zone thisZone;

policy myPolicy {
	default {
		deny *;  /* rule 1 */
	}


	object fridge {
	       actions {
		       action b = "";
		    }
	}

	object O {
	       number q = 3;
	       actions {
	       	       action a = "get";
	       	       action c = "zba";
	       }
	}


	group friends {
	      deny *; /* rule 2 */
	}

	group enemies { }

	principal john {
		  member = friends, enemies;
	}


	principal P1 {
		allow a on O when (O.q < 4) { /* rule 4 */
				if (system.time > "10:00 am" ) {
					deny * /* rule 4.3 */
					on fridge by john;
				} else {
					allow * on O by enemies;
				}
		}
	}




}
