Thanks for the nice explanation Lukas!! Following your example, with the following allow
rules, If a daemon D1 gets compromised, since it can transition to U1 domain, it would be
able to modify the config files of daemon D2, is this correct?
D1.te
allow U1 C1:file {read append write};
D2.te
allow U1 C2:file {read append write};