diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 57f66de..4a2865b 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1192,6 +1192,26 @@ interface(`files_relabel_config_dirs',`
relabel_dirs_pattern($1, configfile, configfile)
')
+########################################
+##
+## Read config files in /etc.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`files_read_config_files',`
+ gen_require(`
+ attribute configfile;
+ ')
+
+ allow $1 configfile:dir list_dir_perms;
+ read_files_pattern($1, configfile, configfile)
+ read_lnk_files_pattern($1, configfile, configfile)
+')
+
###########################################
##
## Manage all configuration files on filesystem
@@ -1567,6 +1587,25 @@ interface(`files_boot_filetrans',`
########################################
##
+## read files in the /boot directory.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`files_read_boot_files',`
+ gen_require(`
+ type boot_t;
+ ')
+
+ manage_files_pattern($1, boot_t, boot_t)
+')
+
+########################################
+##
## Create, read, write, and delete files
## in the /boot directory.
##
@@ -1795,6 +1834,25 @@ interface(`files_dontaudit_list_default',`
########################################
##
+## Create, read, write, and delete directories with
+## the default file type.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`files_manage_default_dirs',`
+ gen_require(`
+ type default_t;
+ ')
+
+ manage_dirs_pattern($1, default_t, default_t)
+')
+
+########################################
+##
## Mount a filesystem on a directory with the default file type.
##
##
@@ -1869,6 +1927,25 @@ interface(`files_dontaudit_read_default_files',`
########################################
##
+## Create, read, write, and delete files with
+## the default file type.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`files_manage_default_files',`
+ gen_require(`
+ type default_t;
+ ')
+
+ manage_files_pattern($1, default_t, default_t)
+')
+
+########################################
+##
## Read symbolic links with the default file type.
##
##
@@ -3491,6 +3568,24 @@ interface(`files_setattr_all_tmp_dirs',`
########################################
##
+## List all tmp directories.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`files_list_all_tmp',`
+ gen_require(`
+ attribute tmpfile;
+ ')
+
+ allow $1 tmpfile:dir list_dir_perms;
+')
+
+########################################
+##
## Do not audit attempts to get the attributes
## of all tmp files.
##
@@ -5072,7 +5167,7 @@ interface(`files_polyinstantiate_all',`
selinux_compute_member($1)
# Need sys_admin capability for mounting
- allow $1 self:capability { chown fsetid sys_admin };
+ allow $1 self:capability { chown fsetid sys_admin fowner };
# Need to give access to the directories to be polyinstantiated
allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index e970d85..d6e85d3 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
-policy_module(files, 1.12.0)
+policy_module(files, 1.12.1)
########################################
#
@@ -53,7 +53,7 @@ files_mountpoint(default_t)
#
# etc_t is the type of the system etc directories.
#
-type etc_t;
+type etc_t, configfile;
files_type(etc_t)
# compatibility aliases for removed types:
typealias etc_t alias automount_etc_t;