policy_module(nfscgi, 1.0.0)

require {
	type httpd_git_script_t;
	type git_script_t;
	type git_system_t;
	type httpd_git_content_t;
	type nfs_t;
	class dir { create write search add_name remove_name getattr open };
	class file { create write rename setattr read open };
}


allow git_system_t httpd_git_content_t:dir { getattr read open };
allow git_system_t httpd_git_content_t:file { read open getattr };



allow httpd_git_script_t nfs_t:dir { write };
allow git_system_t httpd_git_content_t:dir { search };
allow httpd_git_script_t nfs_t:dir { create write add_name remove_name };
allow httpd_git_script_t nfs_t:file { create write rename setattr };
allow git_script_t nfs_t:file { unlink link };