diff --git a/modules-minimum.conf b/modules-minimum.conf
index 29e28c9..3c06644 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -340,6 +340,13 @@ dcc = module
 # 
 ddcprobe = off
 
+# Layer: services
+# Module: devicekit
+#
+# devicekit-daemon
+# 
+devicekit = module
+
 # Layer: kernel
 # Module: devices
 # Required in base
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 29e28c9..3c06644 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -340,6 +340,13 @@ dcc = module
 # 
 ddcprobe = off
 
+# Layer: services
+# Module: devicekit
+#
+# devicekit-daemon
+# 
+devicekit = module
+
 # Layer: kernel
 # Module: devices
 # Required in base
diff --git a/policy-20090105.patch b/policy-20090105.patch
index 6480d1f..508ddcb 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -8349,7 +8349,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.3/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.3/policy/modules/services/apache.te	2009-01-19 17:10:55.000000000 -0500
++++ serefpolicy-3.6.3/policy/modules/services/apache.te	2009-01-19 17:34:22.000000000 -0500
 @@ -19,6 +19,8 @@
  # Declarations
  #
@@ -8444,16 +8444,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  type httpd_tmp_t;
  files_tmp_file(httpd_tmp_t)
  
-@@ -187,15 +233,22 @@
+@@ -187,15 +233,20 @@
  files_tmpfs_file(httpd_tmpfs_t)
  
  apache_content_template(user)
 +
  ubac_constrained(httpd_user_script_t)
-+typeattribute httpd_user_content_t, httpdcontent;
-+typeattribute httpd_user_content_rw_t, httpdcontent;
-+typeattribute httpd_user_content_ra_t, httpdcontent;
-+typeattribute httpd_user_script_exec_t, httpdcontent;
++typeattribute httpd_user_content_t httpdcontent;
++typeattribute httpd_user_content_rw_t httpdcontent;
++typeattribute httpd_user_content_ra_t httpdcontent;
 +
  userdom_user_home_content(httpd_user_content_t)
  userdom_user_home_content(httpd_user_htaccess_t)
@@ -8462,7 +8461,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -userdom_user_home_content(httpd_user_script_ro_t)
 -userdom_user_home_content(httpd_user_script_rw_t)
 +userdom_user_home_content(httpd_user_content_ra_t)
-+userdom_user_home_content(httpd_user_content_ro_t)
 +userdom_user_home_content(httpd_user_content_rw_t)
  typeattribute httpd_user_script_t httpd_script_domains;
  typealias httpd_user_content_t alias { httpd_staff_content_t httpd_sysadm_content_t };
@@ -8470,7 +8468,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  typealias httpd_user_content_t alias { httpd_auditadm_content_t httpd_secadm_content_t };
  typealias httpd_user_htaccess_t alias { httpd_staff_htaccess_t httpd_sysadm_htaccess_t };
  typealias httpd_user_htaccess_t alias { httpd_auditadm_htaccess_t httpd_secadm_htaccess_t };
-@@ -230,7 +283,7 @@
+@@ -230,7 +281,7 @@
  # Apache server local policy
  #
  
@@ -8479,7 +8477,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dontaudit httpd_t self:capability { net_admin sys_tty_config };
  allow httpd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  allow httpd_t self:fd use;
-@@ -272,6 +325,7 @@
+@@ -272,6 +323,7 @@
  allow httpd_t httpd_modules_t:dir list_dir_perms;
  mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
  read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
@@ -8487,7 +8485,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  apache_domtrans_rotatelogs(httpd_t)
  # Apache-httpd needs to be able to send signals to the log rotate procs.
-@@ -283,9 +337,9 @@
+@@ -283,9 +335,9 @@
  
  allow httpd_t httpd_suexec_exec_t:file read_file_perms;
  
@@ -8500,7 +8498,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_dirs_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
  manage_files_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
-@@ -301,6 +355,7 @@
+@@ -301,6 +353,7 @@
  manage_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
  files_var_lib_filetrans(httpd_t, httpd_var_lib_t, file)
  
@@ -8508,7 +8506,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_files_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
  manage_sock_files_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
  files_pid_filetrans(httpd_t, httpd_var_run_t, { file sock_file })
-@@ -312,6 +367,7 @@
+@@ -312,6 +365,7 @@
  kernel_read_kernel_sysctls(httpd_t)
  # for modules that want to access /proc/meminfo
  kernel_read_system_state(httpd_t)
@@ -8516,7 +8514,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(httpd_t)
  corenet_all_recvfrom_netlabel(httpd_t)
-@@ -322,6 +378,7 @@
+@@ -322,6 +376,7 @@
  corenet_tcp_sendrecv_all_ports(httpd_t)
  corenet_udp_sendrecv_all_ports(httpd_t)
  corenet_tcp_bind_generic_node(httpd_t)
@@ -8524,7 +8522,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_bind_http_port(httpd_t)
  corenet_tcp_bind_http_cache_port(httpd_t)
  corenet_sendrecv_http_server_packets(httpd_t)
-@@ -335,12 +392,12 @@
+@@ -335,12 +390,12 @@
  
  fs_getattr_all_fs(httpd_t)
  fs_search_auto_mountpoints(httpd_t)
@@ -8540,7 +8538,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  domain_use_interactive_fds(httpd_t)
  
-@@ -358,6 +415,10 @@
+@@ -358,6 +413,10 @@
  files_read_var_lib_symlinks(httpd_t)
  
  fs_search_auto_mountpoints(httpd_sys_script_t)
@@ -8551,7 +8549,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  libs_read_lib_files(httpd_t)
  
-@@ -372,18 +433,33 @@
+@@ -372,18 +431,33 @@
  
  userdom_use_unpriv_users_fds(httpd_t)
  
@@ -8589,7 +8587,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  ')
  
-@@ -391,20 +467,54 @@
+@@ -391,20 +465,54 @@
  	corenet_tcp_connect_all_ports(httpd_t)
  ')
  
@@ -8645,7 +8643,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
  	manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
-@@ -415,20 +525,28 @@
+@@ -415,20 +523,28 @@
  	corenet_tcp_bind_ftp_port(httpd_t)
  ')
  
@@ -8678,7 +8676,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`httpd_ssi_exec',`
  	corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
  	allow httpd_sys_script_t httpd_t:fd use;
-@@ -459,8 +577,13 @@
+@@ -459,8 +575,13 @@
  ')
  
  optional_policy(`
@@ -8694,7 +8692,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -472,18 +595,13 @@
+@@ -472,18 +593,13 @@
  ')
  
  optional_policy(`
@@ -8714,7 +8712,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -493,6 +611,12 @@
+@@ -493,6 +609,12 @@
  	openca_kill(httpd_t)
  ')
  
@@ -8727,7 +8725,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  optional_policy(`
  	# Allow httpd to work with postgresql
  	postgresql_stream_connect(httpd_t)
-@@ -500,6 +624,7 @@
+@@ -500,6 +622,7 @@
  
  	tunable_policy(`httpd_can_network_connect_db',`
  		postgresql_tcp_connect(httpd_t)
@@ -8735,7 +8733,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-@@ -508,6 +633,7 @@
+@@ -508,6 +631,7 @@
  ')
  
  optional_policy(`
@@ -8743,7 +8741,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -535,6 +661,22 @@
+@@ -535,6 +659,22 @@
  
  userdom_use_user_terminals(httpd_helper_t)
  
@@ -8766,7 +8764,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # Apache PHP script local policy
-@@ -564,20 +706,25 @@
+@@ -564,20 +704,25 @@
  
  fs_search_auto_mountpoints(httpd_php_t)
  
@@ -8798,7 +8796,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -595,23 +742,24 @@
+@@ -595,23 +740,24 @@
  append_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
  read_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
  
@@ -8827,7 +8825,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -624,6 +772,7 @@
+@@ -624,6 +770,7 @@
  logging_send_syslog_msg(httpd_suexec_t)
  
  miscfiles_read_localization(httpd_suexec_t)
@@ -8835,20 +8833,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  tunable_policy(`httpd_can_network_connect',`
  	allow httpd_suexec_t self:tcp_socket create_stream_socket_perms;
-@@ -641,12 +790,25 @@
+@@ -641,12 +788,23 @@
  	corenet_sendrecv_all_client_packets(httpd_suexec_t)
  ')
  
 +read_files_pattern(httpd_suexec_t, httpd_user_content_t, httpd_user_content_t)
 +read_files_pattern(httpd_suexec_t, httpd_user_script_rw_t, httpd_user_script_rw_t)
-+read_files_pattern(httpd_suexec_t, httpd_user_script_ro_t, httpd_user_script_ro_t)
 +read_files_pattern(httpd_suexec_t, httpd_user_script_ra_t, httpd_user_script_ra_t)
 +
 +domain_entry_file(httpd_sys_script_t, httpd_sys_content_t)
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
 +	domtrans_pattern(httpd_suexec_t, httpd_user_content_t, httpd_user_script_t)
-+	domtrans_pattern(httpd_suexec_t, httpd_user_script_ro_t, httpd_user_script_t)
 +	domtrans_pattern(httpd_suexec_t, httpd_user_script_ra_t, httpd_user_script_t)
 +	domtrans_pattern(httpd_suexec_t, httpd_user_script_rw_t, httpd_user_script_t)
 +
@@ -8864,7 +8860,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -655,6 +817,12 @@
+@@ -655,6 +813,12 @@
  	fs_exec_nfs_files(httpd_suexec_t)
  ')
  
@@ -8877,7 +8873,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_suexec_t)
  	fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -672,15 +840,14 @@
+@@ -672,15 +836,14 @@
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -8896,7 +8892,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow httpd_sys_script_t httpd_t:tcp_socket { read write };
  
  dontaudit httpd_sys_script_t httpd_config_t:dir search;
-@@ -699,12 +866,24 @@
+@@ -699,12 +862,24 @@
  # Should we add a boolean?
  apache_domtrans_rotatelogs(httpd_sys_script_t)
  
@@ -8923,7 +8919,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -712,6 +891,35 @@
+@@ -712,6 +887,35 @@
  	fs_read_nfs_symlinks(httpd_sys_script_t)
  ')
  
@@ -8959,7 +8955,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -724,6 +932,10 @@
+@@ -724,6 +928,10 @@
  optional_policy(`
  	mysql_stream_connect(httpd_sys_script_t)
  	mysql_rw_db_sockets(httpd_sys_script_t)
@@ -8970,7 +8966,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -735,6 +947,8 @@
+@@ -735,6 +943,8 @@
  # httpd_rotatelogs local policy
  #
  
@@ -8979,7 +8975,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_files_pattern(httpd_rotatelogs_t, httpd_log_t, httpd_log_t)
  
  kernel_read_kernel_sysctls(httpd_rotatelogs_t)
-@@ -754,6 +968,9 @@
+@@ -754,6 +964,9 @@
  
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	allow httpd_user_script_t httpdcontent:file entrypoint;
@@ -8989,7 +8985,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  # allow accessing files/dirs below the users home dir
-@@ -762,3 +979,66 @@
+@@ -762,3 +975,66 @@
  	userdom_search_user_home_dirs(httpd_suexec_t)
  	userdom_search_user_home_dirs(httpd_user_script_t)
  ')
@@ -11422,7 +11418,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/devkit(/.*)?			gen_context(system_u:object_r:devicekit_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.6.3/policy/modules/services/devicekit.if
 --- nsaserefpolicy/policy/modules/services/devicekit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.3/policy/modules/services/devicekit.if	2009-01-19 17:09:09.000000000 -0500
++++ serefpolicy-3.6.3/policy/modules/services/devicekit.if	2009-01-19 17:17:14.000000000 -0500
 @@ -0,0 +1,139 @@
 +
 +## <summary>policy for devicekit</summary>
@@ -11521,7 +11517,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#
 +interface(`devicekit_power_dbus_chat',`
 +	gen_require(`
-+		type devicekit_t;
++		type devicekit_power_t;
 +		class dbus send_msg;
 +	')
 +
@@ -20523,14 +20519,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.3/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.3/policy/modules/services/squid.te	2009-01-19 15:16:22.000000000 -0500
++++ serefpolicy-3.6.3/policy/modules/services/squid.te	2009-01-19 17:24:18.000000000 -0500
 @@ -118,6 +118,9 @@
  
  fs_getattr_all_fs(squid_t)
  fs_search_auto_mountpoints(squid_t)
 +#squid requires the following when run in diskd mode, the recommended setting
 +fs_rw_tmpfs_files(squid_t)
-+fs_list_inotify(squid_t)
++fs_list_inotifyfs(squid_t)
  
  selinux_dontaudit_getattr_dir(squid_t)
  
@@ -26410,7 +26406,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/dev/shm/mono.*		gen_context(system_u:object_r:user_tmpfs_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.3/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.3/policy/modules/system/userdomain.if	2009-01-19 17:08:20.000000000 -0500
++++ serefpolicy-3.6.3/policy/modules/system/userdomain.if	2009-01-19 17:15:36.000000000 -0500
 @@ -30,8 +30,9 @@
  	')
  
@@ -26979,7 +26975,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  		optional_policy(`
 -			hal_dbus_chat($1_t)
-+			devkit_power_dbus_chat($1_usertype)
++			devicekit_power_dbus_chat($1_usertype)
  		')
  
  		optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index ebd57e1..47c8aaa 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -445,6 +445,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Jan 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-2
+- Add devicekit policy
+
 * Mon Jan 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.3-1
 - Update to upstream