diff --git a/policy/modules/apps/gnome.fc b/policy/modules/apps/gnome.fc
index 223a9d1..00a19e3 100644
--- a/policy/modules/apps/gnome.fc
+++ b/policy/modules/apps/gnome.fc
@@ -1,5 +1,6 @@
HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:gnome_home_t,s0)
HOME_DIR/\.gconf(d)?(/.*)? gen_context(system_u:object_r:gconf_home_t,s0)
+HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index b7bcad4..f5afe78 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -37,6 +37,64 @@ interface(`gnome_role',`
########################################
##
+## Execute gconf programs in
+## in the caller domain.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`gnome_exec_gconf',`
+ gen_require(`
+ type gconfd_exec_t;
+ ')
+
+ can_exec($1, gconfd_exec_t)
+')
+
+########################################
+##
+## Read gconf config files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+template(`gnome_read_gconf_config',`
+ gen_require(`
+ type gconf_etc_t;
+ ')
+
+ allow $1 gconf_etc_t:dir list_dir_perms;
+ read_files_pattern($1, gconf_etc_t, gconf_etc_t)
+ files_search_etc($1)
+')
+
+#######################################
+##
+## Create, read, write, and delete gconf config files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`gnome_manage_gconf_config',`
+ gen_require(`
+ type gconf_etc_t;
+ ')
+
+ manage_files_pattern($1, gconf_etc_t, gconf_etc_t)
+ files_search_etc($1)
+')
+
+########################################
+##
## gconf connection template.
##
##
@@ -74,6 +132,45 @@ interface(`gnome_domtrans_gconfd',`
########################################
##
+## Set attributes of Gnome config dirs.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`gnome_setattr_config_dirs',`
+ gen_require(`
+ type gnome_home_t;
+ ')
+
+ setattr_dirs_pattern($1, gnome_home_t, gnome_home_t)
+ files_search_home($1)
+')
+
+########################################
+##
+## Read gnome homedir content (.config)
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+template(`gnome_read_config',`
+ gen_require(`
+ type gnome_home_t;
+ ')
+
+ list_dirs_pattern($1, gnome_home_t, gnome_home_t)
+ read_files_pattern($1, gnome_home_t, gnome_home_t)
+ read_lnk_files_pattern($1, gnome_home_t, gnome_home_t)
+')
+
+########################################
+##
## manage gnome homedir content (.config)
##
##
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
index 4bebd9d..35f7486 100644
--- a/policy/modules/apps/gnome.te
+++ b/policy/modules/apps/gnome.te
@@ -1,4 +1,4 @@
-policy_module(gnome, 2.0.0)
+policy_module(gnome, 2.0.1)
##############################
#
@@ -8,16 +8,18 @@ policy_module(gnome, 2.0.0)
attribute gnomedomain;
type gconf_etc_t;
-files_type(gconf_etc_t)
+files_config_file(gconf_etc_t)
type gconf_home_t;
typealias gconf_home_t alias { user_gconf_home_t staff_gconf_home_t sysadm_gconf_home_t };
typealias gconf_home_t alias { auditadm_gconf_home_t secadm_gconf_home_t };
+typealias gconf_home_t alias unconfined_gconf_home_t;
userdom_user_home_content(gconf_home_t)
type gconf_tmp_t;
typealias gconf_tmp_t alias { user_gconf_tmp_t staff_gconf_tmp_t sysadm_gconf_tmp_t };
typealias gconf_tmp_t alias { auditadm_gconf_tmp_t secadm_gconf_tmp_t };
+typealias gconf_tmp_t alias unconfined_gconf_tmp_t;
files_tmp_file(gconf_tmp_t)
ubac_constrained(gconf_tmp_t)
@@ -31,6 +33,7 @@ ubac_constrained(gconfd_t)
type gnome_home_t;
typealias gnome_home_t alias { user_gnome_home_t staff_gnome_home_t sysadm_gnome_home_t };
typealias gnome_home_t alias { auditadm_gnome_home_t secadm_gnome_home_t };
+typealias gnome_home_t alias unconfined_gnome_home_t;
userdom_user_home_content(gnome_home_t)
##############################