module socks-proxy 1.0;

require {
  role system_r;
  type init_t;
  type ssh_t;
  type ssh_exec_t;
  type socks_port_t;
  class file { execute open read };
  class process transition;
  class tcp_socket name_bind;
}

role system_r types ssh_t;
allow init_t ssh_t:process transition;
allow init_t ssh_exec_t:file { execute open read };
allow ssh_t socks_port_t:tcp_socket name_bind;