The preceding chapter explained role-based access control in SELinux. Role-based access control is a secondary access control model that supplements the primary SELinux access control model, type enforcement. This chapter explains the syntax and meaning of SELinux policy declarations related to type enforcement. The chapter concludes with an analysis of a small but typical domain policy: the Fedora Core 2 policy for the ping domain, which resides in the file ping.te .