The SELinux source policy is a sophisticated software system. It includes dozens of object classes, scores of defined permissions, more than 1,000 type transitions, thousands of object instances, and tens of thousands of access-vector rules. You can think of the source policy as a computer program and the security engine as a CPU that executes the translated binary form of this program. So customizing the SELinux policy is akin to performing software maintenance on a program consisting of tens of thousands of noncomment source lines.