1 module my_module 1.0; 2 3 require { 4 bool secure_mode; 5 type system_t, sysadm_t, file_t; 6 attribute domain; 7 role system_r; 8 class file {read write}; 9 10 } 11 12 type new_t, domain; 13 role system_r types new_t; 14 15 allow system_t file_t : file { read write }; 16 17 if (secure_mode) 18 { 19 allow sysadm_t file_t : file { read write }; 20 } 21
