diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index aa2b20e..4577903 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -91,6 +91,7 @@ domain_use_widely_inheritable_file_descriptors(bootloader_t)
libraries_use_dynamic_loader(bootloader_t)
libraries_read_shared_libraries(bootloader_t)
+libraries_read_library_resources(bootloader_t)
files_read_general_system_config(bootloader_t)
files_read_runtime_system_config(bootloader_t)
@@ -186,8 +187,6 @@ allow bootloader_t admin_tty_type:chr_file rw_file_perms;
allow bootloader_t initrc_t:fifo_file { read write };
-allow bootloader_t lib_t:file { getattr read };
-
allow bootloader_t sysfs_t:dir getattr;
allow bootloader_t var_t:dir search;
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 5abaaec..516974a 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -82,6 +82,8 @@ logging_send_system_log_message(hotplug_t)
libraries_use_dynamic_loader(hotplug_t)
libraries_read_shared_libraries(hotplug_t)
+# Read /usr/lib/gconv/.*
+libraries_read_library_resources(hotplug_t)
modutils_insmod_transition(hotplug_t)
modutils_read_kernel_module_dependencies(hotplug_t)
@@ -155,9 +157,6 @@ allow hotplug_t kernel_t:process sigchld;
# for when filesystems are not mounted early in the boot
dontaudit hotplug_t file_t:dir { search getattr };
-# Read /usr/lib/gconv/.*
-allow hotplug_t lib_t:file { getattr read };
-
allow hotplug_t udev_runtime_t:file rw_file_perms;
allow hotplug_t var_log_t:dir search;
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 7a06dac..832bcf0 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -145,8 +145,6 @@ allow init_t self:capability ~sys_module;
allow init_t initrc_var_run_t:file { getattr read write setattr };
ifdef(`TODO',`
-# something other then static libs
-allow init_t lib_t:file { getattr read };
# for mount points
allow init_t file_t:dir search;
@@ -438,14 +436,8 @@ domain_trans(initrc_t, shell_exec_t, unconfined_t)
', `
domain_auto_trans(sysadm_t, run_init_exec_t, run_init_t)
role sysadm_r types run_init_t;
-
domain_auto_trans(run_init_t, chkpwd_exec_t, sysadm_chkpwd_t)
-
-# for utmp
allow run_init_t admin_tty_type:chr_file rw_file_perms;
-
-allow run_init_t lib_t:file { getattr read };
-
') dnl endif targeted policy
tunable_policy(`distro_gentoo', `
diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if
index efb5097..7e02e9c 100644
--- a/refpolicy/policy/modules/system/libraries.if
+++ b/refpolicy/policy/modules/system/libraries.if
@@ -87,15 +87,15 @@ class file execmod;
########################################
#
-# libraries_read_static_libraries(domain)
+# libraries_read_library_resources(domain)
#
-define(`libraries_read_static_libraries',`
+define(`libraries_read_library_resources',`
requires_block_template(`$0'_depend)
allow $1 lib_t:dir { getattr read search };
allow $1 lib_t:{ file lnk_file } { getattr read };
')
-define(`libraries_read_static_libraries_depend',`
+define(`libraries_read_library_resources_depend',`
type lib_t;
class dir { getattr read search };
class lnk_file { getattr read };
diff --git a/refpolicy/policy/modules/system/miscfiles.if b/refpolicy/policy/modules/system/miscfiles.if
index a9755a7..ccceb51 100644
--- a/refpolicy/policy/modules/system/miscfiles.if
+++ b/refpolicy/policy/modules/system/miscfiles.if
@@ -27,7 +27,10 @@ define(`miscfiles_read_localization',`
requires_block_template(`$0'_depend)
# FIXME: $1 read etc_t:lnk_file here
# FIXME: $1 search usr_t:dir here
-# FIXME: $1 read lib_t:file(?)
+
+# why?
+libraries_read_library_resources($1)
+
allow $1 locale_t:dir { getattr read search };
allow $1 locale_t:lnk_file { getattr read };
allow $1 locale_t:file { getattr read };
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index df716c6..62854b9 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -2,6 +2,11 @@
policy_module(modutils,1.0)
+########################################
+#
+# Declarations
+#
+
# module loading config
type modules_conf_t;
files_make_file(modules_conf_t)
@@ -92,7 +97,6 @@ ifdef(`TODO',`
allow insmod_t initrc_t:fifo_file { getattr read write };
-allow insmod_t lib_t:file { getattr read };
allow insmod_t { var_t var_log_t }:dir search;
allow insmod_t apm_bios_t:chr_file { read write };
@@ -229,6 +233,4 @@ role sysadm_r types update_modules_t;
domain_auto_trans(sysadm_t, update_modules_exec_t, update_modules_t)
allow update_modules_t admin_tty_type:chr_file rw_file_perms;
dontaudit update_modules_t sysadm_home_dir_t:dir search;
-
-allow update_modules_t lib_t:file { getattr read };
') dnl endif TODO
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index e292109..a999b3d 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -67,9 +67,6 @@ ifdef(`TODO',`
# nfsv4 has a filesystem to mount for its userspace daemons
allow mount_t var_lib_nfs_t:dir mounton;
-# for localization
-allow mount_t lib_t:file { getattr read };
-
# TODO: Need to examine this further. Not sure how to handle this
#type sysadm_mount_source_t, file_type, sysadmfile, $1_file_type;
#allow sysadm_t sysadm_mount_source_t:file create_file_perms;
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 97c9722..b95984d 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -165,9 +165,6 @@ allow dhcpc_t rhgb_t:fifo_file { read write };
can_ypbind(dhcpc_t)
-# for localization
-allow dhcpc_t lib_t:file { getattr read };
-
ifdef(`cardmgr.te', `
domain_auto_trans(cardmgr_t, dhcpc_exec_t, dhcpc_t)
allow cardmgr_t dhcpc_var_run_t:file { getattr read };