Type Enforcement and File Context Definitions

File contexts define the security contexts of resources belonging to a domain. A program running within a domain (sandbox) is restricted to use those resources and the resources are at the same time protected from the program (or other programs)

from ping.fc:
/bin/ping/* -- system_u:object_r:ping_exec_t 

this line allows only ping_exec_t domain programs access to the files in the ping directory.

from ping.te:
role sysadm_r types ping_t;
allow ping_t etc_t:file {getattr read}

This line allows programs in ping_t domain to access file objects in the etc_t domain through the methods getattr and read. (Examples taken from Bill Mccarty)