diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index dd7c79c..0b65622 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -1,5 +1,5 @@
-policy_module(rpm,1.0.1)
+policy_module(rpm,1.0.2)
########################################
#
@@ -146,6 +146,13 @@ domain_read_all_domains_state(rpm_t)
domain_getattr_all_domains(rpm_t)
domain_dontaudit_ptrace_all_domains(rpm_t)
domain_use_wide_inherit_fd(rpm_t)
+domain_dontaudit_getattr_all_pipes(rpm_t)
+domain_dontaudit_getattr_all_tcp_sockets(rpm_t)
+domain_dontaudit_getattr_all_udp_sockets(rpm_t)
+domain_dontaudit_getattr_all_packet_sockets(rpm_t)
+domain_dontaudit_getattr_all_raw_sockets(rpm_t)
+domain_dontaudit_getattr_all_stream_sockets(rpm_t)
+domain_dontaudit_getattr_all_dgram_sockets(rpm_t)
files_exec_etc_files(rpm_t)
@@ -167,6 +174,10 @@ sysnet_read_config(rpm_t)
userdom_use_unpriv_users_fd(rpm_t)
+ifdef(`distro_redhat',`
+ unconfined_domain_template(rpm_t)
+')
+
ifdef(`targeted_policy',`
unconfined_domain_template(rpm_t)
',`
@@ -318,6 +329,10 @@ seutil_domtrans_restorecon(rpm_script_t)
userdom_use_all_user_fd(rpm_script_t)
+ifdef(`distro_redhat',`
+ unconfined_domain_template(rpm_script_t)
+')
+
ifdef(`targeted_policy',`
unconfined_domain_template(rpm_script_t)
',`
diff --git a/refpolicy/policy/modules/services/rshd.te b/refpolicy/policy/modules/services/rshd.te
index e7f7d1b..2ebf6f0 100644
--- a/refpolicy/policy/modules/services/rshd.te
+++ b/refpolicy/policy/modules/services/rshd.te
@@ -23,11 +23,14 @@ allow rshd_t self:tcp_socket create_stream_socket_perms;
kernel_read_kernel_sysctl(rshd_t)
-corenet_raw_sendrecv_all_if(rshd_t)
-corenet_tcp_sendrecv_all_if(rshd_t)
-corenet_raw_sendrecv_all_nodes(rshd_t)
+corenet_tcp_sendrecv_generic_if(rshd_t)
+corenet_udp_sendrecv_generic_if(rshd_t)
+corenet_raw_sendrecv_generic_if(rshd_t)
corenet_tcp_sendrecv_all_nodes(rshd_t)
+corenet_udp_sendrecv_all_nodes(rshd_t)
+corenet_raw_sendrecv_all_nodes(rshd_t)
corenet_tcp_sendrecv_all_ports(rshd_t)
+corenet_udp_sendrecv_all_ports(rshd_t)
corenet_tcp_bind_all_nodes(rshd_t)
corenet_tcp_bind_rsh_port(rshd_t)
@@ -52,7 +55,7 @@ files_search_tmp(rshd_t)
libs_use_ld_so(rshd_t)
libs_use_shared_libs(rshd_t)
-logging_send_syslog_msg(inetd_t)
+logging_send_syslog_msg(rshd_t)
miscfiles_read_localization(rshd_t)
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index 2440743..e0b316c 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -832,11 +832,45 @@ interface(`domain_dontaudit_rw_all_udp_sockets',`
interface(`domain_dontaudit_getattr_all_key_sockets',`
gen_require(`
attribute domain;
- class key_socket { read write };
')
dontaudit $1 domain:key_socket getattr;
')
+
+########################################
+##
+## Do not audit attempts to get attribues of
+## all domains packet sockets.
+##
+##
+## The type of the process performing this action.
+##
+#
+interface(`domain_dontaudit_getattr_all_packet_sockets',`
+ gen_require(`
+ attribute domain;
+ ')
+
+ dontaudit $1 domain:packet_socket getattr;
+')
+
+########################################
+##
+## Do not audit attempts to get attribues of
+## all domains raw sockets.
+##
+##
+## The type of the process performing this action.
+##
+#
+interface(`domain_dontaudit_getattr_all_raw_sockets',`
+ gen_require(`
+ attribute domain;
+ ')
+
+ dontaudit $1 domain:rawip_socket getattr;
+')
+
########################################
##
## Do not audit attempts to read or write
@@ -864,10 +898,9 @@ interface(`domain_dontaudit_rw_all_key_sockets',`
## The type of the process performing this action.
##
#
-interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
+interface(`domain_dontaudit_getattr_all_dgram_sockets',`
gen_require(`
attribute domain;
- class unix_dgram_socket getattr;
')
dontaudit $1 domain:unix_dgram_socket getattr;
@@ -876,13 +909,30 @@ interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
########################################
##
## Do not audit attempts to get the attributes
+## of all domains unix datagram sockets.
+##
+##
+## The type of the process performing this action.
+##
+#
+interface(`domain_dontaudit_getattr_all_stream_sockets',`
+ gen_require(`
+ attribute domain;
+ ')
+
+ dontaudit $1 domain:unix_stream_socket getattr;
+')
+
+########################################
+##
+## Do not audit attempts to get the attributes
## of all domains unnamed pipes.
##
##
## The type of the process performing this action.
##
#
-interface(`domain_dontaudit_getattr_all_unnamed_pipes',`
+interface(`domain_dontaudit_getattr_all_pipes',`
gen_require(`
attribute domain;
class fifo_file getattr;
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index ec04db5..c1ca9bd 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -318,8 +318,8 @@ domain_exec_all_entry_files(initrc_t)
# for lsof which is used by alsa shutdown:
domain_dontaudit_getattr_all_udp_sockets(initrc_t)
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
-domain_dontaudit_getattr_all_unix_dgram_sockets(initrc_t)
-domain_dontaudit_getattr_all_unnamed_pipes(initrc_t)
+domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
+domain_dontaudit_getattr_all_pipes(initrc_t)
files_getattr_all_dirs(initrc_t)
files_getattr_all_files(initrc_t)
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index 2a63867..a189206 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -79,7 +79,7 @@ domain_read_confined_domains_state(cardmgr_t)
domain_getattr_confined_domains(cardmgr_t)
domain_dontaudit_ptrace_confined_domains(cardmgr_t)
# cjp: these look excessive:
-domain_dontaudit_getattr_all_unnamed_pipes(cardmgr_t)
+domain_dontaudit_getattr_all_pipes(cardmgr_t)
domain_dontaudit_getattr_all_sockets(cardmgr_t)
files_list_usr(cardmgr_t)