module my-sssd 1.0;

require {
	type admin_home_t;
	type sssd_t;
	class file { getattr map open read };
}

#============= sssd_t ==============
allow sssd_t admin_home_t:file { getattr map open read };