module myClamAV 1.0;

require {
	type unconfined_t;
	type home_root_t;
	type sysctl_net_unix_t;
	type udev_exec_t;
	type init_t;
	type auditd_t;
	type boot_t;
	type mtrr_device_t;
	type syslogd_t;
	type user_home_t;
	type sysctl_vm_t;
	type kernel_t;
	type proc_kcore_t;
	type udev_t;
	type sysctl_irq_t;
	type cgroup_t;
	type sysctl_net_t;
	type fcoemon_t;
	type rpcbind_t;
	type proc_net_t;
	type modules_object_t;
	type proc_kmsg_t;
	type proc_mdstat_t;
	type sysctl_rpc_t;
	type sysfs_t;
	type usbfs_t;
	type user_home_dir_t;
	type getty_t;
	type sysctl_dev_t;
	type modules_dep_t;
	type bin_t;
	type binfmt_misc_fs_t;
	type sysctl_fs_t;
	type clamd_t;
	type system_map_t;
	type lost_found_t;
	type rpcd_t;
	type lldpad_t;
	type sshd_t;
	class capability net_admin;
	class file { getattr read open };
	class dir { search read getattr open };
}

#============= clamd_t ==============
allow clamd_t auditd_t:dir { read getattr open search };
allow clamd_t auditd_t:file getattr;
allow clamd_t bin_t:file { read getattr open };
allow clamd_t binfmt_misc_fs_t:dir { read getattr open search };
allow clamd_t binfmt_misc_fs_t:file getattr;
allow clamd_t boot_t:dir { read getattr open search };
allow clamd_t boot_t:file { read getattr open };
allow clamd_t cgroup_t:dir { read getattr open };
allow clamd_t fcoemon_t:dir { read getattr open search };
allow clamd_t fcoemon_t:file getattr;
allow clamd_t getty_t:dir { read getattr open search };
allow clamd_t getty_t:file getattr;
allow clamd_t home_root_t:dir { read search open getattr };
allow clamd_t init_t:dir { read getattr open search };
allow clamd_t init_t:file getattr;
allow clamd_t kernel_t:dir { read getattr open search };
allow clamd_t kernel_t:file getattr;
allow clamd_t lldpad_t:dir { read getattr open search };
allow clamd_t lldpad_t:file getattr;
allow clamd_t lost_found_t:dir { read getattr open };
allow clamd_t modules_dep_t:file { read getattr open };
allow clamd_t modules_object_t:dir { read getattr open search };
allow clamd_t modules_object_t:file { read getattr open };
allow clamd_t mtrr_device_t:file getattr;
allow clamd_t proc_kcore_t:file getattr;
allow clamd_t proc_kmsg_t:file getattr;
allow clamd_t proc_mdstat_t:file getattr;
allow clamd_t proc_net_t:dir { read getattr open search };
allow clamd_t proc_net_t:file getattr;
allow clamd_t rpcbind_t:dir { read getattr open search };
allow clamd_t rpcbind_t:file getattr;
allow clamd_t rpcd_t:dir { read getattr open search };
allow clamd_t rpcd_t:file getattr;
allow clamd_t self:capability net_admin;
allow clamd_t sshd_t:dir { read getattr open search };
allow clamd_t sshd_t:file getattr;
allow clamd_t sysctl_dev_t:dir search;
allow clamd_t sysctl_dev_t:file read;
allow clamd_t sysctl_fs_t:dir search;
allow clamd_t sysctl_fs_t:file read;
allow clamd_t sysctl_irq_t:dir { read getattr open search };
allow clamd_t sysctl_irq_t:file getattr;
allow clamd_t sysctl_net_t:dir search;
allow clamd_t sysctl_net_t:file read;
allow clamd_t sysctl_net_unix_t:dir search;
allow clamd_t sysctl_net_unix_t:file read;
allow clamd_t sysctl_rpc_t:dir { read getattr open search };
allow clamd_t sysctl_rpc_t:file getattr;
allow clamd_t sysctl_vm_t:dir search;
allow clamd_t sysctl_vm_t:file read;
allow clamd_t sysfs_t:dir { read getattr open search };
allow clamd_t sysfs_t:file { read getattr open };
allow clamd_t syslogd_t:dir { read getattr open search };
allow clamd_t syslogd_t:file getattr;
allow clamd_t system_map_t:file { read getattr open };
allow clamd_t udev_exec_t:file { read getattr open };
allow clamd_t udev_t:dir { read getattr open search };
allow clamd_t udev_t:file getattr;
allow clamd_t unconfined_t:dir { read getattr open search };
allow clamd_t unconfined_t:file getattr;
allow clamd_t usbfs_t:dir { read getattr open search };
allow clamd_t usbfs_t:file { read getattr open };
allow clamd_t user_home_dir_t:dir { read search open getattr };
allow clamd_t user_home_t:dir { read getattr open search };
allow clamd_t user_home_t:file { read open };