Why does sudo not have a secure_mode boolean like su has?
if(secure_mode) {
# Only allow transitions to unprivileged user domains.
userdom_spec_domtrans_unpriv_users($1_sudo_t)
} else {
# Allow transitions to all user domains
userdom_spec_domtrans_all_users($1_sudo_t)
}