diff --git a/policy/modules/services/tgtd.if b/policy/modules/services/tgtd.if
index 2c0bc5c..b113b41 100644
--- a/policy/modules/services/tgtd.if
+++ b/policy/modules/services/tgtd.if
@@ -9,3 +9,20 @@
##
##
+#####################################
+##
+## Allow read and write access to tgtd semaphores.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`tgtd_rw_semaphores',`
+ gen_require(`
+ type tgtd_t;
+ ')
+
+ allow $1 tgtd_t:sem rw_sem_perms;
+')
diff --git a/policy/modules/services/tgtd.te b/policy/modules/services/tgtd.te
index 917dae8..04a1c8b 100644
--- a/policy/modules/services/tgtd.te
+++ b/policy/modules/services/tgtd.te
@@ -1,5 +1,5 @@
-policy_module(tgtd, 1.0.0)
+policy_module(tgtd, 1.0.1)
########################################
#
@@ -60,7 +60,7 @@ corenet_sendrecv_iscsi_server_packets(tgtd_t)
files_read_etc_files(tgtd_t)
-storage_getattr_fixed_disk_dev(tgtd_t)
+storage_manage_fixed_disk(tgtd_t)
logging_send_syslog_msg(tgtd_t)
diff --git a/policy/modules/system/iscsi.fc b/policy/modules/system/iscsi.fc
index 405dbe2..14d9670 100644
--- a/policy/modules/system/iscsi.fc
+++ b/policy/modules/system/iscsi.fc
@@ -1,5 +1,7 @@
/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
+/sbin/brcm_iscsiuio -- gen_context(system_u:object_r:iscsid_exec_t,s0)
/var/lib/iscsi(/.*)? gen_context(system_u:object_r:iscsi_var_lib_t,s0)
/var/lock/iscsi(/.*)? gen_context(system_u:object_r:iscsi_lock_t,s0)
+/var/log/brcm-iscsi\.log -- gen_context(system_u:object_r:iscsi_log_t,s0)
/var/run/iscsid\.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0)
diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
index e53aa29..6a52922 100644
--- a/policy/modules/system/iscsi.te
+++ b/policy/modules/system/iscsi.te
@@ -1,5 +1,5 @@
-policy_module(iscsi, 1.6.1)
+policy_module(iscsi, 1.6.2)
########################################
#
@@ -14,6 +14,9 @@ init_daemon_domain(iscsid_t, iscsid_exec_t)
type iscsi_lock_t;
files_lock_file(iscsi_lock_t)
+type iscsi_log_t;
+logging_log_file(iscsi_log_t)
+
type iscsi_tmp_t;
files_tmp_file(iscsi_tmp_t)
@@ -36,15 +39,21 @@ allow iscsid_t self:unix_dgram_socket create_socket_perms;
allow iscsid_t self:sem create_sem_perms;
allow iscsid_t self:shm create_shm_perms;
allow iscsid_t self:netlink_socket create_socket_perms;
+allow iscsid_t self:netlink_kobject_uevent_socket create_socket_perms;
allow iscsid_t self:netlink_route_socket rw_netlink_socket_perms;
allow iscsid_t self:tcp_socket create_stream_socket_perms;
+can_exec(iscsid_t, iscsid_exec_t)
+
manage_files_pattern(iscsid_t, iscsi_lock_t, iscsi_lock_t)
files_lock_filetrans(iscsid_t, iscsi_lock_t, file)
-allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
-allow iscsid_t iscsi_tmp_t:file manage_file_perms;
-fs_tmpfs_filetrans(iscsid_t, iscsi_tmp_t, file )
+manage_files_pattern(iscsid_t, iscsi_log_t, iscsi_log_t)
+logging_log_filetrans(iscsid_t, iscsi_log_t, file)
+
+manage_dirs_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
+manage_files_pattern(iscsid_t, iscsi_tmp_t, iscsi_tmp_t)
+fs_tmpfs_filetrans(iscsid_t, iscsi_tmp_t, { dir file } )
allow iscsid_t iscsi_var_lib_t:dir list_dir_perms;
read_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
@@ -54,8 +63,8 @@ files_search_var_lib(iscsid_t)
manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
+kernel_read_network_state(iscsid_t)
kernel_read_system_state(iscsid_t)
-kernel_search_debugfs(iscsid_t)
corenet_all_recvfrom_unlabeled(iscsid_t)
corenet_all_recvfrom_netlabel(iscsid_t)
@@ -67,13 +76,21 @@ corenet_tcp_connect_iscsi_port(iscsid_t)
corenet_tcp_connect_isns_port(iscsid_t)
dev_rw_sysfs(iscsid_t)
+dev_rw_userio_dev(iscsid_t)
domain_use_interactive_fds(iscsid_t)
+domain_dontaudit_read_all_domains_state(iscsid_t)
files_read_etc_files(iscsid_t)
-logging_send_syslog_msg(iscsid_t)
-
auth_use_nsswitch(iscsid_t)
+init_stream_connect_script(iscsid_t)
+
+logging_send_syslog_msg(iscsid_t)
+
miscfiles_read_localization(iscsid_t)
+
+optional_policy(`
+ tgtd_rw_semaphores(iscsid_t)
+')