allow firstboot_t self:capability { dac_override setgid };
allow firstboot_t self:process setfscreate;
-allow firstboot_t self:file { read write };
-allow firstboot_t self:fifo_file { getattr read write };
+allow firstboot_t self:fifo_file rw_fifo_file_perms;
allow firstboot_t self:tcp_socket create_stream_socket_perms;
allow firstboot_t self:unix_stream_socket { connect create };
allow firstboot_t self:passwd rootok;
-allow firstboot_t firstboot_etc_t:file { getattr read };
+allow firstboot_t firstboot_etc_t:file read_file_perms;
kernel_read_system_state(firstboot_t)
kernel_read_kernel_sysctls(firstboot_t)