libsepol/tests/policies/test-deps/module.conf - platform/external/selinux - Git at Google

 module my_module 1.0;

 require {
 	bool secure_mode;
 	type system_t, sysadm_t, file_t;
 	attribute domain;
 	role system_r;
 	class file {read write};

 }

 type new_t, domain;
 role system_r types new_t;

 allow system_t file_t : file { read write };

 if (secure_mode)
 {
 	allow sysadm_t file_t : file { read write };
 }
	module my_module 1.0;

	require {
	bool secure_mode;
	type system_t, sysadm_t, file_t;
	attribute domain;
	role system_r;
	class file {read write};

	}

	type new_t, domain;
	role system_r types new_t;

	allow system_t file_t : file { read write };

	if (secure_mode)
	{
	allow sysadm_t file_t : file { read write };
	}