Hi Marko,
The default policy in Fedora and other RHEL based distros is "targeted". This name is used as the policy is targeted at specific subsystems, mostly network daemons, which it confines. Any other software that hasn't been targeted for confinement usually run under an unconfined domain label.
These domains are still subject to selinux policy checks so are technically not unconfined, but they generally have most privileges.
If you want to see what the result would be without these unconfined types you can disable and/or remove their modules with the semodule command. You probably what to do this in permissive mode as it will certainly not produce a running system in enforcing mode.
Good luck