getattr open search)))
                (allow staff_su_t privfd (fd (use)))
                (allow staff_su_t etc_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t etc_t (dir (getattr open search)))
                (allow staff_su_t etc_t (file (ioctl read getattr lock open)))
                (allow staff_su_t etc_t (dir (getattr open search)))
                (allow staff_su_t etc_t (lnk_file (read getattr)))
                (allow staff_su_t etc_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t etc_t (dir (getattr open search)))
                (allow staff_su_t etc_runtime_t (file (ioctl read getattr lock open)))
                (allow staff_su_t etc_t (dir (getattr open search)))
                (allow staff_su_t etc_runtime_t (lnk_file (read getattr)))
                (allow staff_su_t var_t (dir (getattr open search)))
                (allow staff_su_t var_lib_t (dir (getattr open search)))
                (dontaudit staff_su_t tmp_t (dir (getattr)))
                (dontaudit staff_su_t init_t (fd (use)))
                (dontaudit staff_su_t init_t (dir (getattr open search)))
                (dontaudit staff_su_t init_t (file (ioctl read getattr lock open)))
                (dontaudit staff_su_t init_t (lnk_file (read getattr)))
                (allow staff_su_t var_run_t (lnk_file (read getattr)))
                (allow staff_su_t var_t (dir (getattr open search)))
                (allow staff_su_t var_run_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
                (allow staff_su_t devlog_t (sock_file (write getattr append open)))
                (allow staff_su_t var_run_t (lnk_file (read getattr)))
                (allow staff_su_t var_t (dir (getattr open search)))
                (allow staff_su_t var_run_t (dir (getattr open search)))
                (allow staff_su_t init_runtime_t (dir (getattr open search)))
                (allow staff_su_t syslogd_runtime_t (dir (getattr open search)))
                (allow staff_su_t syslogd_t (unix_dgram_socket (sendto)))
                (allow staff_su_t syslogd_t (unix_stream_socket (connectto)))
                (allow staff_su_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_su_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow staff_su_t device_t (dir (getattr open search)))
                (allow staff_su_t device_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t device_t (dir (getattr open search)))
                (allow staff_su_t device_t (lnk_file (read getattr)))
                (allow staff_su_t console_device_t (chr_file (ioctl write getattr lock append open)))
                (dontaudit staff_su_t console_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_su_t etc_t (dir (getattr open search)))
                (allow staff_su_t etc_t (lnk_file (read getattr)))
                (allow staff_su_t usr_t (dir (getattr open search)))
                (allow staff_su_t locale_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t locale_t (dir (getattr open search)))
                (allow staff_su_t locale_t (file (ioctl read getattr lock open)))
                (allow staff_su_t locale_t (dir (getattr open search)))
                (allow staff_su_t locale_t (lnk_file (read getattr)))
                (allow staff_su_t locale_t (file (map)))
                (allow staff_su_t security_t (filesystem (getattr)))
                (allow staff_su_t sysfs_t (filesystem (getattr)))
                (allow staff_su_t sysfs_t (dir (getattr open search)))
                (allow staff_su_t sysfs_t (dir (getattr open search)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t proc_t (file (ioctl read getattr lock open)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t proc_t (lnk_file (read getattr)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t proc_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t etc_t (dir (getattr open search)))
                (allow staff_su_t selinux_config_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t selinux_config_t (dir (getattr open search)))
                (allow staff_su_t selinux_config_t (file (ioctl read getattr lock open)))
                (allow staff_su_t selinux_config_t (dir (getattr open search)))
                (allow staff_su_t selinux_config_t (lnk_file (read getattr)))
                (allow staff_su_t device_t (dir (getattr open search)))
                (allow staff_su_t device_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t device_t (dir (getattr open search)))
                (allow staff_su_t device_t (lnk_file (read getattr)))
                (allow staff_su_t devpts_t (dir (ioctl read getattr lock open search)))
                (allow staff_su_t user_devpts_t (chr_file (ioctl read write getattr append open)))
                (allow staff_su_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
                (allow staff_su_t user_home_dir_t (dir (getattr open search)))
                (allow staff_su_t home_root_t (dir (getattr open search)))
                (allow staff_su_t home_root_t (lnk_file (read getattr)))
                (allow staff_su_t security_t (filesystem (getattr)))
                (allow staff_su_t sysfs_t (filesystem (getattr)))
                (allow staff_su_t sysfs_t (dir (getattr open search)))
                (allow staff_su_t sysfs_t (dir (getattr open search)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t proc_t (file (ioctl read getattr lock open)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t proc_t (lnk_file (read getattr)))
                (allow staff_su_t proc_t (dir (getattr open search)))
                (allow staff_su_t proc_t (dir (ioctl read getattr lock open search)))
                (booleanif (use_samba_home_dirs)
                    (true
                        (allow staff_su_t cifs_t (dir (getattr open search)))
                    )
                )
                (booleanif (use_nfs_home_dirs)
                    (true
                        (allow staff_su_t nfs_t (dir (getattr open search)))
                    )
                )
                (booleanif (allow_polyinstantiation)
                    (true
                        (allow staff_su_t fs_t (filesystem (unmount)))
                        (allow staff_su_t fs_t (filesystem (mount)))
                    )
                )
                (booleanif (su_allow_user_exec_domains)
                    (true
                        (allow staff_application_exec_domain staff_su_t (process (sigchld)))
                        (allow staff_application_exec_domain staff_su_t (fifo_file (ioctl read write getattr lock append)))
                        (allow staff_application_exec_domain staff_su_t (fd (use)))
                        (allow staff_application_exec_domain staff_su_t (process (getattr)))
                        (allow staff_application_exec_domain staff_su_t (lnk_file (read getattr)))
                        (allow staff_application_exec_domain staff_su_t (file (ioctl read getattr lock open)))
                        (allow staff_application_exec_domain staff_su_t (dir (ioctl read getattr lock open search)))
                        (allow staff_su_t staff_application_exec_domain (process (sigchld)))
                        (allow staff_su_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                        (allow staff_su_t staff_application_exec_domain (fd (use)))
                        (typetransition staff_application_exec_domain su_exec_t process staff_su_t)
                        (dontaudit staff_application_exec_domain staff_su_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_application_exec_domain staff_su_t (process (transition)))
                        (allow staff_application_exec_domain su_exec_t (file (ioctl read getattr map execute open)))
                        (allow staff_su_t staff_application_exec_domain (key (search)))
                        (allow staff_application_exec_domain staff_su_t (process (signal)))
                    )
                    (false
                        (allow staff_t staff_su_t (process (sigchld)))
                        (allow staff_t staff_su_t (fifo_file (ioctl read write getattr lock append)))
                        (allow staff_t staff_su_t (fd (use)))
                        (allow staff_t staff_su_t (process (getattr)))
                        (allow staff_t staff_su_t (lnk_file (read getattr)))
                        (allow staff_t staff_su_t (file (ioctl read getattr lock open)))
                        (allow staff_t staff_su_t (dir (ioctl read getattr lock open search)))
                        (allow staff_su_t staff_t (process (sigchld)))
                        (allow staff_su_t staff_t (fifo_file (ioctl read write getattr lock append)))
                        (allow staff_su_t staff_t (fd (use)))
                        (typetransition staff_t su_exec_t process staff_su_t)
                        (dontaudit staff_t staff_su_t (process (noatsecure siginh rlimitinh)))
                        (allow staff_t staff_su_t (process (transition)))
                        (allow staff_t su_exec_t (file (ioctl read getattr map execute open)))
                        (allow staff_su_t staff_t (key (search)))
                        (allow staff_t staff_su_t (process (signal)))
                    )
                )
                (optional staff_optional_213
                    (typeattributeset cil_gen_require init_t)
                    (allow staff_su_t init_t (process (sigchld)))
                    (allow staff_su_t init_t (process (signull)))
                    (optional staff_optional_214
                        (typeattributeset cil_gen_require rpm_t)
                        (allow staff_su_t rpm_t (fd (use)))
                        (allow staff_su_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional staff_optional_215
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit staff_su_t security_t (filesystem (getattr)))
                        (dontaudit staff_su_t sysfs_t (filesystem (getattr)))
                        (dontaudit staff_su_t sysfs_t (dir (getattr open search)))
                        (dontaudit staff_su_t security_t (dir (getattr open search)))
                        (dontaudit staff_su_t security_t (file (ioctl read getattr lock open)))
                        (optional staff_optional_216
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit staff_su_t selinux_config_t (dir (getattr open search)))
                            (dontaudit staff_su_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional staff_optional_217
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require krb5_keytab_t)
                                (allow staff_su_t etc_t (dir (getattr open search)))
                                (allow staff_su_t krb5_keytab_t (file (ioctl read getattr lock open)))
                            )
                            (optional staff_optional_218
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require pcscd_t)
                                (typeattributeset cil_gen_require pcscd_runtime_t)
                                (allow staff_su_t var_run_t (lnk_file (read getattr)))
                                (allow staff_su_t var_t (dir (getattr open search)))
                                (allow staff_su_t var_run_t (dir (getattr open search)))
                                (allow staff_su_t pcscd_runtime_t (dir (getattr open search)))
                                (allow staff_su_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                (allow staff_su_t var_run_t (lnk_file (read getattr)))
                                (allow staff_su_t var_t (dir (getattr open search)))
                                (allow staff_su_t var_run_t (dir (getattr open search)))
                                (allow staff_su_t pcscd_runtime_t (dir (getattr open search)))
                                (allow staff_su_t pcscd_runtime_t (sock_file (write getattr append open)))
                                (allow staff_su_t pcscd_t (unix_stream_socket (connectto)))
                                (allow pcscd_t staff_su_t (dir (ioctl read getattr lock open search)))
                                (allow pcscd_t staff_su_t (file (ioctl read getattr lock open)))
                            )
                            (optional staff_optional_219
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require etc_runtime_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require systemd_machined_t)
                                (typeattributeset cil_gen_require systemd_logind_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (staff_su_t ))
                                (allow staff_su_t system_dbusd_t (dbus (send_msg)))
                                (allow staff_su_t self (dbus (send_msg)))
                                (allow system_dbusd_t staff_su_t (dbus (send_msg)))
                                (allow staff_su_t var_t (dir (getattr open search)))
                                (allow staff_su_t var_lib_t (dir (getattr open search)))
                                (allow staff_su_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_su_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow staff_su_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_su_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow staff_su_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow staff_su_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow staff_su_t var_run_t (lnk_file (read getattr)))
                                (allow staff_su_t var_t (dir (getattr open search)))
                                (allow staff_su_t var_run_t (dir (getattr open search)))
                                (allow staff_su_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow staff_su_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow staff_su_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow staff_su_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow staff_su_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow staff_su_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow staff_su_t system_dbusd_runtime_t (sock_file (read)))
                                (allow staff_su_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow staff_su_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow staff_su_t systemd_machined_t (unix_stream_socket (connectto)))
                                (allow staff_su_t systemd_logind_t (dbus (send_msg)))
                                (allow systemd_logind_t staff_su_t (dbus (send_msg)))
                                (allow systemd_logind_t staff_su_t (dir (ioctl read getattr lock open search)))
                                (allow systemd_logind_t staff_su_t (file (ioctl read getattr lock open)))
                                (allow staff_su_t etc_t (dir (ioctl read getattr lock open search)))
                                (allow staff_su_t etc_t (dir (getattr open search)))
                                (allow staff_su_t etc_runtime_t (file (ioctl read getattr lock open)))
                                (allow staff_su_t etc_t (dir (getattr open search)))
                                (allow staff_su_t etc_runtime_t (lnk_file (read getattr)))
                            )
                            (optional staff_optional_220
                                (typeattributeset cil_gen_require crond_t)
                                (allow staff_su_t crond_t (fifo_file (ioctl read getattr lock open)))
                            )
                            (optional staff_optional_221
                                (typeattributeset cil_gen_require security_t)
                                (typeattributeset cil_gen_require selinux_config_t)
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require krb5kdc_conf_t)
                                (typeattributeset cil_gen_require krb5_host_rcache_t)
                                (typeattributeset cil_gen_require krb5_conf_t)
                                (typeattributeset cil_gen_require krb5_home_t)
                                (typeattributeset cil_gen_require default_context_t)
                                (typeattributeset cil_gen_require file_context_t)
                                (typeattributeset cil_gen_require netlabel_peer_t)
                                (typeattributeset cil_gen_require netif_t)
                                (typeattributeset cil_gen_require node_t)
                                (typeattributeset cil_gen_require kerberos_client_packet_t)
                                (typeattributeset cil_gen_require kerberos_port_t)
                                (typeattributeset cil_gen_require ocsp_client_packet_t)
                                (typeattributeset cil_gen_require ocsp_port_t)
                                (allow staff_su_t etc_t (dir (getattr open search)))
                                (allow staff_su_t krb5_conf_t (file (ioctl read getattr lock open)))
                                (allow staff_su_t user_home_dir_t (dir (getattr open search)))
                                (allow staff_su_t home_root_t (dir (getattr open search)))
                                (allow staff_su_t home_root_t (lnk_file (read getattr)))
                                (allow staff_su_t krb5_home_t (file (ioctl read getattr lock open)))
                                (dontaudit staff_su_t krb5_conf_t (file (ioctl write getattr lock append open)))
                                (dontaudit staff_su_t krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                                (dontaudit staff_su_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                                (dontaudit staff_su_t self (process (setfscreate)))
                                (dontaudit staff_su_t security_t (dir (ioctl read getattr lock open search)))
                                (dontaudit staff_su_t security_t (file (ioctl read write getattr map open)))
                                (dontaudit staff_su_t security_t (security (check_context)))
                                (dontaudit staff_su_t selinux_config_t (dir (getattr open search)))
                                (dontaudit staff_su_t default_context_t (dir (getattr open search)))
                                (dontaudit staff_su_t file_context_t (dir (getattr open search)))
                                (dontaudit staff_su_t file_context_t (file (ioctl read getattr lock open)))
                                (dontaudit staff_su_t file_context_t (file (map)))
                                (booleanif (allow_kerberos)
                                    (true
                                        (allow staff_su_t krb5_host_rcache_t (file (getattr)))
                                        (allow staff_su_t ocsp_port_t (tcp_socket (name_connect)))
                                        (allow staff_su_t ocsp_client_packet_t (packet (recv)))
                                        (allow staff_su_t ocsp_client_packet_t (packet (send)))
                                        (allow staff_su_t kerberos_port_t (tcp_socket (name_connect)))
                                        (allow staff_su_t kerberos_client_packet_t (packet (recv)))
                                        (allow staff_su_t kerberos_client_packet_t (packet (send)))
                                        (allow staff_su_t node_t (node (recvfrom)))
                                        (allow staff_su_t node_t (node (sendto)))
                                        (allow staff_su_t node_t (node (recvfrom sendto)))
                                        (allow staff_su_t netif_t (netif (ingress)))
                                        (allow staff_su_t netif_t (netif (egress)))
                                        (allow staff_su_t netif_t (netif (ingress egress)))
                                        (allow staff_su_t netlabel_peer_t (tcp_socket (recvfrom)))
                                        (allow staff_su_t netlabel_peer_t (udp_socket (recvfrom)))
                                        (allow staff_su_t netlabel_peer_t (rawip_socket (recvfrom)))
                                        (allow staff_su_t netlabel_peer_t (peer (recv)))
                                        (allow staff_su_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                        (allow staff_su_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                    )
                                )
                                (optional staff_optional_222
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require pcscd_t)
                                    (typeattributeset cil_gen_require pcscd_runtime_t)
                                    (booleanif (allow_kerberos)
                                        (true
                                            (allow pcscd_t staff_su_t (file (ioctl read getattr lock open)))
                                            (allow pcscd_t staff_su_t (dir (ioctl read getattr lock open search)))
                                            (allow staff_su_t pcscd_t (unix_stream_socket (connectto)))
                                            (allow staff_su_t pcscd_runtime_t (sock_file (write getattr append open)))
                                            (allow staff_su_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow staff_su_t var_run_t (dir (getattr open search)))
                                            (allow staff_su_t var_t (dir (getattr open search)))
                                            (allow staff_su_t var_run_t (lnk_file (read getattr)))
                                        )
                                    )
                                )
                                (optional staff_optional_223
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require sssd_public_t)
                                    (typeattributeset cil_gen_require sssd_var_lib_t)
                                    (allow staff_su_t sssd_var_lib_t (dir (getattr open search)))
                                    (allow staff_su_t var_t (dir (getattr open search)))
                                    (allow staff_su_t var_lib_t (dir (getattr open search)))
                                    (allow staff_su_t sssd_public_t (dir (ioctl read getattr lock open search)))
                                    (allow staff_su_t sssd_public_t (dir (getattr open search)))
                                    (allow staff_su_t sssd_public_t (file (ioctl read getattr lock open)))
                                )
                            )
                            (optional staff_optional_224
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require crack_db_t)
                                (allow staff_su_t var_t (dir (getattr open search)))
                                (allow staff_su_t crack_db_t (dir (getattr open search)))
                                (allow staff_su_t crack_db_t (file (ioctl read getattr lock open)))
                                (allow staff_su_t crack_db_t (dir (getattr open search)))
                                (allow staff_su_t crack_db_t (lnk_file (read getattr)))
                            )
                            (optional staff_optional_225
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require xauth_home_t)
                                (typeattributeset cil_gen_require xauth_t)
                                (typeattributeset cil_gen_require xauth_exec_t)
                                (allow staff_su_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (typetransition staff_su_t user_home_dir_t file xauth_home_t)
                                (allow staff_su_t home_root_t (dir (getattr open search)))
                                (allow staff_su_t home_root_t (lnk_file (read getattr)))
                                (allow staff_su_t xauth_exec_t (file (ioctl read getattr map execute open)))
                                (allow staff_su_t xauth_t (process (transition)))
                                (dontaudit staff_su_t xauth_t (process (noatsecure siginh rlimitinh)))
                                (typetransition staff_su_t xauth_exec_t process xauth_t)
                                (allow xauth_t staff_su_t (fd (use)))
                                (allow xauth_t staff_su_t (fifo_file (ioctl read write getattr lock append)))
                                (allow xauth_t staff_su_t (process (sigchld)))
                            )
                        )
                    )
                )
            )
            (optional staff_optional_226
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require staff_dbusd_t)
                (typeattributeset cil_gen_require dbusd_session_bus_client)
                (typeattributeset cil_gen_require telepathy_domain)
                (typeattributeset cil_gen_require telepathy_tmp_content)
                (typeattributeset cil_gen_require telepathy_gabble_t)
                (typeattributeset cil_gen_require telepathy_sofiasip_t)
                (typeattributeset cil_gen_require telepathy_idle_t)
                (typeattributeset cil_gen_require telepathy_mission_control_t)
                (typeattributeset cil_gen_require telepathy_salut_t)
                (typeattributeset cil_gen_require telepathy_sunshine_t)
                (typeattributeset cil_gen_require telepathy_stream_engine_t)
                (typeattributeset cil_gen_require telepathy_msn_t)
                (typeattributeset cil_gen_require telepathy_gabble_exec_t)
                (typeattributeset cil_gen_require telepathy_sofiasip_exec_t)
                (typeattributeset cil_gen_require telepathy_idle_exec_t)
                (typeattributeset cil_gen_require telepathy_logger_t)
                (typeattributeset cil_gen_require telepathy_logger_exec_t)
                (typeattributeset cil_gen_require telepathy_mission_control_exec_t)
                (typeattributeset cil_gen_require telepathy_salut_exec_t)
                (typeattributeset cil_gen_require telepathy_sunshine_exec_t)
                (typeattributeset cil_gen_require telepathy_stream_engine_exec_t)
                (typeattributeset cil_gen_require telepathy_msn_exec_t)
                (typeattributeset cil_gen_require telepathy_mission_control_xdg_cache_t)
                (typeattributeset cil_gen_require telepathy_xdg_cache_t)
                (typeattributeset cil_gen_require telepathy_logger_xdg_cache_t)
                (typeattributeset cil_gen_require telepathy_gabble_xdg_cache_t)
                (typeattributeset cil_gen_require telepathy_xdg_data_t)
                (typeattributeset cil_gen_require telepathy_mission_control_xdg_data_t)
                (typeattributeset cil_gen_require telepathy_sunshine_home_t)
                (typeattributeset cil_gen_require telepathy_logger_xdg_data_t)
                (typeattributeset cil_gen_require telepathy_mission_control_home_t)
                (typeattributeset cil_gen_require telepathy_gabble_tmp_t)
                (typeattributeset cil_gen_require telepathy_msn_tmp_t)
                (typeattributeset cil_gen_require telepathy_salut_tmp_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r telepathy_domain)
                (typeattributeset cil_gen_require dbusd_session_bus_client)
                (typeattributeset dbusd_session_bus_client (telepathy_gabble_t telepathy_sofiasip_t telepathy_idle_t telepathy_mission_control_t telepathy_salut_t telepathy_sunshine_t telepathy_stream_engine_t telepathy_msn_t telepathy_logger_t ))
                (allow staff_application_exec_domain telepathy_domain (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain telepathy_domain (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain telepathy_domain (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain telepathy_domain (lnk_file (read getattr)))
                (allow staff_application_exec_domain telepathy_domain (process (getattr)))
                (allow staff_application_exec_domain tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain telepathy_gabble_tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain telepathy_gabble_tmp_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain telepathy_gabble_t (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain telepathy_msn_tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain telepathy_msn_tmp_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain telepathy_msn_t (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain telepathy_salut_tmp_t (dir (getattr open search)))
                (allow staff_application_exec_domain telepathy_salut_tmp_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain telepathy_salut_t (unix_stream_socket (connectto)))
                (allow staff_dbusd_t telepathy_gabble_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t telepathy_gabble_t (process (transition)))
                (dontaudit staff_dbusd_t telepathy_gabble_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t telepathy_gabble_exec_t process telepathy_gabble_t)
                (allow telepathy_gabble_t staff_dbusd_t (fd (use)))
                (allow telepathy_gabble_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_gabble_t staff_dbusd_t (process (sigchld)))
                (allow telepathy_gabble_t staff_dbusd_t (dbus (send_msg)))
                (allow telepathy_gabble_t self (dbus (send_msg)))
                (allow staff_dbusd_t telepathy_gabble_t (dbus (send_msg)))
                (allow telepathy_gabble_t staff_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_gabble_t staff_dbusd_t (fd (use)))
                (allow telepathy_gabble_t staff_dbusd_t (dbus (acquire_svc)))
                (allow staff_dbusd_t telepathy_sofiasip_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t telepathy_sofiasip_t (process (transition)))
                (dontaudit staff_dbusd_t telepathy_sofiasip_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t telepathy_sofiasip_exec_t process telepathy_sofiasip_t)
                (allow telepathy_sofiasip_t staff_dbusd_t (fd (use)))
                (allow telepathy_sofiasip_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_sofiasip_t staff_dbusd_t (process (sigchld)))
                (allow telepathy_sofiasip_t staff_dbusd_t (dbus (send_msg)))
                (allow telepathy_sofiasip_t self (dbus (send_msg)))
                (allow staff_dbusd_t telepathy_sofiasip_t (dbus (send_msg)))
                (allow telepathy_sofiasip_t staff_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_sofiasip_t staff_dbusd_t (fd (use)))
                (allow telepathy_sofiasip_t staff_dbusd_t (dbus (acquire_svc)))
                (allow staff_dbusd_t telepathy_idle_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t telepathy_idle_t (process (transition)))
                (dontaudit staff_dbusd_t telepathy_idle_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t telepathy_idle_exec_t process telepathy_idle_t)
                (allow telepathy_idle_t staff_dbusd_t (fd (use)))
                (allow telepathy_idle_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_idle_t staff_dbusd_t (process (sigchld)))
                (allow telepathy_idle_t staff_dbusd_t (dbus (send_msg)))
                (allow telepathy_idle_t self (dbus (send_msg)))
                (allow staff_dbusd_t telepathy_idle_t (dbus (send_msg)))
                (allow telepathy_idle_t staff_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_idle_t staff_dbusd_t (fd (use)))
                (allow telepathy_idle_t staff_dbusd_t (dbus (acquire_svc)))
                (allow staff_dbusd_t telepathy_logger_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t telepathy_logger_t (process (transition)))
                (dontaudit staff_dbusd_t telepathy_logger_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t telepathy_logger_exec_t process telepathy_logger_t)
                (allow telepathy_logger_t staff_dbusd_t (fd (use)))
                (allow telepathy_logger_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_logger_t staff_dbusd_t (process (sigchld)))
                (allow telepathy_logger_t staff_dbusd_t (dbus (send_msg)))
                (allow telepathy_logger_t self (dbus (send_msg)))
                (allow staff_dbusd_t telepathy_logger_t (dbus (send_msg)))
                (allow telepathy_logger_t staff_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_logger_t staff_dbusd_t (fd (use)))
                (allow telepathy_logger_t staff_dbusd_t (dbus (acquire_svc)))
                (allow staff_dbusd_t telepathy_mission_control_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t telepathy_mission_control_t (process (transition)))
                (dontaudit staff_dbusd_t telepathy_mission_control_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t telepathy_mission_control_exec_t process telepathy_mission_control_t)
                (allow telepathy_mission_control_t staff_dbusd_t (fd (use)))
                (allow telepathy_mission_control_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_mission_control_t staff_dbusd_t (process (sigchld)))
                (allow telepathy_mission_control_t staff_dbusd_t (dbus (send_msg)))
                (allow telepathy_mission_control_t self (dbus (send_msg)))
                (allow staff_dbusd_t telepathy_mission_control_t (dbus (send_msg)))
                (allow telepathy_mission_control_t staff_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_mission_control_t staff_dbusd_t (fd (use)))
                (allow telepathy_mission_control_t staff_dbusd_t (dbus (acquire_svc)))
                (allow staff_dbusd_t telepathy_salut_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t telepathy_salut_t (process (transition)))
                (dontaudit staff_dbusd_t telepathy_salut_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t telepathy_salut_exec_t process telepathy_salut_t)
                (allow telepathy_salut_t staff_dbusd_t (fd (use)))
                (allow telepathy_salut_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_salut_t staff_dbusd_t (process (sigchld)))
                (allow telepathy_salut_t staff_dbusd_t (dbus (send_msg)))
                (allow telepathy_salut_t self (dbus (send_msg)))
                (allow staff_dbusd_t telepathy_salut_t (dbus (send_msg)))
                (allow telepathy_salut_t staff_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_salut_t staff_dbusd_t (fd (use)))
                (allow telepathy_salut_t staff_dbusd_t (dbus (acquire_svc)))
                (allow staff_dbusd_t telepathy_sunshine_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t telepathy_sunshine_t (process (transition)))
                (dontaudit staff_dbusd_t telepathy_sunshine_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t telepathy_sunshine_exec_t process telepathy_sunshine_t)
                (allow telepathy_sunshine_t staff_dbusd_t (fd (use)))
                (allow telepathy_sunshine_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_sunshine_t staff_dbusd_t (process (sigchld)))
                (allow telepathy_sunshine_t staff_dbusd_t (dbus (send_msg)))
                (allow telepathy_sunshine_t self (dbus (send_msg)))
                (allow staff_dbusd_t telepathy_sunshine_t (dbus (send_msg)))
                (allow telepathy_sunshine_t staff_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_sunshine_t staff_dbusd_t (fd (use)))
                (allow telepathy_sunshine_t staff_dbusd_t (dbus (acquire_svc)))
                (allow staff_dbusd_t telepathy_stream_engine_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t telepathy_stream_engine_t (process (transition)))
                (dontaudit staff_dbusd_t telepathy_stream_engine_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t telepathy_stream_engine_exec_t process telepathy_stream_engine_t)
                (allow telepathy_stream_engine_t staff_dbusd_t (fd (use)))
                (allow telepathy_stream_engine_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_stream_engine_t staff_dbusd_t (process (sigchld)))
                (allow telepathy_stream_engine_t staff_dbusd_t (dbus (send_msg)))
                (allow telepathy_stream_engine_t self (dbus (send_msg)))
                (allow staff_dbusd_t telepathy_stream_engine_t (dbus (send_msg)))
                (allow telepathy_stream_engine_t staff_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_stream_engine_t staff_dbusd_t (fd (use)))
                (allow telepathy_stream_engine_t staff_dbusd_t (dbus (acquire_svc)))
                (allow staff_dbusd_t telepathy_msn_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_dbusd_t telepathy_msn_t (process (transition)))
                (dontaudit staff_dbusd_t telepathy_msn_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_dbusd_t telepathy_msn_exec_t process telepathy_msn_t)
                (allow telepathy_msn_t staff_dbusd_t (fd (use)))
                (allow telepathy_msn_t staff_dbusd_t (fifo_file (ioctl read write getattr lock append)))
                (allow telepathy_msn_t staff_dbusd_t (process (sigchld)))
                (allow telepathy_msn_t staff_dbusd_t (dbus (send_msg)))
                (allow telepathy_msn_t self (dbus (send_msg)))
                (allow staff_dbusd_t telepathy_msn_t (dbus (send_msg)))
                (allow telepathy_msn_t staff_dbusd_t (unix_stream_socket (connectto)))
                (allow telepathy_msn_t staff_dbusd_t (fd (use)))
                (allow telepathy_msn_t staff_dbusd_t (dbus (acquire_svc)))
                (allow staff_t telepathy_mission_control_xdg_cache_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_xdg_cache_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_logger_xdg_cache_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_gabble_xdg_cache_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_xdg_data_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_mission_control_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_mission_control_xdg_data_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_sunshine_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_logger_xdg_data_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_mission_control_xdg_cache_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_xdg_cache_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_logger_xdg_cache_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_gabble_xdg_cache_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_xdg_data_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_mission_control_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_mission_control_xdg_data_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_sunshine_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_logger_xdg_data_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_xdg_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t telepathy_xdg_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t telepathy_xdg_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t telepathy_tmp_content (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t telepathy_tmp_content (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t telepathy_tmp_content (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_application_exec_domain telepathy_mission_control_t (dbus (send_msg)))
                (allow telepathy_mission_control_t staff_application_exec_domain (dbus (send_msg)))
                (typetransition staff_t user_home_dir_t dir ".telepathy-sunshine" telepathy_sunshine_home_t)
                (typetransition staff_t telepathy_xdg_data_t dir "mission-control" telepathy_mission_control_xdg_data_t)
                (typetransition staff_t user_home_dir_t dir ".mission-control" telepathy_mission_control_home_t)
                (typetransition staff_t telepathy_xdg_cache_t dir "logger" telepathy_logger_xdg_cache_t)
                (typetransition staff_t telepathy_xdg_cache_t dir "gabble" telepathy_gabble_xdg_cache_t)
                (optional staff_optional_227
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t telepathy_domain (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t telepathy_domain (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t telepathy_domain (lnk_file (read getattr)))
                    (allow staff_systemd_t telepathy_domain (process (getattr)))
                    (allow staff_systemd_t telepathy_domain (process (sigchld sigkill sigstop signull signal)))
                    (allow telepathy_domain staff_systemd_t (fd (use)))
                    (allow telepathy_domain staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow telepathy_domain staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow telepathy_domain staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow telepathy_domain staff_systemd_t (lnk_file (read getattr)))
                    (allow telepathy_domain staff_systemd_t (process (getattr)))
                    (allow telepathy_domain staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_228
                (roleattributeset cil_gen_require thunderbird_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require thunderbird_t)
                (typeattributeset cil_gen_require thunderbird_exec_t)
                (typeattributeset cil_gen_require thunderbird_home_t)
                (typeattributeset cil_gen_require thunderbird_tmpfs_t)
                (roleattributeset cil_gen_require thunderbird_roles)
                (roleattributeset thunderbird_roles (staff_r ))
                (allow staff_application_exec_domain thunderbird_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain thunderbird_t (process (transition)))
                (dontaudit staff_application_exec_domain thunderbird_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain thunderbird_exec_t process thunderbird_t)
                (allow thunderbird_t staff_application_exec_domain (fd (use)))
                (allow thunderbird_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow thunderbird_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain thunderbird_tmpfs_t (dir (getattr open search)))
                (allow staff_application_exec_domain thunderbird_tmpfs_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain thunderbird_t (unix_stream_socket (connectto)))
                (allow thunderbird_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain thunderbird_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain thunderbird_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain thunderbird_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain thunderbird_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain thunderbird_t (process (getattr)))
                (allow staff_t thunderbird_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t thunderbird_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t thunderbird_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".thunderbird" thunderbird_home_t)
                (optional staff_optional_229
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t thunderbird_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t thunderbird_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t thunderbird_t (lnk_file (read getattr)))
                    (allow staff_systemd_t thunderbird_t (process (getattr)))
                    (allow staff_systemd_t thunderbird_t (process (sigchld sigkill sigstop signull signal)))
                    (allow thunderbird_t staff_systemd_t (fd (use)))
                    (allow thunderbird_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow thunderbird_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow thunderbird_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow thunderbird_t staff_systemd_t (lnk_file (read getattr)))
                    (allow thunderbird_t staff_systemd_t (process (getattr)))
                    (allow thunderbird_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_230
                (roleattributeset cil_gen_require tvtime_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tvtime_t)
                (typeattributeset cil_gen_require tvtime_exec_t)
                (typeattributeset cil_gen_require tvtime_tmp_t)
                (typeattributeset cil_gen_require tvtime_home_t)
                (typeattributeset cil_gen_require tvtime_tmpfs_t)
                (roleattributeset cil_gen_require tvtime_roles)
                (roleattributeset tvtime_roles (staff_r ))
                (allow staff_application_exec_domain tvtime_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain tvtime_t (process (transition)))
                (dontaudit staff_application_exec_domain tvtime_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain tvtime_exec_t process tvtime_t)
                (allow tvtime_t staff_application_exec_domain (fd (use)))
                (allow tvtime_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow tvtime_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain tvtime_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain tvtime_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain tvtime_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain tvtime_t (process (getattr)))
                (allow staff_application_exec_domain tvtime_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t tvtime_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t tvtime_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t tvtime_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t tvtime_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t tvtime_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t tvtime_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t tvtime_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t tvtime_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t tvtime_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".tvtime" tvtime_home_t)
                (optional staff_optional_231
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t tvtime_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t tvtime_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t tvtime_t (lnk_file (read getattr)))
                    (allow staff_systemd_t tvtime_t (process (getattr)))
                    (allow staff_systemd_t tvtime_t (process (sigchld sigkill sigstop signull signal)))
                    (allow tvtime_t staff_systemd_t (fd (use)))
                    (allow tvtime_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow tvtime_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow tvtime_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow tvtime_t staff_systemd_t (lnk_file (read getattr)))
                    (allow tvtime_t staff_systemd_t (process (getattr)))
                    (allow tvtime_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_232
                (roleattributeset cil_gen_require uml_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require uml_t)
                (typeattributeset cil_gen_require uml_exec_t)
                (typeattributeset cil_gen_require uml_ro_t)
                (typeattributeset cil_gen_require uml_rw_t)
                (typeattributeset cil_gen_require uml_tmp_t)
                (typeattributeset cil_gen_require uml_tmpfs_t)
                (roleattributeset cil_gen_require uml_roles)
                (roleattributeset uml_roles (staff_r ))
                (allow staff_application_exec_domain uml_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain uml_t (process (transition)))
                (dontaudit staff_application_exec_domain uml_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain uml_exec_t process uml_t)
                (allow uml_t staff_application_exec_domain (fd (use)))
                (allow uml_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow uml_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain uml_tmpfs_t (dir (getattr open search)))
                (allow staff_application_exec_domain uml_tmpfs_t (sock_file (write getattr append open)))
                (allow staff_application_exec_domain uml_t (unix_dgram_socket (sendto)))
                (allow uml_t staff_application_exec_domain (unix_dgram_socket (sendto)))
                (allow staff_application_exec_domain uml_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain uml_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain uml_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain uml_t (process (getattr)))
                (allow staff_application_exec_domain uml_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t uml_ro_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t uml_rw_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t uml_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t uml_ro_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t uml_rw_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t uml_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t uml_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t uml_ro_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t uml_rw_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t uml_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t uml_ro_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t uml_rw_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t uml_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t uml_ro_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t uml_rw_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t uml_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".uml" uml_rw_t)
                (optional staff_optional_233
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t uml_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t uml_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t uml_t (lnk_file (read getattr)))
                    (allow staff_systemd_t uml_t (process (getattr)))
                    (allow staff_systemd_t uml_t (process (sigchld sigkill sigstop signull signal)))
                    (allow uml_t staff_systemd_t (fd (use)))
                    (allow uml_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow uml_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow uml_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow uml_t staff_systemd_t (lnk_file (read getattr)))
                    (allow uml_t staff_systemd_t (process (getattr)))
                    (allow uml_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_234
                (type staff_consolehelper_t)
                (roletype object_r staff_consolehelper_t)
                (type staff_userhelper_t)
                (roletype object_r staff_userhelper_t)
                (roleattributeset cil_gen_require userhelper_roles)
                (roleattributeset cil_gen_require consolehelper_roles)
                (typeattributeset cil_gen_require unpriv_userdomain)
                (typeattributeset unpriv_userdomain (staff_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_t ))
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require sysfs_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require cert_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require urandom_device_t)
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require random_device_t)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_t ))
                (typeattributeset cil_gen_require var_log_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require can_change_process_role)
                (typeattributeset cil_gen_require chkpwd_t)
                (typeattributeset cil_gen_require chkpwd_exec_t)
                (typeattributeset cil_gen_require shadow_t)
                (typeattributeset cil_gen_require auth_cache_t)
                (typeattributeset cil_gen_require faillog_t)
                (typeattributeset cil_gen_require can_read_shadow_passwords)
                (typeattributeset cil_gen_require pam_domain)
                (typeattributeset cil_gen_require can_change_object_identity)
                (typeattributeset cil_gen_require userhelper_type)
                (typeattributeset cil_gen_require consolehelper_type)
                (typeattributeset cil_gen_require userhelper_exec_t)
                (typeattributeset cil_gen_require consolehelper_exec_t)
                (typeattributeset cil_gen_require can_change_process_identity)
                (roleattributeset cil_gen_require userhelper_roles)
                (roleattributeset userhelper_roles (staff_r ))
                (roletype userhelper_roles staff_userhelper_t)
                (roleattributeset cil_gen_require consolehelper_roles)
                (roleattributeset consolehelper_roles (staff_r ))
                (roletype consolehelper_roles staff_consolehelper_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_consolehelper_t staff_userhelper_t ))
                (typeattributeset cil_gen_require pam_domain)
                (typeattributeset pam_domain (staff_consolehelper_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (staff_consolehelper_t staff_userhelper_t ))
                (typeattributeset cil_gen_require can_change_process_identity)
                (typeattributeset can_change_process_identity (staff_userhelper_t ))
                (typeattributeset cil_gen_require can_read_shadow_passwords)
                (typeattributeset can_read_shadow_passwords (staff_consolehelper_t ))
                (typeattributeset cil_gen_require can_change_process_role)
                (typeattributeset can_change_process_role (staff_userhelper_t ))
                (typeattributeset cil_gen_require can_change_object_identity)
                (typeattributeset can_change_object_identity (staff_userhelper_t ))
                (typeattributeset cil_gen_require consolehelper_type)
                (typeattributeset consolehelper_type (staff_consolehelper_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_consolehelper_t staff_userhelper_t ))
                (typeattributeset cil_gen_require userhelper_type)
                (typeattributeset userhelper_type (staff_userhelper_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_consolehelper_t staff_userhelper_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require privfd)
                (typeattributeset privfd (staff_userhelper_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (userhelper_exec_t consolehelper_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (userhelper_exec_t consolehelper_exec_t ))
                (allow staff_consolehelper_t consolehelper_exec_t (file (entrypoint)))
                (allow staff_consolehelper_t consolehelper_exec_t (file (ioctl read getattr lock map execute open)))
                (allow staff_userhelper_t userhelper_exec_t (file (entrypoint)))
                (allow staff_userhelper_t userhelper_exec_t (file (ioctl read getattr lock map execute open)))
                (allow staff_consolehelper_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain consolehelper_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain staff_consolehelper_t (process (transition)))
                (dontaudit staff_application_exec_domain staff_consolehelper_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain consolehelper_exec_t process staff_consolehelper_t)
                (allow staff_consolehelper_t staff_application_exec_domain (fd (use)))
                (allow staff_consolehelper_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow staff_consolehelper_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain staff_consolehelper_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain staff_consolehelper_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain staff_consolehelper_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain staff_consolehelper_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain staff_consolehelper_t (process (getattr)))
                (allow staff_consolehelper_t auth_cache_t (dir (getattr open search)))
                (allow staff_consolehelper_t bin_t (dir (getattr open search)))
                (allow staff_consolehelper_t bin_t (lnk_file (read getattr)))
                (allow staff_consolehelper_t usr_t (dir (getattr open search)))
                (allow staff_consolehelper_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_consolehelper_t chkpwd_t (process (transition)))
                (dontaudit staff_consolehelper_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_consolehelper_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t staff_consolehelper_t (fd (use)))
                (allow chkpwd_t staff_consolehelper_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t staff_consolehelper_t (process (sigchld)))
                (dontaudit staff_consolehelper_t shadow_t (file (ioctl read getattr lock open)))
                (allow staff_consolehelper_t device_t (dir (getattr open search)))
                (allow staff_consolehelper_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_consolehelper_t device_t (dir (getattr open search)))
                (allow staff_consolehelper_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_consolehelper_t var_t (dir (getattr open search)))
                (allow staff_consolehelper_t var_log_t (dir (getattr open search)))
                (allow staff_consolehelper_t var_log_t (lnk_file (read getattr)))
                (allow staff_consolehelper_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow staff_consolehelper_t self (capability (audit_write)))
                (allow staff_consolehelper_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow staff_consolehelper_t cert_t (dir (ioctl read getattr lock open search)))
                (allow staff_consolehelper_t cert_t (dir (getattr open search)))
                (allow staff_consolehelper_t cert_t (file (ioctl read getattr lock open)))
                (allow staff_consolehelper_t cert_t (dir (getattr open search)))
                (allow staff_consolehelper_t cert_t (lnk_file (read getattr)))
                (allow staff_consolehelper_t security_t (filesystem (getattr)))
                (allow staff_consolehelper_t sysfs_t (filesystem (getattr)))
                (allow staff_consolehelper_t sysfs_t (dir (getattr open search)))
                (allow staff_consolehelper_t sysfs_t (dir (getattr open search)))
                (allow staff_consolehelper_t sysfs_t (dir (getattr open search)))
                (allow staff_consolehelper_t sysfs_t (dir (getattr open search)))
                (allow staff_consolehelper_t security_t (dir (ioctl read getattr lock open search)))
                (allow staff_consolehelper_t security_t (file (ioctl read getattr map open)))
                (allow staff_application_exec_domain userhelper_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain staff_userhelper_t (process (transition)))
                (dontaudit staff_application_exec_domain staff_userhelper_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain userhelper_exec_t process staff_userhelper_t)
                (allow staff_userhelper_t staff_application_exec_domain (fd (use)))
                (allow staff_userhelper_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow staff_userhelper_t staff_application_exec_domain (process (sigchld)))
                (dontaudit staff_application_exec_domain staff_userhelper_t (process (signal)))
                (allow staff_userhelper_t bin_t (dir (getattr open search)))
                (allow staff_userhelper_t bin_t (lnk_file (read getattr)))
                (allow staff_userhelper_t usr_t (dir (getattr open search)))
                (allow staff_userhelper_t bin_t (file (ioctl read getattr map execute open)))
                (allow staff_userhelper_t staff_t (process (transition)))
                (dontaudit staff_userhelper_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_userhelper_t bin_t process staff_t)
                (allow staff_userhelper_t auth_cache_t (dir (getattr open search)))
                (allow staff_userhelper_t bin_t (dir (getattr open search)))
                (allow staff_userhelper_t bin_t (lnk_file (read getattr)))
                (allow staff_userhelper_t usr_t (dir (getattr open search)))
                (allow staff_userhelper_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_userhelper_t chkpwd_t (process (transition)))
                (dontaudit staff_userhelper_t chkpwd_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_userhelper_t chkpwd_exec_t process chkpwd_t)
                (allow chkpwd_t staff_userhelper_t (fd (use)))
                (allow chkpwd_t staff_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                (allow chkpwd_t staff_userhelper_t (process (sigchld)))
                (dontaudit staff_userhelper_t shadow_t (file (ioctl read getattr lock open)))
                (allow staff_userhelper_t device_t (dir (getattr open search)))
                (allow staff_userhelper_t random_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_userhelper_t device_t (dir (getattr open search)))
                (allow staff_userhelper_t urandom_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_userhelper_t var_t (dir (getattr open search)))
                (allow staff_userhelper_t var_log_t (dir (getattr open search)))
                (allow staff_userhelper_t var_log_t (lnk_file (read getattr)))
                (allow staff_userhelper_t faillog_t (file (ioctl read write getattr lock append open)))
                (allow staff_userhelper_t self (capability (audit_write)))
                (allow staff_userhelper_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
                (allow staff_userhelper_t cert_t (dir (ioctl read getattr lock open search)))
                (allow staff_userhelper_t cert_t (dir (getattr open search)))
                (allow staff_userhelper_t cert_t (file (ioctl read getattr lock open)))
                (allow staff_userhelper_t cert_t (dir (getattr open search)))
                (allow staff_userhelper_t cert_t (lnk_file (read getattr)))
                (allow staff_userhelper_t bin_t (dir (getattr open search)))
                (allow staff_userhelper_t bin_t (lnk_file (read getattr)))
                (allow staff_userhelper_t usr_t (dir (getattr open search)))
                (allow staff_userhelper_t bin_t (file (ioctl read getattr map execute open)))
                (allow staff_userhelper_t unpriv_userdomain (process (transition)))
                (dontaudit staff_userhelper_t unpriv_userdomain (process (noatsecure siginh rlimitinh)))
                (allow unpriv_userdomain staff_userhelper_t (fd (use)))
                (allow unpriv_userdomain staff_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                (allow unpriv_userdomain staff_userhelper_t (process (sigchld)))
                (allow staff_userhelper_t entry_type (file (ioctl read getattr map execute open)))
                (allow staff_userhelper_t unpriv_userdomain (process (transition)))
                (dontaudit staff_userhelper_t unpriv_userdomain (process (noatsecure siginh rlimitinh)))
                (allow unpriv_userdomain staff_userhelper_t (fd (use)))
                (allow unpriv_userdomain staff_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                (allow unpriv_userdomain staff_userhelper_t (process (sigchld)))
                (optional staff_optional_235
                    (typeattributeset cil_gen_require init_t)
                    (allow staff_consolehelper_t init_t (process (sigchld)))
                    (allow staff_consolehelper_t init_t (process (signull)))
                    (optional staff_optional_236
                        (typeattributeset cil_gen_require rpm_t)
                        (allow staff_consolehelper_t rpm_t (fd (use)))
                        (allow staff_consolehelper_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional staff_optional_237
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit staff_consolehelper_t security_t (filesystem (getattr)))
                        (dontaudit staff_consolehelper_t sysfs_t (filesystem (getattr)))
                        (dontaudit staff_consolehelper_t sysfs_t (dir (getattr open search)))
                        (dontaudit staff_consolehelper_t security_t (dir (getattr open search)))
                        (dontaudit staff_consolehelper_t security_t (file (ioctl read getattr lock open)))
                        (optional staff_optional_238
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit staff_consolehelper_t selinux_config_t (dir (getattr open search)))
                            (dontaudit staff_consolehelper_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional staff_optional_239
                                (typeattributeset cil_gen_require init_t)
                                (allow staff_userhelper_t init_t (process (sigchld)))
                                (allow staff_userhelper_t init_t (process (signull)))
                                (optional staff_optional_240
                                    (typeattributeset cil_gen_require rpm_t)
                                    (allow staff_userhelper_t rpm_t (fd (use)))
                                    (allow staff_userhelper_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                )
                                (optional staff_optional_241
                                    (typeattributeset cil_gen_require security_t)
                                    (typeattributeset cil_gen_require sysfs_t)
                                    (dontaudit staff_userhelper_t security_t (filesystem (getattr)))
                                    (dontaudit staff_userhelper_t sysfs_t (filesystem (getattr)))
                                    (dontaudit staff_userhelper_t sysfs_t (dir (getattr open search)))
                                    (dontaudit staff_userhelper_t security_t (dir (getattr open search)))
                                    (dontaudit staff_userhelper_t security_t (file (ioctl read getattr lock open)))
                                    (optional staff_optional_242
                                        (typeattributeset cil_gen_require selinux_config_t)
                                        (dontaudit staff_userhelper_t selinux_config_t (dir (getattr open search)))
                                        (dontaudit staff_userhelper_t selinux_config_t (file (ioctl read getattr lock open)))
                                        (optional staff_optional_243
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require krb5_keytab_t)
                                            (allow staff_consolehelper_t etc_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t krb5_keytab_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional staff_optional_244
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require pcscd_t)
                                            (typeattributeset cil_gen_require pcscd_runtime_t)
                                            (allow staff_consolehelper_t var_run_t (lnk_file (read getattr)))
                                            (allow staff_consolehelper_t var_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t var_run_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                            (allow staff_consolehelper_t var_run_t (lnk_file (read getattr)))
                                            (allow staff_consolehelper_t var_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t var_run_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t pcscd_runtime_t (sock_file (write getattr append open)))
                                            (allow staff_consolehelper_t pcscd_t (unix_stream_socket (connectto)))
                                            (allow pcscd_t staff_consolehelper_t (dir (ioctl read getattr lock open search)))
                                            (allow pcscd_t staff_consolehelper_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional staff_optional_245
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_lib_t)
                                            (typeattributeset cil_gen_require system_dbusd_t)
                                            (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                            (typeattributeset cil_gen_require dbusd_system_bus_client)
                                            (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                            (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                            (typeattributeset cil_gen_require dbusd_etc_t)
                                            (typeattributeset cil_gen_require dbusd_system_bus_client)
                                            (typeattributeset dbusd_system_bus_client (staff_consolehelper_t ))
                                            (allow staff_consolehelper_t system_dbusd_t (dbus (send_msg)))
                                            (allow staff_consolehelper_t self (dbus (send_msg)))
                                            (allow system_dbusd_t staff_consolehelper_t (dbus (send_msg)))
                                            (allow staff_consolehelper_t var_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t var_lib_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t system_dbusd_var_lib_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                            (allow staff_consolehelper_t system_dbusd_var_lib_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                            (allow staff_consolehelper_t session_dbusd_tmp_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                            (allow staff_consolehelper_t var_run_t (lnk_file (read getattr)))
                                            (allow staff_consolehelper_t var_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t var_run_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t system_dbusd_runtime_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                            (allow staff_consolehelper_t system_dbusd_t (unix_stream_socket (connectto)))
                                            (allow staff_consolehelper_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                            (allow staff_consolehelper_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                            (allow staff_consolehelper_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                            (allow staff_consolehelper_t system_dbusd_runtime_t (sock_file (read)))
                                            (allow staff_consolehelper_t system_dbusd_var_lib_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                            (optional staff_optional_246
                                                (typeattributeset cil_gen_require fprintd_t)
                                                (allow staff_consolehelper_t fprintd_t (dbus (send_msg)))
                                                (allow fprintd_t staff_consolehelper_t (dbus (send_msg)))
                                            )
                                            (optional staff_optional_247
                                                (typeattributeset cil_gen_require systemd_logind_t)
                                                (typeattributeset cil_gen_require systemd_sessions_runtime_t)
                                                (allow staff_consolehelper_t systemd_logind_t (dbus (send_msg)))
                                                (allow systemd_logind_t staff_consolehelper_t (dbus (send_msg)))
                                                (allow staff_consolehelper_t systemd_logind_t (fd (use)))
                                                (allow staff_consolehelper_t systemd_sessions_runtime_t (fifo_file (write)))
                                                (allow systemd_logind_t staff_consolehelper_t (process (signal)))
                                            )
                                        )
                                        (optional staff_optional_248
                                            (typeattributeset cil_gen_require security_t)
                                            (typeattributeset cil_gen_require sysfs_t)
                                            (typeattributeset cil_gen_require selinux_config_t)
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require user_home_dir_t)
                                            (typeattributeset cil_gen_require home_root_t)
                                            (typeattributeset cil_gen_require tmp_t)
                                            (typeattributeset cil_gen_require krb5_host_rcache_t)
                                            (typeattributeset cil_gen_require krb5_conf_t)
                                            (typeattributeset cil_gen_require krb5_home_t)
                                            (typeattributeset cil_gen_require default_context_t)
                                            (typeattributeset cil_gen_require file_context_t)
                                            (typeattributeset cil_gen_require can_change_object_identity)
                                            (typeattributeset cil_gen_require can_change_object_identity)
                                            (typeattributeset can_change_object_identity (staff_consolehelper_t ))
                                            (allow staff_consolehelper_t etc_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t krb5_conf_t (file (ioctl read getattr lock open)))
                                            (allow staff_consolehelper_t user_home_dir_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t home_root_t (dir (getattr open search)))
                                            (allow staff_consolehelper_t home_root_t (lnk_file (read getattr)))
                                            (allow staff_consolehelper_t krb5_home_t (file (ioctl read getattr lock open)))
                                            (booleanif (allow_kerberos)
                                                (true
                                                    (allow staff_consolehelper_t krb5_host_rcache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                                    (allow staff_consolehelper_t tmp_t (dir (getattr open search)))
                                                    (allow staff_consolehelper_t file_context_t (file (map)))
                                                    (allow staff_consolehelper_t file_context_t (file (ioctl read getattr lock open)))
                                                    (allow staff_consolehelper_t file_context_t (dir (getattr open search)))
                                                    (allow staff_consolehelper_t selinux_config_t (dir (getattr open search)))
                                                    (allow staff_consolehelper_t default_context_t (dir (getattr open search)))
                                                    (allow staff_consolehelper_t etc_t (dir (getattr open search)))
                                                    (allow staff_consolehelper_t security_t (security (check_context)))
                                                    (allow staff_consolehelper_t security_t (file (ioctl read write getattr map open)))
                                                    (allow staff_consolehelper_t security_t (dir (ioctl read getattr lock open search)))
                                                    (allow staff_consolehelper_t sysfs_t (dir (getattr open search)))
                                                    (allow staff_consolehelper_t sysfs_t (dir (getattr open search)))
                                                    (allow staff_consolehelper_t self (process (setfscreate)))
                                                )
                                            )
                                        )
                                        (optional staff_optional_249
                                            (typeattributeset cil_gen_require session_bus_type)
                                            (allow staff_consolehelper_t session_bus_type (dbus (acquire_svc)))
                                            (optional staff_optional_250
                                                (typeattributeset cil_gen_require consolehelper_type)
                                                (allow staff_application_exec_domain consolehelper_type (dbus (send_msg)))
                                                (allow consolehelper_type staff_application_exec_domain (dbus (send_msg)))
                                            )
                                        )
                                        (optional staff_optional_251
                                            (typeattributeset cil_gen_require staff_systemd_t)
                                            (allow staff_systemd_t staff_consolehelper_t (dir (ioctl read getattr lock open search)))
                                            (allow staff_systemd_t staff_consolehelper_t (file (ioctl read getattr lock open)))
                                            (allow staff_systemd_t staff_consolehelper_t (lnk_file (read getattr)))
                                            (allow staff_systemd_t staff_consolehelper_t (process (getattr)))
                                            (allow staff_systemd_t staff_consolehelper_t (process (sigchld sigkill sigstop signull signal)))
                                            (allow staff_consolehelper_t staff_systemd_t (fd (use)))
                                            (allow staff_consolehelper_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                            (allow staff_consolehelper_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                            (allow staff_consolehelper_t staff_systemd_t (file (ioctl read getattr lock open)))
                                            (allow staff_consolehelper_t staff_systemd_t (lnk_file (read getattr)))
                                            (allow staff_consolehelper_t staff_systemd_t (process (getattr)))
                                            (allow staff_consolehelper_t staff_systemd_t (process (sigchld)))
                                        )
                                        (optional staff_optional_252
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require krb5_keytab_t)
                                            (allow staff_userhelper_t etc_t (dir (getattr open search)))
                                            (allow staff_userhelper_t krb5_keytab_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional staff_optional_253
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require pcscd_t)
                                            (typeattributeset cil_gen_require pcscd_runtime_t)
                                            (allow staff_userhelper_t var_run_t (lnk_file (read getattr)))
                                            (allow staff_userhelper_t var_t (dir (getattr open search)))
                                            (allow staff_userhelper_t var_run_t (dir (getattr open search)))
                                            (allow staff_userhelper_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow staff_userhelper_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                            (allow staff_userhelper_t var_run_t (lnk_file (read getattr)))
                                            (allow staff_userhelper_t var_t (dir (getattr open search)))
                                            (allow staff_userhelper_t var_run_t (dir (getattr open search)))
                                            (allow staff_userhelper_t pcscd_runtime_t (dir (getattr open search)))
                                            (allow staff_userhelper_t pcscd_runtime_t (sock_file (write getattr append open)))
                                            (allow staff_userhelper_t pcscd_t (unix_stream_socket (connectto)))
                                            (allow pcscd_t staff_userhelper_t (dir (ioctl read getattr lock open search)))
                                            (allow pcscd_t staff_userhelper_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional staff_optional_254
                                            (typeattributeset cil_gen_require entry_type)
                                            (typeattributeset entry_type (shell_exec_t bin_t ))
                                            (typeattributeset cil_gen_require bin_t)
                                            (typeattributeset cil_gen_require usr_t)
                                            (typeattributeset cil_gen_require sysadm_t)
                                            (booleanif (secure_mode)
                                                (false
                                                    (allow sysadm_t staff_userhelper_t (process (sigchld)))
                                                    (allow sysadm_t staff_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                                                    (allow sysadm_t staff_userhelper_t (fd (use)))
                                                    (dontaudit staff_userhelper_t sysadm_t (process (noatsecure siginh rlimitinh)))
                                                    (allow staff_userhelper_t sysadm_t (process (transition)))
                                                    (allow staff_userhelper_t entry_type (file (ioctl read getattr map execute open)))
                                                    (allow sysadm_t staff_userhelper_t (process (sigchld)))
                                                    (allow sysadm_t staff_userhelper_t (fifo_file (ioctl read write getattr lock append)))
                                                    (allow sysadm_t staff_userhelper_t (fd (use)))
                                                    (dontaudit staff_userhelper_t sysadm_t (process (noatsecure siginh rlimitinh)))
                                                    (allow staff_userhelper_t sysadm_t (process (transition)))
                                                    (allow staff_userhelper_t bin_t (file (ioctl read getattr map execute open)))
                                                    (allow staff_userhelper_t usr_t (dir (getattr open search)))
                                                    (allow staff_userhelper_t bin_t (lnk_file (read getattr)))
                                                    (allow staff_userhelper_t bin_t (dir (getattr open search)))
                                                )
                                            )
                                        )
                                        (optional staff_optional_255
                                            (typeattributeset cil_gen_require staff_systemd_t)
                                            (allow staff_systemd_t staff_userhelper_t (dir (ioctl read getattr lock open search)))
                                            (allow staff_systemd_t staff_userhelper_t (file (ioctl read getattr lock open)))
                                            (allow staff_systemd_t staff_userhelper_t (lnk_file (read getattr)))
                                            (allow staff_systemd_t staff_userhelper_t (process (getattr)))
                                            (allow staff_systemd_t staff_userhelper_t (process (sigchld sigkill sigstop signull signal)))
                                            (allow staff_userhelper_t staff_systemd_t (fd (use)))
                                            (allow staff_userhelper_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                            (allow staff_userhelper_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                            (allow staff_userhelper_t staff_systemd_t (file (ioctl read getattr lock open)))
                                            (allow staff_userhelper_t staff_systemd_t (lnk_file (read getattr)))
                                            (allow staff_userhelper_t staff_systemd_t (process (getattr)))
                                            (allow staff_userhelper_t staff_systemd_t (process (sigchld)))
                                        )
                                    )
                                )
                            )
                        )
                    )
                )
            )
            (optional staff_optional_256
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require vmware_t)
                (typeattributeset cil_gen_require vmware_exec_t)
                (typeattributeset cil_gen_require vmware_file_t)
                (typeattributeset cil_gen_require vmware_conf_t)
                (typeattributeset cil_gen_require vmware_tmp_t)
                (typeattributeset cil_gen_require vmware_tmpfs_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r vmware_t)
                (allow staff_application_exec_domain vmware_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain vmware_t (process (transition)))
                (dontaudit staff_application_exec_domain vmware_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain vmware_exec_t process vmware_t)
                (allow vmware_t staff_application_exec_domain (fd (use)))
                (allow vmware_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow vmware_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain vmware_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain vmware_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain vmware_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain vmware_t (process (getattr)))
                (allow staff_application_exec_domain vmware_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t vmware_file_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t vmware_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t vmware_file_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t vmware_conf_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t vmware_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t vmware_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t vmware_tmp_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t vmware_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t vmware_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t vmware_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir "vmware" vmware_file_t)
                (typetransition staff_t user_home_dir_t dir ".vmware" vmware_file_t)
                (optional staff_optional_257
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t vmware_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t vmware_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t vmware_t (lnk_file (read getattr)))
                    (allow staff_systemd_t vmware_t (process (getattr)))
                    (allow staff_systemd_t vmware_t (process (sigchld sigkill sigstop signull signal)))
                    (allow vmware_t staff_systemd_t (fd (use)))
                    (allow vmware_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow vmware_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow vmware_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow vmware_t staff_systemd_t (lnk_file (read getattr)))
                    (allow vmware_t staff_systemd_t (process (getattr)))
                    (allow vmware_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_258
                (roleattributeset cil_gen_require wireshark_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require wireshark_t)
                (typeattributeset cil_gen_require wireshark_exec_t)
                (typeattributeset cil_gen_require wireshark_home_t)
                (typeattributeset cil_gen_require wireshark_tmp_t)
                (typeattributeset cil_gen_require wireshark_tmpfs_t)
                (roleattributeset cil_gen_require wireshark_roles)
                (roleattributeset wireshark_roles (staff_r ))
                (allow staff_application_exec_domain wireshark_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain wireshark_t (process (transition)))
                (dontaudit staff_application_exec_domain wireshark_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain wireshark_exec_t process wireshark_t)
                (allow wireshark_t staff_application_exec_domain (fd (use)))
                (allow wireshark_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow wireshark_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain wireshark_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain wireshark_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain wireshark_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain wireshark_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain wireshark_t (process (getattr)))
                (allow staff_t wireshark_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t wireshark_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t wireshark_tmpfs_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t wireshark_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t wireshark_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t wireshark_tmpfs_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t wireshark_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t wireshark_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t wireshark_tmpfs_t (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t wireshark_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".wireshark" wireshark_home_t)
                (optional staff_optional_259
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t wireshark_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t wireshark_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t wireshark_t (lnk_file (read getattr)))
                    (allow staff_systemd_t wireshark_t (process (getattr)))
                    (allow staff_systemd_t wireshark_t (process (sigchld sigkill sigstop signull signal)))
                    (allow wireshark_t staff_systemd_t (fd (use)))
                    (allow wireshark_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow wireshark_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow wireshark_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow wireshark_t staff_systemd_t (lnk_file (read getattr)))
                    (allow wireshark_t staff_systemd_t (process (getattr)))
                    (allow wireshark_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_260
                (type staff_wm_t)
                (roletype object_r staff_wm_t)
                (typeattributeset cil_gen_require staff_application_exec_domain)
                (typeattributeset staff_application_exec_domain (staff_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_t ))
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_t ))
                (typeattributeset cil_gen_require device_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require var_run_t)
                (typeattributeset cil_gen_require lib_t)
                (typeattributeset cil_gen_require fonts_t)
                (typeattributeset cil_gen_require var_t)
                (typeattributeset cil_gen_require var_lib_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require tmp_t)
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_t ))
                (typeattributeset cil_gen_require xdm_t)
                (typeattributeset cil_gen_require xdg_cache_t)
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset cil_gen_require xsession_log_t)
                (typeattributeset cil_gen_require iceauth_home_t)
                (typeattributeset cil_gen_require xserver_t)
                (typeattributeset cil_gen_require xserver_tmp_t)
                (typeattributeset cil_gen_require xserver_tmpfs_t)
                (typeattributeset cil_gen_require xauth_home_t)
                (typeattributeset cil_gen_require user_fonts_t)
                (typeattributeset cil_gen_require user_fonts_cache_t)
                (typeattributeset cil_gen_require user_fonts_config_t)
                (typeattributeset cil_gen_require mesa_shader_cache_t)
                (typeattributeset cil_gen_require iceauth_t)
                (typeattributeset cil_gen_require iceauth_exec_t)
                (typeattributeset cil_gen_require xauth_t)
                (typeattributeset cil_gen_require xauth_exec_t)
                (typeattributeset cil_gen_require xdm_tmp_t)
                (typeattributeset cil_gen_require xserver_misc_device_t)
                (typeattributeset cil_gen_require power_device_t)
                (typeattributeset cil_gen_require event_device_t)
                (typeattributeset cil_gen_require misc_device_t)
                (typeattributeset cil_gen_require agp_device_t)
                (typeattributeset cil_gen_require dri_device_t)
                (typeattributeset cil_gen_require usbfs_t)
                (typeattributeset cil_gen_require fonts_cache_t)
                (typeattributeset cil_gen_require root_xdrawable_t)
                (typeattributeset cil_gen_require xevent_t)
                (typeattributeset cil_gen_require client_xevent_t)
                (typeattributeset cil_gen_require input_xevent_t)
                (typeattributeset cil_gen_require user_input_xevent_t)
                (typeattributeset cil_gen_require x_domain)
                (typeattributeset cil_gen_require xdrawable_type)
                (typeattributeset cil_gen_require xcolormap_type)
                (typeattributeset cil_gen_require input_xevent_type)
                (typeattributeset cil_gen_require xserver_exec_t)
                (typeattributeset cil_gen_require xserver_unconfined_type)
                (typeattributeset cil_gen_require xsession_exec_t)
                (typeattributeset cil_gen_require xserver_log_t)
                (typeattributeset cil_gen_require xdm_var_run_t)
                (typeattributeset cil_gen_require xkb_var_lib_t)
                (typeattributeset cil_gen_require staff_wm_t)
                (typeattributeset cil_gen_require mlsfilewrite)
                (typeattributeset cil_gen_require wm_domain)
                (typeattributeset cil_gen_require wm_exec_t)
                (typeattributeset cil_gen_require mlsfileread)
                (typeattributeset cil_gen_require mlsxwinread)
                (typeattributeset cil_gen_require mlsxwinwrite)
                (typeattributeset cil_gen_require mlsfduse)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r xserver_t)
                (roletype staff_r iceauth_t)
                (roletype staff_r xauth_t)
                (roletype staff_r staff_wm_t)
                (typeattributeset cil_gen_require wm_domain)
                (typeattributeset wm_domain (staff_wm_t ))
                (typeattributeset cil_gen_require mlsxwinwrite)
                (typeattributeset mlsxwinwrite (staff_wm_t ))
                (typeattributeset cil_gen_require x_domain)
                (typeattributeset x_domain (staff_wm_t ))
                (typeattributeset cil_gen_require mlsfileread)
                (typeattributeset mlsfileread (staff_wm_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (xsession_exec_t wm_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (xsession_exec_t wm_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (staff_wm_t ))
                (typeattributeset cil_gen_require application_domain_type)
                (typeattributeset application_domain_type (staff_wm_t ))
                (typeattributeset cil_gen_require mlsfilewrite)
                (typeattributeset mlsfilewrite (staff_wm_t ))
                (typeattributeset cil_gen_require mlsxwinread)
                (typeattributeset mlsxwinread (staff_wm_t ))
                (typeattributeset cil_gen_require xdrawable_type)
                (typeattributeset xdrawable_type (staff_wm_t ))
                (typeattributeset cil_gen_require nsswitch_domain)
                (typeattributeset nsswitch_domain (staff_wm_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (xsession_exec_t wm_exec_t ))
                (typeattributeset cil_gen_require mlsfduse)
                (typeattributeset mlsfduse (staff_wm_t ))
                (typeattributeset cil_gen_require ubac_constrained_type)
                (typeattributeset ubac_constrained_type (staff_wm_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (xsession_exec_t wm_exec_t ))
                (typeattributeset cil_gen_require xserver_unconfined_type)
                (typeattributeset xserver_unconfined_type (staff_wm_t ))
                (typeattributeset cil_gen_require xcolormap_type)
                (typeattributeset xcolormap_type (staff_wm_t ))
                (typeattributeset cil_gen_require application_exec_type)
                (typeattributeset application_exec_type (wm_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (xsession_exec_t wm_exec_t ))
                (typeattributeset cil_gen_require staff_application_exec_domain)
                (typeattributeset staff_application_exec_domain (staff_wm_t ))
                (allow staff_wm_t wm_exec_t (file (entrypoint)))
                (allow staff_wm_t wm_exec_t (file (ioctl read getattr lock map execute open)))
                (allow staff_application_exec_domain staff_wm_t (fd (use)))
                (allow staff_wm_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain staff_wm_t (unix_stream_socket (connectto)))
                (allow staff_application_exec_domain staff_wm_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain staff_wm_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain staff_wm_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain staff_wm_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain staff_wm_t (process (getattr)))
                (allow staff_wm_t staff_application_exec_domain (process (sigkill signull)))
                (allow staff_application_exec_domain wm_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain staff_wm_t (process (transition)))
                (dontaudit staff_application_exec_domain staff_wm_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain wm_exec_t process staff_wm_t)
                (allow staff_wm_t staff_application_exec_domain (fd (use)))
                (allow staff_wm_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow staff_wm_t staff_application_exec_domain (process (sigchld)))
                (allow staff_wm_t bin_t (dir (getattr open search)))
                (allow staff_wm_t bin_t (lnk_file (read getattr)))
                (allow staff_wm_t usr_t (dir (getattr open search)))
                (allow staff_wm_t bin_t (file (ioctl read getattr map execute open)))
                (allow staff_wm_t staff_t (process (transition)))
                (dontaudit staff_wm_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_wm_t bin_t process staff_t)
                (allow staff_wm_t bin_t (dir (getattr open search)))
                (allow staff_wm_t bin_t (lnk_file (read getattr)))
                (allow staff_wm_t usr_t (dir (getattr open search)))
                (allow staff_wm_t bin_t (dir (getattr open search)))
                (allow staff_wm_t bin_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t shell_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_wm_t staff_t (process (transition)))
                (dontaudit staff_wm_t staff_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_wm_t shell_exec_t process staff_t)
                (allow staff_wm_t var_t (dir (getattr open search)))
                (allow staff_wm_t fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_wm_t fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t fonts_cache_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow xserver_t staff_wm_t (fd (use)))
                (allow xserver_t staff_wm_t (shm (getattr read write associate unix_read unix_write lock)))
                (allow xserver_t staff_wm_t (process (signal)))
                (allow staff_wm_t user_fonts_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t user_fonts_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t user_fonts_config_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t user_fonts_config_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t xserver_tmp_t (dir (getattr open search)))
                (allow staff_wm_t xserver_tmp_t (sock_file (write getattr append open)))
                (allow staff_wm_t xserver_t (unix_stream_socket (connectto)))
                (allow staff_wm_t tmp_t (dir (getattr open search)))
                (allow staff_wm_t xserver_t (fd (use)))
                (allow staff_wm_t xserver_t (shm (getattr read associate unix_read)))
                (allow staff_wm_t xserver_tmpfs_t (file (ioctl read getattr lock map open)))
                (allow staff_wm_t iceauth_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t iceauth_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t iceauth_t (lnk_file (read getattr)))
                (allow staff_wm_t iceauth_t (process (getattr)))
                (allow staff_wm_t iceauth_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_wm_t iceauth_t (process (transition)))
                (dontaudit staff_wm_t iceauth_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_wm_t iceauth_exec_t process iceauth_t)
                (allow iceauth_t staff_wm_t (fd (use)))
                (allow iceauth_t staff_wm_t (fifo_file (ioctl read write getattr lock append)))
                (allow iceauth_t staff_wm_t (process (sigchld)))
                (allow staff_wm_t iceauth_home_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t xauth_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_wm_t xauth_t (process (transition)))
                (dontaudit staff_wm_t xauth_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_wm_t xauth_exec_t process xauth_t)
                (allow xauth_t staff_wm_t (fd (use)))
                (allow xauth_t staff_wm_t (fifo_file (ioctl read write getattr lock append)))
                (allow xauth_t staff_wm_t (process (sigchld)))
                (allow staff_wm_t xauth_t (process (signal)))
                (allow staff_wm_t xauth_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t xauth_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t xauth_t (lnk_file (read getattr)))
                (allow staff_wm_t xauth_t (process (getattr)))
                (allow staff_wm_t xserver_t (process (signal)))
                (allow staff_wm_t xauth_home_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t xdm_t (fd (use)))
                (allow staff_wm_t xdm_t (fifo_file (ioctl read write getattr lock append)))
                (allow staff_wm_t xdm_tmp_t (dir (search)))
                (allow staff_wm_t xdm_tmp_t (sock_file (read write)))
                (dontaudit staff_wm_t xdm_t (tcp_socket (read write)))
                (allow staff_wm_t xserver_tmp_t (file (ioctl read getattr lock)))
                (allow staff_wm_t device_t (dir (getattr open search)))
                (allow staff_wm_t xserver_misc_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow staff_wm_t xserver_misc_device_t (chr_file (map)))
                (allow staff_wm_t device_t (dir (getattr open search)))
                (allow staff_wm_t power_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow staff_wm_t device_t (dir (getattr open search)))
                (allow staff_wm_t event_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_wm_t device_t (dir (getattr open search)))
                (allow staff_wm_t misc_device_t (chr_file (ioctl read getattr lock open)))
                (allow staff_wm_t device_t (dir (getattr open search)))
                (allow staff_wm_t misc_device_t (chr_file (ioctl write getattr lock append open)))
                (allow staff_wm_t device_t (dir (getattr open search)))
                (allow staff_wm_t agp_device_t (chr_file (getattr)))
                (dontaudit staff_wm_t dri_device_t (chr_file (ioctl read write getattr lock append open)))
                (allow staff_wm_t usbfs_t (dir (getattr open search)))
                (allow staff_wm_t usbfs_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t usbfs_t (dir (getattr open search)))
                (allow staff_wm_t usbfs_t (file (ioctl read write getattr lock append open)))
                (allow staff_wm_t usbfs_t (dir (getattr open search)))
                (allow staff_wm_t usbfs_t (lnk_file (read getattr)))
                (allow staff_wm_t usr_t (dir (getattr open search)))
                (allow staff_wm_t lib_t (dir (getattr open search)))
                (allow staff_wm_t fonts_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t fonts_t (dir (getattr open search)))
                (allow staff_wm_t fonts_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t fonts_t (file (map)))
                (allow staff_wm_t fonts_t (dir (getattr open search)))
                (allow staff_wm_t fonts_t (lnk_file (read getattr)))
                (allow staff_wm_t fonts_cache_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t fonts_cache_t (dir (getattr open search)))
                (allow staff_wm_t fonts_cache_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t fonts_cache_t (file (map)))
                (allow staff_wm_t fonts_cache_t (dir (getattr open search)))
                (allow staff_wm_t fonts_cache_t (lnk_file (read getattr)))
                (allow staff_wm_t fonts_t (dir (watch)))
                (typetransition staff_wm_t root_xdrawable_t x_drawable staff_wm_t)
                (typetransition staff_wm_t input_xevent_t x_event user_input_xevent_t)
                (allow staff_wm_t user_input_xevent_t (x_event (send)))
                (allow staff_wm_t user_input_xevent_t (x_synthetic_event (send)))
                (allow staff_wm_t user_input_xevent_t (x_event (receive)))
                (allow staff_wm_t user_input_xevent_t (x_synthetic_event (receive)))
                (allow staff_wm_t client_xevent_t (x_event (receive)))
                (allow staff_wm_t client_xevent_t (x_synthetic_event (receive)))
                (allow staff_wm_t xevent_t (x_event (receive)))
                (allow staff_wm_t xevent_t (x_synthetic_event (receive)))
                (dontaudit staff_wm_t input_xevent_type (x_event (send)))
                (allow staff_wm_t xserver_t (process (siginh)))
                (allow staff_wm_t xserver_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_wm_t xserver_t (process (transition)))
                (dontaudit staff_wm_t xserver_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_wm_t xserver_exec_t process xserver_t)
                (allow xserver_t staff_wm_t (fd (use)))
                (allow xserver_t staff_wm_t (fifo_file (ioctl read write getattr lock append)))
                (allow xserver_t staff_wm_t (process (sigchld)))
                (allow staff_wm_t xsession_exec_t (file (entrypoint)))
                (allow staff_wm_t xsession_exec_t (file (ioctl read getattr lock map execute open)))
                (dontaudit staff_wm_t xserver_log_t (file (ioctl write append)))
                (allow staff_wm_t tmp_t (dir (getattr open search)))
                (allow staff_wm_t xdm_tmp_t (dir (getattr open search)))
                (allow staff_wm_t xdm_tmp_t (sock_file (write getattr append open)))
                (allow staff_wm_t xdm_t (unix_stream_socket (connectto)))
                (allow staff_wm_t user_fonts_t (dir (ioctl read getattr lock open watch search)))
                (allow staff_wm_t user_fonts_t (file (ioctl read getattr lock map open)))
                (allow staff_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t user_fonts_cache_t (file (ioctl read getattr lock map open)))
                (allow staff_wm_t user_fonts_config_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t user_fonts_config_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t user_home_dir_t (dir (getattr open search)))
                (allow staff_wm_t home_root_t (dir (getattr open search)))
                (allow staff_wm_t home_root_t (lnk_file (read getattr)))
                (allow staff_wm_t xdg_cache_t (dir (getattr open search)))
                (allow staff_wm_t xdg_cache_t (dir (getattr open search)))
                (allow staff_wm_t user_home_dir_t (dir (getattr open search)))
                (allow staff_wm_t home_root_t (dir (getattr open search)))
                (allow staff_wm_t home_root_t (lnk_file (read getattr)))
                (allow staff_wm_t var_run_t (lnk_file (read getattr)))
                (allow staff_wm_t var_t (dir (getattr open search)))
                (allow staff_wm_t var_run_t (dir (getattr open search)))
                (allow staff_wm_t xdm_var_run_t (dir (getattr open search)))
                (allow staff_wm_t xdm_var_run_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t tmp_t (dir (getattr open search)))
                (allow staff_wm_t xdm_tmp_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t xdm_tmp_t (dir (ioctl write getattr lock open add_name search)))
                (allow staff_wm_t xdm_tmp_t (sock_file (create getattr open)))
                (allow staff_wm_t xdm_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t xdm_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t home_root_t (dir (getattr open search)))
                (allow staff_wm_t home_root_t (lnk_file (read getattr)))
                (allow staff_wm_t xsession_log_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t xserver_tmp_t (file (ioctl read write getattr lock append open)))
                (allow staff_wm_t iceauth_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t iceauth_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_wm_t xauth_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t xauth_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_wm_t user_fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_wm_t user_fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t user_fonts_t (dir (getattr open search)))
                (allow staff_wm_t user_fonts_t (dir (getattr relabelfrom relabelto)))
                (allow staff_wm_t user_fonts_t (dir (getattr open search)))
                (allow staff_wm_t user_fonts_t (file (getattr relabelfrom relabelto)))
                (allow staff_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_wm_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t user_fonts_cache_t (dir (getattr open search)))
                (allow staff_wm_t user_fonts_cache_t (dir (getattr relabelfrom relabelto)))
                (allow staff_wm_t user_fonts_cache_t (dir (getattr open search)))
                (allow staff_wm_t user_fonts_cache_t (file (getattr relabelfrom relabelto)))
                (allow staff_wm_t user_fonts_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_config_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_wm_t user_fonts_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t user_fonts_config_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t user_fonts_config_t (dir (getattr open search)))
                (allow staff_wm_t user_fonts_config_t (dir (getattr relabelfrom relabelto)))
                (allow staff_wm_t user_fonts_config_t (dir (getattr open search)))
                (allow staff_wm_t user_fonts_config_t (file (getattr relabelfrom relabelto)))
                (allow staff_wm_t mesa_shader_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t mesa_shader_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_wm_t mesa_shader_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t mesa_shader_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_wm_t mesa_shader_cache_t (file (map)))
                (allow staff_wm_t mesa_shader_cache_t (dir (getattr open search)))
                (allow staff_wm_t mesa_shader_cache_t (dir (getattr relabelfrom relabelto)))
                (allow staff_wm_t mesa_shader_cache_t (dir (getattr open search)))
                (allow staff_wm_t mesa_shader_cache_t (file (getattr relabelfrom relabelto)))
                (allow staff_wm_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_wm_t home_root_t (dir (getattr open search)))
                (allow staff_wm_t home_root_t (lnk_file (read getattr)))
                (allow staff_wm_t var_t (dir (getattr open search)))
                (allow staff_wm_t var_lib_t (dir (getattr open search)))
                (allow staff_wm_t xkb_var_lib_t (dir (ioctl read getattr lock open search)))
                (allow staff_wm_t xkb_var_lib_t (dir (getattr open search)))
                (allow staff_wm_t xkb_var_lib_t (file (ioctl read getattr lock open)))
                (allow staff_wm_t xkb_var_lib_t (dir (getattr open search)))
                (allow staff_wm_t xkb_var_lib_t (lnk_file (read getattr)))
                (allow staff_wm_t xkb_var_lib_t (file (map)))
                (allow staff_wm_t xdm_t (unix_stream_socket (accept)))
                (allow staff_wm_t xserver_t (x_device (getattr setattr use read write getfocus setfocus bell force_cursor freeze grab manage list_property get_property set_property add remove create destroy)))
                (allow staff_wm_t xserver_t (x_pointer (getattr setattr use read write getfocus setfocus bell force_cursor freeze grab manage list_property get_property set_property add remove create destroy)))
                (allow staff_wm_t xserver_t (x_keyboard (getattr setattr use read write getfocus setfocus bell force_cursor freeze grab manage list_property get_property set_property add remove create destroy)))
                (allow staff_application_exec_domain staff_wm_t (fifo_file (write)))
                (typetransition staff_wm_t user_home_dir_t file ".ICEauthority" iceauth_home_t)
                (typetransition staff_wm_t user_home_dir_t file ".xsession-errors" xsession_log_t)
                (booleanif (xserver_allow_dri)
                    (true
                        (allow staff_wm_t dri_device_t (chr_file (map)))
                        (allow staff_wm_t dri_device_t (chr_file (ioctl read write getattr lock append open)))
                        (allow staff_wm_t device_t (dir (getattr open search)))
                    )
                )
                (booleanif (or (allow_write_xshm) (xserver_client_writes_xserver_tmpfs))
                    (true
                        (allow staff_wm_t xserver_tmpfs_t (file (ioctl read write getattr lock append open)))
                        (allow staff_wm_t xserver_tmpfs_t (file (ioctl read write getattr lock append open)))
                    )
                )
                (booleanif (allow_write_xshm)
                    (true
                        (allow staff_wm_t xserver_t (shm (getattr read write associate unix_read unix_write lock)))
                        (allow staff_wm_t xserver_t (shm (getattr read write associate unix_read unix_write lock)))
                    )
                )
                (optional staff_optional_261
                    (typeattributeset cil_gen_require init_t)
                    (allow staff_wm_t init_t (process (sigchld)))
                    (allow staff_wm_t init_t (process (signull)))
                    (optional staff_optional_262
                        (typeattributeset cil_gen_require rpm_t)
                        (allow staff_wm_t rpm_t (fd (use)))
                        (allow staff_wm_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional staff_optional_263
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit staff_wm_t security_t (filesystem (getattr)))
                        (dontaudit staff_wm_t sysfs_t (filesystem (getattr)))
                        (dontaudit staff_wm_t sysfs_t (dir (getattr open search)))
                        (dontaudit staff_wm_t security_t (dir (getattr open search)))
                        (dontaudit staff_wm_t security_t (file (ioctl read getattr lock open)))
                        (optional staff_optional_264
                            (typeattributeset cil_gen_require selinux_config_t)
                            (dontaudit staff_wm_t selinux_config_t (dir (getattr open search)))
                            (dontaudit staff_wm_t selinux_config_t (file (ioctl read getattr lock open)))
                            (optional staff_optional_265
                                (typeattributeset cil_gen_require staff_systemd_t)
                                (allow staff_systemd_t iceauth_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t iceauth_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t iceauth_t (lnk_file (read getattr)))
                                (allow staff_systemd_t iceauth_t (process (getattr)))
                                (allow staff_systemd_t iceauth_t (process (sigchld sigkill sigstop signull signal)))
                                (allow iceauth_t staff_systemd_t (fd (use)))
                                (allow iceauth_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow iceauth_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow iceauth_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow iceauth_t staff_systemd_t (lnk_file (read getattr)))
                                (allow iceauth_t staff_systemd_t (process (getattr)))
                                (allow iceauth_t staff_systemd_t (process (sigchld)))
                                (allow staff_systemd_t xauth_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t xauth_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t xauth_t (lnk_file (read getattr)))
                                (allow staff_systemd_t xauth_t (process (getattr)))
                                (allow staff_systemd_t xauth_t (process (sigchld sigkill sigstop signull signal)))
                                (allow xauth_t staff_systemd_t (fd (use)))
                                (allow xauth_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow xauth_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow xauth_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow xauth_t staff_systemd_t (lnk_file (read getattr)))
                                (allow xauth_t staff_systemd_t (process (getattr)))
                                (allow xauth_t staff_systemd_t (process (sigchld)))
                                (allow staff_systemd_t xserver_t (dir (ioctl read getattr lock open search)))
                                (allow staff_systemd_t xserver_t (file (ioctl read getattr lock open)))
                                (allow staff_systemd_t xserver_t (lnk_file (read getattr)))
                                (allow staff_systemd_t xserver_t (process (getattr)))
                                (allow staff_systemd_t xserver_t (process (sigchld sigkill sigstop signull signal)))
                                (allow xserver_t staff_systemd_t (fd (use)))
                                (allow xserver_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                (allow xserver_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                (allow xserver_t staff_systemd_t (file (ioctl read getattr lock open)))
                                (allow xserver_t staff_systemd_t (lnk_file (read getattr)))
                                (allow xserver_t staff_systemd_t (process (getattr)))
                                (allow xserver_t staff_systemd_t (process (sigchld)))
                                (optional staff_optional_266
                                    (typeattributeset cil_gen_require staff_systemd_t)
                                    (allow staff_systemd_t xserver_t (dir (ioctl read getattr lock open search)))
                                    (allow staff_systemd_t xserver_t (file (ioctl read getattr lock open)))
                                    (allow staff_systemd_t xserver_t (lnk_file (read getattr)))
                                    (allow staff_systemd_t xserver_t (process (getattr)))
                                    (allow staff_systemd_t xserver_t (process (sigchld sigkill sigstop signull signal)))
                                    (allow xserver_t staff_systemd_t (fd (use)))
                                    (allow xserver_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                    (allow xserver_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                    (allow xserver_t staff_systemd_t (file (ioctl read getattr lock open)))
                                    (allow xserver_t staff_systemd_t (lnk_file (read getattr)))
                                    (allow xserver_t staff_systemd_t (process (getattr)))
                                    (allow xserver_t staff_systemd_t (process (sigchld)))
                                )
                            )
                            (optional staff_optional_267
                                (typeattributeset cil_gen_require user_home_dir_t)
                                (typeattributeset cil_gen_require home_root_t)
                                (typeattributeset cil_gen_require xdg_cache_t)
                                (allow staff_wm_t user_home_dir_t (dir (getattr open search)))
                                (allow staff_wm_t home_root_t (dir (getattr open search)))
                                (allow staff_wm_t home_root_t (lnk_file (read getattr)))
                                (allow staff_wm_t xdg_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                (allow staff_wm_t xdg_cache_t (dir (create getattr)))
                                (typetransition staff_wm_t xdg_cache_t dir "mesa_shader_cache" mesa_shader_cache_t)
                                (optional staff_optional_268
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require system_dbusd_t)
                                    (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                    (typeattributeset cil_gen_require staff_dbusd_t)
                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                    (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                    (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                    (typeattributeset cil_gen_require dbusd_etc_t)
                                    (typeattributeset cil_gen_require dbusd_session_bus_client)
                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                    (typeattributeset dbusd_system_bus_client (staff_wm_t ))
                                    (typeattributeset cil_gen_require dbusd_session_bus_client)
                                    (typeattributeset dbusd_session_bus_client (staff_wm_t ))
                                    (allow staff_wm_t staff_dbusd_t (dbus (acquire_svc)))
                                    (allow staff_wm_t staff_dbusd_t (dbus (send_msg)))
                                    (allow staff_wm_t self (dbus (send_msg)))
                                    (allow staff_dbusd_t staff_wm_t (dbus (send_msg)))
                                    (allow staff_wm_t staff_dbusd_t (unix_stream_socket (connectto)))
                                    (allow staff_wm_t staff_dbusd_t (fd (use)))
                                    (allow staff_wm_t system_dbusd_t (dbus (send_msg)))
                                    (allow staff_wm_t self (dbus (send_msg)))
                                    (allow system_dbusd_t staff_wm_t (dbus (send_msg)))
                                    (allow staff_wm_t var_t (dir (getattr open search)))
                                    (allow staff_wm_t var_lib_t (dir (getattr open search)))
                                    (allow staff_wm_t system_dbusd_var_lib_t (dir (getattr open search)))
                                    (allow staff_wm_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                    (allow staff_wm_t system_dbusd_var_lib_t (dir (getattr open search)))
                                    (allow staff_wm_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                    (allow staff_wm_t session_dbusd_tmp_t (dir (getattr open search)))
                                    (allow staff_wm_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                    (allow staff_wm_t var_run_t (lnk_file (read getattr)))
                                    (allow staff_wm_t var_t (dir (getattr open search)))
                                    (allow staff_wm_t var_run_t (dir (getattr open search)))
                                    (allow staff_wm_t system_dbusd_runtime_t (dir (getattr open search)))
                                    (allow staff_wm_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                    (allow staff_wm_t system_dbusd_t (unix_stream_socket (connectto)))
                                    (allow staff_wm_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                    (allow staff_wm_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                    (allow staff_wm_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                    (allow staff_wm_t system_dbusd_runtime_t (sock_file (read)))
                                    (allow staff_wm_t system_dbusd_var_lib_t (dir (getattr open search)))
                                    (allow staff_wm_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                    (optional staff_optional_269
                                        (typeattributeset cil_gen_require staff_wm_t)
                                        (allow staff_application_exec_domain staff_wm_t (dbus (send_msg)))
                                        (allow staff_wm_t staff_application_exec_domain (dbus (send_msg)))
                                    )
                                )
                                (optional staff_optional_270
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require tmp_t)
                                    (typeattributeset cil_gen_require user_runtime_t)
                                    (typeattributeset cil_gen_require user_runtime_root_t)
                                    (typeattributeset cil_gen_require gkeyringd_domain)
                                    (typeattributeset cil_gen_require gnome_keyring_tmp_t)
                                    (allow staff_wm_t tmp_t (dir (getattr open search)))
                                    (allow staff_wm_t user_runtime_t (dir (getattr open search)))
                                    (allow staff_wm_t user_runtime_root_t (dir (getattr open search)))
                                    (allow staff_wm_t var_run_t (lnk_file (read getattr)))
                                    (allow staff_wm_t var_t (dir (getattr open search)))
                                    (allow staff_wm_t var_run_t (dir (getattr open search)))
                                    (allow staff_wm_t gnome_keyring_tmp_t (dir (getattr open search)))
                                    (allow staff_wm_t gnome_keyring_tmp_t (sock_file (write getattr append open)))
                                    (allow staff_wm_t gkeyringd_domain (unix_stream_socket (connectto)))
                                )
                                (optional staff_optional_271
                                    (typeattributeset cil_gen_require NetworkManager_etc_t)
                                    (allow staff_wm_t NetworkManager_etc_t (dir (watch)))
                                )
                                (optional staff_optional_272
                                    (roleattributeset cil_gen_require policykit_auth_roles)
                                    (typeattributeset cil_gen_require bin_t)
                                    (typeattributeset cil_gen_require usr_t)
                                    (typeattributeset cil_gen_require policykit_auth_t)
                                    (typeattributeset cil_gen_require policykit_auth_exec_t)
                                    (roleattributeset cil_gen_require policykit_auth_roles)
                                    (roleattributeset policykit_auth_roles (staff_r ))
                                    (allow staff_wm_t bin_t (dir (getattr open search)))
                                    (allow staff_wm_t bin_t (lnk_file (read getattr)))
                                    (allow staff_wm_t usr_t (dir (getattr open search)))
                                    (allow staff_wm_t policykit_auth_exec_t (file (ioctl read getattr map execute open)))
                                    (allow staff_wm_t policykit_auth_t (process (transition)))
                                    (dontaudit staff_wm_t policykit_auth_t (process (noatsecure siginh rlimitinh)))
                                    (typetransition staff_wm_t policykit_auth_exec_t process policykit_auth_t)
                                    (allow policykit_auth_t staff_wm_t (fd (use)))
                                    (allow policykit_auth_t staff_wm_t (fifo_file (ioctl read write getattr lock append)))
                                    (allow policykit_auth_t staff_wm_t (process (sigchld)))
                                    (allow staff_wm_t policykit_auth_t (process (signal)))
                                )
                                (optional staff_optional_273
                                    (roleattributeset cil_gen_require pulseaudio_roles)
                                    (typeattributeset cil_gen_require bin_t)
                                    (typeattributeset cil_gen_require usr_t)
                                    (typeattributeset cil_gen_require pulseaudio_t)
                                    (typeattributeset cil_gen_require pulseaudio_client)
                                    (typeattributeset cil_gen_require pulseaudio_exec_t)
                                    (roleattributeset cil_gen_require pulseaudio_roles)
                                    (roleattributeset pulseaudio_roles (staff_r ))
                                    (typeattributeset cil_gen_require pulseaudio_client)
                                    (typeattributeset pulseaudio_client (staff_wm_t ))
                                    (allow staff_wm_t bin_t (dir (getattr open search)))
                                    (allow staff_wm_t bin_t (lnk_file (read getattr)))
                                    (allow staff_wm_t usr_t (dir (getattr open search)))
                                    (allow staff_wm_t pulseaudio_exec_t (file (ioctl read getattr map execute open)))
                                    (allow staff_wm_t pulseaudio_t (process (transition)))
                                    (dontaudit staff_wm_t pulseaudio_t (process (noatsecure siginh rlimitinh)))
                                    (typetransition staff_wm_t pulseaudio_exec_t process pulseaudio_t)
                                    (allow pulseaudio_t staff_wm_t (fd (use)))
                                    (allow pulseaudio_t staff_wm_t (fifo_file (ioctl read write getattr lock append)))
                                    (allow pulseaudio_t staff_wm_t (process (sigchld)))
                                )
                                (optional staff_optional_274
                                    (typeattributeset cil_gen_require staff_systemd_t)
                                    (allow staff_systemd_t staff_wm_t (dir (ioctl read getattr lock open search)))
                                    (allow staff_systemd_t staff_wm_t (file (ioctl read getattr lock open)))
                                    (allow staff_systemd_t staff_wm_t (lnk_file (read getattr)))
                                    (allow staff_systemd_t staff_wm_t (process (getattr)))
                                    (allow staff_systemd_t staff_wm_t (process (sigchld sigkill sigstop signull signal)))
                                    (allow staff_wm_t staff_systemd_t (fd (use)))
                                    (allow staff_wm_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                    (allow staff_wm_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                                    (allow staff_wm_t staff_systemd_t (file (ioctl read getattr lock open)))
                                    (allow staff_wm_t staff_systemd_t (lnk_file (read getattr)))
                                    (allow staff_wm_t staff_systemd_t (process (getattr)))
                                    (allow staff_wm_t staff_systemd_t (process (sigchld)))
                                )
                                (optional staff_optional_275
                                    (roleattributeset cil_gen_require xscreensaver_roles)
                                    (typeattributeset cil_gen_require bin_t)
                                    (typeattributeset cil_gen_require usr_t)
                                    (typeattributeset cil_gen_require xscreensaver_t)
                                    (typeattributeset cil_gen_require xscreensaver_exec_t)
                                    (roleattributeset cil_gen_require xscreensaver_roles)
                                    (roleattributeset xscreensaver_roles (staff_r ))
                                    (allow staff_wm_t bin_t (dir (getattr open search)))
                                    (allow staff_wm_t bin_t (lnk_file (read getattr)))
                                    (allow staff_wm_t usr_t (dir (getattr open search)))
                                    (allow staff_wm_t xscreensaver_exec_t (file (ioctl read getattr map execute open)))
                                    (allow staff_wm_t xscreensaver_t (process (transition)))
                                    (dontaudit staff_wm_t xscreensaver_t (process (noatsecure siginh rlimitinh)))
                                    (typetransition staff_wm_t xscreensaver_exec_t process xscreensaver_t)
                                    (allow xscreensaver_t staff_wm_t (fd (use)))
                                    (allow xscreensaver_t staff_wm_t (fifo_file (ioctl read write getattr lock append)))
                                    (allow xscreensaver_t staff_wm_t (process (sigchld)))
                                )
                            )
                        )
                    )
                )
            )
            (optional staff_optional_276
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require android_tools_t)
                (typeattributeset cil_gen_require android_tools_exec_t)
                (typeattributeset cil_gen_require android_home_t)
                (typeattributeset cil_gen_require android_tmp_t)
                (typeattributeset cil_gen_require android_java_t)
                (typeattributeset cil_gen_require android_java_exec_t)
                (typeattributeset cil_gen_require android_sdk_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r android_tools_t)
                (roletype staff_r android_java_t)
                (allow staff_t android_tools_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t android_tools_t (process (transition)))
                (dontaudit staff_t android_tools_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t android_tools_exec_t process android_tools_t)
                (allow android_tools_t staff_t (fd (use)))
                (allow android_tools_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow android_tools_t staff_t (process (sigchld)))
                (allow staff_t android_java_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t android_java_t (process (transition)))
                (dontaudit staff_t android_java_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t android_java_exec_t process android_java_t)
                (allow android_java_t staff_t (fd (use)))
                (allow android_java_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow android_java_t staff_t (process (sigchld)))
                (allow staff_t android_tools_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t android_java_t (process (sigchld sigkill sigstop signull signal ptrace noatsecure siginh rlimitinh)))
                (allow staff_t android_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t android_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t android_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t android_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t android_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t android_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t android_sdk_t (dir (getattr open search)))
                (allow staff_t android_sdk_t (dir (ioctl read getattr lock open search)))
                (allow staff_t android_sdk_t (dir (getattr open search)))
                (allow staff_t android_sdk_t (file (ioctl read getattr lock open)))
                (allow staff_t android_sdk_t (dir (getattr open search)))
                (allow staff_t android_sdk_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t android_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t android_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t android_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t android_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t android_home_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t android_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t android_tools_exec_t (file (getattr relabelfrom relabelto)))
                (allow staff_t android_tools_t (dir (ioctl read getattr lock open search)))
                (allow staff_t android_tools_t (file (ioctl read getattr lock open)))
                (allow staff_t android_tools_t (lnk_file (read getattr)))
                (allow staff_t android_tools_t (process (getattr)))
                (allow staff_t android_java_t (dir (ioctl read getattr lock open search)))
                (allow staff_t android_java_t (file (ioctl read getattr lock open)))
                (allow staff_t android_java_t (lnk_file (read getattr)))
                (allow staff_t android_java_t (process (getattr)))
                (allow staff_t android_java_t (dbus (send_msg)))
                (allow android_java_t staff_t (dbus (send_msg)))
                (typetransition staff_t user_home_dir_t dir ".AndroidStudio" android_home_t)
                (typetransition staff_t user_home_dir_t dir ".AndroidStudioBeta" android_home_t)
                (typetransition staff_t user_home_dir_t dir ".android" android_home_t)
            )
            (optional staff_optional_277
                (typeattributeset cil_gen_require shell_exec_t)
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t bin_t ))
                (typeattributeset cil_gen_require at_exec_t)
                (typeattributeset cil_gen_require at_t)
                (typeattributeset cil_gen_require atd_t)
                (typeattributeset cil_gen_require at_job_log_t)
                (typeattributeset cil_gen_require at_job_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r at_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (shell_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (shell_exec_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (shell_exec_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (shell_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (shell_exec_t ))
                (allow staff_t at_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t at_t (process (transition)))
                (dontaudit staff_t at_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t at_exec_t process at_t)
                (allow at_t staff_t (fd (use)))
                (allow at_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow at_t staff_t (process (sigchld)))
                (allow staff_t at_t (process (sigchld sigkill sigstop signull signal)))
                (allow staff_t at_t (dir (ioctl read getattr lock open search)))
                (allow staff_t at_t (file (ioctl read getattr lock open)))
                (allow staff_t at_t (lnk_file (read getattr)))
                (allow staff_t at_t (process (getattr)))
                (allow atd_t staff_t (process (transition)))
                (allow atd_t staff_t (fd (use)))
                (allow atd_t staff_t (key (view read write search link setattr create)))
                (dontaudit atd_t staff_t (process (noatsecure siginh rlimitinh)))
                (allow staff_t atd_t (process (sigchld)))
                (allow staff_t atd_t (fd (use)))
                (allow staff_t at_job_t (file (ioctl read getattr lock)))
                (allow staff_t at_job_log_t (file (ioctl read write getattr lock append)))
                (allow staff_t shell_exec_t (file (entrypoint)))
                (allow staff_t shell_exec_t (file (ioctl read getattr lock map execute open)))
            )
            (optional staff_optional_278
                (typeattributeset cil_gen_require devicekit_disk_t)
                (typeattributeset cil_gen_require devicekit_power_t)
                (allow staff_t devicekit_disk_t (dbus (send_msg)))
                (allow devicekit_disk_t staff_t (dbus (send_msg)))
                (allow staff_t devicekit_power_t (dbus (send_msg)))
                (allow devicekit_power_t staff_t (dbus (send_msg)))
            )
            (optional staff_optional_279
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require dropbox_t)
                (typeattributeset cil_gen_require dropbox_content_t)
                (typeattributeset cil_gen_require dropbox_exec_t)
                (typeattributeset cil_gen_require dropbox_home_t)
                (typeattributeset cil_gen_require dropbox_tmp_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r dropbox_t)
                (allow staff_t dropbox_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t dropbox_t (process (transition)))
                (dontaudit staff_t dropbox_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t dropbox_exec_t process dropbox_t)
                (allow dropbox_t staff_t (fd (use)))
                (allow dropbox_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow dropbox_t staff_t (process (sigchld)))
                (allow staff_t dropbox_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_home_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_exec_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_exec_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (allow staff_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t dropbox_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t dropbox_content_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t dropbox_content_t (file (getattr relabelfrom relabelto)))
                (allow staff_t dropbox_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_content_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t dropbox_content_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t dropbox_content_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t dropbox_t (dbus (send_msg)))
                (allow dropbox_t staff_t (dbus (send_msg)))
                (allow staff_t dropbox_t (dir (ioctl read getattr lock open search)))
                (allow staff_t dropbox_t (file (ioctl read getattr lock open)))
                (allow staff_t dropbox_t (lnk_file (read getattr)))
                (allow staff_t dropbox_t (process (getattr)))
                (typetransition staff_t dropbox_home_t file "dropboxd" dropbox_exec_t)
                (typetransition staff_t dropbox_home_t file "dropbox" dropbox_exec_t)
                (typetransition staff_t user_home_dir_t dir ".dropbox-dist" dropbox_home_t)
            )
            (optional staff_optional_280
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require googletalk_plugin_t)
                (typeattributeset cil_gen_require googletalk_plugin_exec_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r googletalk_plugin_t)
                (allow staff_t bin_t (dir (getattr open search)))
                (allow staff_t bin_t (lnk_file (read getattr)))
                (allow staff_t usr_t (dir (getattr open search)))
                (allow staff_t googletalk_plugin_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t googletalk_plugin_t (process (transition)))
                (dontaudit staff_t googletalk_plugin_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t googletalk_plugin_exec_t process googletalk_plugin_t)
                (allow googletalk_plugin_t staff_t (fd (use)))
                (allow googletalk_plugin_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow googletalk_plugin_t staff_t (process (sigchld)))
            )
            (optional staff_optional_281
                (typeattributeset cil_gen_require gorg_t)
                (typeattributeset cil_gen_require gorg_exec_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r gorg_t)
                (allow staff_t gorg_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t gorg_t (process (transition)))
                (dontaudit staff_t gorg_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t gorg_exec_t process gorg_t)
                (allow staff_t gorg_t (process (noatsecure siginh rlimitinh)))
                (allow gorg_t staff_t (fd (use)))
                (allow gorg_t staff_t (process (sigchld signull)))
                (allow staff_t gorg_t (dir (ioctl read getattr lock open search)))
                (allow staff_t gorg_t (file (ioctl read getattr lock open)))
                (allow staff_t gorg_t (lnk_file (read getattr)))
                (allow staff_t gorg_t (process (getattr)))
                (allow staff_t gorg_t (process (sigchld sigkill sigstop signull signal)))
                (allow gorg_t staff_t (fifo_file (write)))
            )
            (optional staff_optional_282
                (roleattributeset cil_gen_require hadoop_roles)
                (roleattributeset cil_gen_require zookeeper_roles)
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require hadoop_t)
                (typeattributeset cil_gen_require zookeeper_t)
                (typeattributeset cil_gen_require hadoop_home_t)
                (typeattributeset cil_gen_require hadoop_tmp_t)
                (typeattributeset cil_gen_require hadoop_hsperfdata_t)
                (typeattributeset cil_gen_require zookeeper_tmp_t)
                (typeattributeset cil_gen_require hadoop_exec_t)
                (typeattributeset cil_gen_require zookeeper_exec_t)
                (roleattributeset cil_gen_require hadoop_roles)
                (roleattributeset hadoop_roles (staff_r ))
                (roleattributeset cil_gen_require zookeeper_roles)
                (roleattributeset zookeeper_roles (staff_r ))
                (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                (allow staff_application_exec_domain hadoop_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain hadoop_t (process (transition)))
                (dontaudit staff_application_exec_domain hadoop_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain hadoop_exec_t process hadoop_t)
                (allow hadoop_t staff_application_exec_domain (fd (use)))
                (allow hadoop_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow hadoop_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain bin_t (dir (getattr open search)))
                (allow staff_application_exec_domain bin_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain usr_t (dir (getattr open search)))
                (allow staff_application_exec_domain zookeeper_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain zookeeper_t (process (transition)))
                (dontaudit staff_application_exec_domain zookeeper_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain zookeeper_exec_t process zookeeper_t)
                (allow zookeeper_t staff_application_exec_domain (fd (use)))
                (allow zookeeper_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow zookeeper_t staff_application_exec_domain (process (sigchld)))
                (allow staff_application_exec_domain hadoop_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain zookeeper_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain hadoop_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain zookeeper_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain hadoop_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain zookeeper_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain hadoop_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain zookeeper_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain hadoop_t (process (getattr)))
                (allow staff_application_exec_domain zookeeper_t (process (getattr)))
                (allow staff_t hadoop_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t hadoop_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t hadoop_hsperfdata_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t hadoop_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t hadoop_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t zookeeper_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t hadoop_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (optional staff_optional_283
                    (typeattributeset cil_gen_require staff_systemd_t)
                    (allow staff_systemd_t hadoop_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t hadoop_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t hadoop_t (lnk_file (read getattr)))
                    (allow staff_systemd_t hadoop_t (process (getattr)))
                    (allow staff_systemd_t hadoop_t (process (sigchld sigkill sigstop signull signal)))
                    (allow hadoop_t staff_systemd_t (fd (use)))
                    (allow hadoop_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow hadoop_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow hadoop_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow hadoop_t staff_systemd_t (lnk_file (read getattr)))
                    (allow hadoop_t staff_systemd_t (process (getattr)))
                    (allow hadoop_t staff_systemd_t (process (sigchld)))
                    (allow staff_systemd_t zookeeper_t (dir (ioctl read getattr lock open search)))
                    (allow staff_systemd_t zookeeper_t (file (ioctl read getattr lock open)))
                    (allow staff_systemd_t zookeeper_t (lnk_file (read getattr)))
                    (allow staff_systemd_t zookeeper_t (process (getattr)))
                    (allow staff_systemd_t zookeeper_t (process (sigchld sigkill sigstop signull signal)))
                    (allow zookeeper_t staff_systemd_t (fd (use)))
                    (allow zookeeper_t staff_systemd_t (unix_stream_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow zookeeper_t staff_systemd_t (dir (ioctl read getattr lock open search)))
                    (allow zookeeper_t staff_systemd_t (file (ioctl read getattr lock open)))
                    (allow zookeeper_t staff_systemd_t (lnk_file (read getattr)))
                    (allow zookeeper_t staff_systemd_t (process (getattr)))
                    (allow zookeeper_t staff_systemd_t (process (sigchld)))
                )
            )
            (optional staff_optional_284
                (typeattributeset cil_gen_require bin_t)
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require kdeconnect_t)
                (typeattributeset cil_gen_require kdeconnect_exec_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r kdeconnect_t)
                (allow staff_t bin_t (dir (getattr open search)))
                (allow staff_t bin_t (lnk_file (read getattr)))
                (allow staff_t usr_t (dir (getattr open search)))
                (allow staff_t kdeconnect_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t kdeconnect_t (process (transition)))
                (dontaudit staff_t kdeconnect_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t kdeconnect_exec_t process kdeconnect_t)
                (allow kdeconnect_t staff_t (fd (use)))
                (allow kdeconnect_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow kdeconnect_t staff_t (process (sigchld)))
                (allow staff_t kdeconnect_t (unix_stream_socket (connectto)))
                (allow kdeconnect_t staff_t (unix_stream_socket (read write connectto)))
                (allow staff_t kdeconnect_t (dir (ioctl read getattr lock open search)))
                (allow staff_t kdeconnect_t (file (ioctl read getattr lock open)))
                (allow staff_t kdeconnect_t (lnk_file (read getattr)))
                (allow staff_t kdeconnect_t (process (getattr)))
                (allow staff_t kdeconnect_t (process (sigkill signull signal)))
                (allow staff_t kdeconnect_t (dbus (send_msg)))
                (allow kdeconnect_t staff_t (dbus (send_msg)))
            )
            (optional staff_optional_285
                (typeattributeset cil_gen_require links_t)
                (typeattributeset cil_gen_require links_exec_t)
                (typeattributeset cil_gen_require links_home_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r links_t)
                (allow staff_t links_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t links_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t links_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t links_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t links_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t links_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t links_home_t (dir (getattr open search)))
                (allow staff_t links_home_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t links_home_t (dir (getattr open search)))
                (allow staff_t links_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t links_home_t (dir (getattr open search)))
                (allow staff_t links_home_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t links_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t links_t (process (transition)))
                (dontaudit staff_t links_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t links_exec_t process links_t)
                (allow links_t staff_t (fd (use)))
                (allow links_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow links_t staff_t (process (sigchld)))
                (allow staff_t links_t (dir (ioctl read getattr lock open search)))
                (allow staff_t links_t (file (ioctl read getattr lock open)))
                (allow staff_t links_t (lnk_file (read getattr)))
                (allow staff_t links_t (process (getattr)))
            )
            (optional staff_optional_286
                (typeattributeset cil_gen_require mutt_t)
                (typeattributeset cil_gen_require mutt_exec_t)
                (typeattributeset cil_gen_require mutt_home_t)
                (typeattributeset cil_gen_require mutt_conf_t)
                (typeattributeset cil_gen_require mutt_tmp_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r mutt_t)
                (allow staff_t mutt_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t mutt_t (process (transition)))
                (dontaudit staff_t mutt_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t mutt_exec_t process mutt_t)
                (allow mutt_t staff_t (fd (use)))
                (allow mutt_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow mutt_t staff_t (process (sigchld)))
                (allow staff_t mutt_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_t mutt_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t mutt_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mutt_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t mutt_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t mutt_conf_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t mutt_conf_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t mutt_conf_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t mutt_conf_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t mutt_home_t (dir (getattr open search)))
                (allow staff_t mutt_home_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t mutt_home_t (dir (getattr open search)))
                (allow staff_t mutt_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t mutt_conf_t (dir (getattr open search)))
                (allow staff_t mutt_conf_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t mutt_conf_t (dir (getattr open search)))
                (allow staff_t mutt_conf_t (file (getattr relabelfrom relabelto)))
                (allow staff_t mutt_tmp_t (dir (getattr open search)))
                (allow staff_t mutt_tmp_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t mutt_tmp_t (dir (getattr open search)))
                (allow staff_t mutt_tmp_t (file (getattr relabelfrom relabelto)))
                (allow staff_t mutt_t (dir (ioctl read getattr lock open search)))
                (allow staff_t mutt_t (file (ioctl read getattr lock open)))
                (allow staff_t mutt_t (lnk_file (read getattr)))
                (allow staff_t mutt_t (process (getattr)))
            )
            (optional staff_optional_287
                (typeattributeset cil_gen_require pan_t)
                (typeattributeset cil_gen_require pan_exec_t)
                (typeattributeset cil_gen_require pan_home_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r pan_t)
                (allow staff_t pan_t (process (sigchld sigkill sigstop signull signal)))
                (allow staff_t pan_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t pan_t (process (transition)))
                (dontaudit staff_t pan_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t pan_exec_t process pan_t)
                (allow pan_t staff_t (fd (use)))
                (allow pan_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow pan_t staff_t (process (sigchld)))
                (allow staff_t pan_t (dir (ioctl read getattr lock open search)))
                (allow staff_t pan_t (file (ioctl read getattr lock open)))
                (allow staff_t pan_t (lnk_file (read getattr)))
                (allow staff_t pan_t (process (getattr)))
                (allow staff_t pan_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t pan_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t pan_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t pan_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t pan_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t pan_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t pan_home_t (dir (getattr open search)))
                (allow staff_t pan_home_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t pan_home_t (dir (getattr open search)))
                (allow staff_t pan_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t pan_home_t (dir (getattr open search)))
                (allow staff_t pan_home_t (lnk_file (getattr relabelfrom relabelto)))
            )
            (optional staff_optional_288
                (typeattributeset cil_gen_require rtorrent_t)
                (typeattributeset cil_gen_require rtorrent_exec_t)
                (typeattributeset cil_gen_require rtorrent_home_t)
                (typeattributeset cil_gen_require rtorrent_session_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r rtorrent_t)
                (allow staff_t rtorrent_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t rtorrent_t (process (transition)))
                (dontaudit staff_t rtorrent_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t rtorrent_exec_t process rtorrent_t)
                (allow rtorrent_t staff_t (fd (use)))
                (allow rtorrent_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow rtorrent_t staff_t (process (sigchld)))
                (allow staff_t rtorrent_t (process (sigchld sigkill sigstop signull signal)))
                (allow staff_t rtorrent_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t rtorrent_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t rtorrent_session_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t rtorrent_session_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t rtorrent_session_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t rtorrent_session_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t rtorrent_t (dir (ioctl read getattr lock open search)))
                (allow staff_t rtorrent_t (file (ioctl read getattr lock open)))
                (allow staff_t rtorrent_t (lnk_file (read getattr)))
                (allow staff_t rtorrent_t (process (getattr)))
            )
            (optional staff_optional_289
                (typeattributeset cil_gen_require skype_t)
                (typeattributeset cil_gen_require skype_exec_t)
                (typeattributeset cil_gen_require skype_home_t)
                (roleattributeset cil_gen_require staff_r)
                (roletype staff_r skype_t)
                (allow staff_t skype_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_t skype_t (process (transition)))
                (dontaudit staff_t skype_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_t skype_exec_t process skype_t)
                (allow skype_t staff_t (fd (use)))
                (allow skype_t staff_t (fifo_file (ioctl read write getattr lock append)))
                (allow skype_t staff_t (process (sigchld)))
                (allow staff_t skype_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (dontaudit skype_t staff_t (unix_stream_socket (connectto)))
                (allow staff_t skype_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t skype_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t skype_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t skype_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                (allow staff_t skype_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t skype_home_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                (allow staff_t skype_home_t (dir (getattr open search)))
                (allow staff_t skype_home_t (dir (getattr relabelfrom relabelto)))
                (allow staff_t skype_home_t (dir (getattr open search)))
                (allow staff_t skype_home_t (file (getattr relabelfrom relabelto)))
                (allow staff_t skype_home_t (dir (getattr open search)))
                (allow staff_t skype_home_t (lnk_file (getattr relabelfrom relabelto)))
                (allow staff_t skype_t (dir (ioctl read getattr lock open search)))
                (allow staff_t skype_t (file (ioctl read getattr lock open)))
                (allow staff_t skype_t (lnk_file (read getattr)))
                (allow staff_t skype_t (process (getattr)))
            )
            (optional staff_optional_290
                (roleattributeset cil_gen_require wine_roles)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require wine_exec_t)
                (typeattributeset cil_gen_require wine_t)
                (typeattributeset cil_gen_require wine_tmp_t)
                (typeattributeset cil_gen_require wine_home_t)
                (roleattributeset cil_gen_require wine_roles)
                (roleattributeset wine_roles (staff_r ))
                (allow staff_application_exec_domain wine_exec_t (file (ioctl read getattr map execute open)))
                (allow staff_application_exec_domain wine_t (process (transition)))
                (dontaudit staff_application_exec_domain wine_t (process (noatsecure siginh rlimitinh)))
                (typetransition staff_application_exec_domain wine_exec_t process wine_t)
                (allow wine_t staff_application_exec_domain (fd (use)))
                (allow wine_t staff_application_exec_domain (fifo_file (ioctl read write getattr lock append)))
                (allow wine_t staff_application_exec_domain (process (sigchld)))
                (allow wine_t staff_application_exec_domain (unix_stream_socket (connectto)))
                (allow wine_t staff_application_exec_domain (process (signull)))
                (allow staff_application_exec_domain wine_t (dir (ioctl read getattr lock open search)))
                (allow staff_application_exec_domain wine_t (file (ioctl read getattr lock open)))
                (allow staff_application_exec_domain wine_t (lnk_file (read getattr)))
                (allow staff_application_exec_domain wine_t (process (getattr)))
                (allow staff_application_exec_domain wine_t (process (sigchld sigkill sigstop signull signal ptrace)))
                (allow staff_application_exec_domain wine_t (fd (use)))
                (allow staff_application_exec_domain wine_t (shm (getattr associate)))
                (allow staff_application_exec_domain wine_t (shm (getattr read write associate unix_read unix_write lock)))
                (allow staff_application_exec_domain wine_t (unix_stream_socket (connectto)))
                (allow staff_t wine_tmp_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t wine_home_t (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink link rename open add_name remove_name reparent search rmdir)))
                (allow staff_t wine_tmp_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t wine_home_t (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open)))
                (allow staff_t wine_home_t (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename)))
                (allow staff_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                (allow staff_t home_root_t (dir (getattr open search)))
                (allow staff_t home_root_t (lnk_file (read getattr)))
                (typetransition staff_t user_home_dir_t dir ".wine" wine_home_t)
            )
        )
    )
)
