Yes, you are correct. Like I said above, the best way is to generate a local exclusion policy to lock it to only allow access to what you explicitly need.
I was mainly interested in finding out what caused this behaviour. I don't run SELinux, and after reading the doco, doubt I ever will until they make it easier to configure. Yes, it is very secure, but is the added complexity required for most installs? Really depends upon your application, but for my laptop running a development web server...naw.