-policy_module(tf2, 0.1.25)
+policy_module(tf2, 0.1.28)
require {
type default_t;
files_type(tf2_ro_t)
+init_domain(tf2_t, tf2_exec_t)
init_daemon_domain(tf2_t, tf2_exec_t)
allow tf2_t self:process { setsched signal signull };
dontaudit tf2_t default_t:dir read;
allow init_t tf2_t:process { noatsecure };
+allow tf2_t self:process execmem;