module asteriskpolicy 1.0;

require {
	type var_run_t;
	type var_spool_t;
	type asterisk_t;
	class sock_file { write create unlink };
	class capability sys_module;
	class dir { write read create add_name };
}

#============= asterisk_t ==============
#!!!! This avc is allowed in the current policy

allow asterisk_t self:capability sys_module;
#!!!! This avc is allowed in the current policy

allow asterisk_t var_run_t:sock_file { write create unlink };
#!!!! This avc is allowed in the current policy

allow asterisk_t var_spool_t:dir { write read create add_name };