module test1 1.0;

require {
	type unconfined_t;
	type var_t;
	type iptables_t;
	type audisp_t;
	class process execheap;
	class sock_file { create setattr };
	class dir { add_name read write };
	class file { getattr open read };
}

#============= audisp_t ==============
allow audisp_t var_t:dir { add_name read write };

#!!!! WARNING: 'var_t' is a base type.
allow audisp_t var_t:file { getattr open };
allow audisp_t var_t:sock_file { create setattr };

#============= iptables_t ==============

#!!!! WARNING: 'var_t' is a base type.
allow iptables_t var_t:file { getattr open read };

#============= unconfined_t ==============

#!!!! This avc can be allowed using the boolean 'selinuxuser_execheap'
allow unconfined_t self:process execheap;