"Audit2allow" can add rule to allow some operation.

But let say we want to disallow some operation which is allowed by some policy module. let say open operation on some files.

Is there a easy way to achieve that ?

Or i do have to:

[1] get the policy source.

[2] edit it accordingly 

[3] build and reinstall the policy.

Thanks

Bhuvan