As explained in Chapter 6, an SELinux policy consists of 11 elements, several of which are optional:
Defines access vectors associated with each security object class.
Defines type-enforcement and role-based access control configuration.
Defines constraints that the security policy must observe (optional).
Defines the security contexts of important security objects.
Defines security contexts for filesystems lacking persistent labels (optional).
The te_rbac
element specifies both the role-based
access control policies and the type-enforcement policies. Within the
element, role-based access control and type-enforcement declarations
can be freely intermingled. The following section explains the
SELinux type-enforcement declarations.