I was writing policy today, and I couldn't help notice a lot of repetitiveness in our policy:
libs_use_ld_so(...) libs_use_shared_libs(...)
These are needed by, well, everything. Can't they be assumed-unless-denied?
Similarly, 99% of confined apps need:
miscfiles_read_localization() files_read_etc_files(.) pipes & stream sockets
Is there a way to streamline policy so there is a lot less repetition?
Bill