I would like to create a local customisation policy that will prevent the linux user(say user1) to write to files in directory /home/user1/Documents using gedit .
THe files in this directory have the type user_home_t.
gedit in /bin has type bin_t


I have tried the following policy(named test1.te):
"

module test 1.0;
require {
type user_home_t;
type bin_t;
class file {write read getattr execute};
}
neverallow bin_t user_home_t:file {write read getattr execute};
"
i then run the following commands as root in bash:

#checkmodule -M -m -o test1.mod test1.te
#semodule_package -o test1.pp -m test1.mod
# semodule -i test1.pp

But even then when i run gedit on any file i create in the Documents directory , i am able to read and modify its contents...