module my-httpd 1.0;

require {
	type default_t;
	type unlabeled_t;
	type httpd_t;
	class file { getattr map open read };
	class dir read;
}

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t default_t:file { getattr open read };
allow httpd_t unlabeled_t:dir read;

#!!!! This avc is allowed in the current policy
allow httpd_t unlabeled_t:file { getattr map open read };