| Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame^] | 1 | module my_module 1.0; |
| 2 | |||||
| 3 | require { | ||||
| 4 | bool secure_mode; | ||||
| 5 | type system_t, sysadm_t, file_t; | ||||
| 6 | attribute domain; | ||||
| 7 | role system_r; | ||||
| 8 | class file {read write}; | ||||
| 9 | |||||
| 10 | } | ||||
| 11 | |||||
| 12 | type new_t, domain; | ||||
| 13 | role system_r types new_t; | ||||
| 14 | |||||
| 15 | allow system_t file_t : file { read write }; | ||||
| 16 | |||||
| 17 | if (secure_mode) | ||||
| 18 | { | ||||
| 19 | allow sysadm_t file_t : file { read write }; | ||||
| 20 | } | ||||