Ok here is how I have simulated what you are trying to do.
cp /bin/sh /var/www/httpdsh
chcon -t httpd_exec_t /var/www/httpdsh
Add the following lines to
allow httpd_t devpts_t:chr_file rw_file_perms;
httpdsh: /root/.bashrc: Permission denied
# cat /etc/shadow
cat: /etc/shadow: Permission denied
# cat /var/log/messages
cat: /var/log/messages: Permission denied
ok, finally I have obtained it works! thanks
But still I have a problem, when i do a non-allowed operation i can
not see the avc dennied message in the /var/log/messeges. i have
tried to solve it compiling with the option "make enableaudit" and
also doing the operation in permissive mode, but still doesnt work.