Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame^] | 1 | module my_module 1.0; |
2 | |||||
3 | require { | ||||
4 | bool secure_mode; | ||||
5 | type system_t, sysadm_t, file_t; | ||||
6 | attribute domain; | ||||
7 | role system_r; | ||||
8 | class file {read write}; | ||||
9 | |||||
10 | } | ||||
11 | |||||
12 | type new_t, domain; | ||||
13 | role system_r types new_t; | ||||
14 | |||||
15 | allow system_t file_t : file { read write }; | ||||
16 | |||||
17 | if (secure_mode) | ||||
18 | { | ||||
19 | allow sysadm_t file_t : file { read write }; | ||||
20 | } |