diff --git a/refpolicy/policy/modules/admin/rpm.if b/refpolicy/policy/modules/admin/rpm.if
index 12f93fa..d630645 100644
--- a/refpolicy/policy/modules/admin/rpm.if
+++ b/refpolicy/policy/modules/admin/rpm.if
@@ -28,6 +28,28 @@ interface(`rpm_domtrans',`
########################################
##
+## Execute rpm_script programs in the rpm_script domain.
+##
+##
+## Domain allowed access.
+##
+#
+interface(`rpm_script_domtrans',`
+ gen_require(`
+ type rpm_exec_t;
+ ')
+
+ # transition to rpm script:
+ corecmd_shell_domtrans($1,rpm_script_t)
+
+ allow $1 rpm_script_t:fd use;
+ allow rpm_script_t $1:fd use;
+ allow rpm_script_t $1:fifo_file rw_file_perms;
+ allow rpm_script_t $1:process sigchld;
+')
+
+########################################
+##
## Execute RPM programs in the RPM domain.
##
##
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index 847e2c7..27194c3 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -1,5 +1,5 @@
-policy_module(rpm,1.1.0)
+policy_module(rpm,1.1.1)
########################################
#
@@ -47,12 +47,6 @@ files_tmp_file(rpm_script_tmp_t)
type rpm_script_tmpfs_t;
files_tmpfs_file(rpm_script_tmpfs_t)
-type rpmbuild_t;
-domain_type(rpmbuild_t)
-
-type rpmbuild_exec_t;
-domain_entry_file(rpmbuild_t,rpmbuild_exec_t)
-
########################################
#
# rpm Local policy
@@ -140,7 +134,7 @@ auth_dontaudit_read_shadow(rpm_t)
corecmd_exec_bin(rpm_t)
corecmd_exec_sbin(rpm_t)
# transition to rpm script:
-corecmd_shell_domtrans(rpm_t,rpm_script_t)
+rpm_script_domtrans(rpm_t)
domain_exec_all_entry_files(rpm_t)
domain_read_all_domains_state(rpm_t)
@@ -362,27 +356,6 @@ ifdef(`TODO',`
optional_policy(`lpd',`
can_exec(rpm_script_t,printconf_t)
')
-') dnl end TODO
-
-########################################
-#
-# rpm-build Local policy
-#
-
-# cjp: this looks like dead policy. nothing
-# can transition to this domain, nor can it
-# really do anything useful.
-
-selinux_get_fs_mount(rpmbuild_t)
-selinux_validate_context(rpmbuild_t)
-selinux_compute_access_vector(rpmbuild_t)
-selinux_compute_create_context(rpmbuild_t)
-selinux_compute_relabel_context(rpmbuild_t)
-selinux_compute_user_contexts(rpmbuild_t)
-
-seutil_read_src_pol(rpmbuild_t)
-
-ifdef(`TODO',`
optional_policy(`cups',`
allow cupsd_t rpm_var_lib_t:dir r_dir_perms;
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 455e384..78365a0 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -1,5 +1,5 @@
-policy_module(hal,1.1.2)
+policy_module(hal,1.1.3)
########################################
#
@@ -182,10 +182,6 @@ optional_policy(`nscd',`
nscd_use_socket(hald_t)
')
-optional_policy(`ntp',`
- ntp_domtrans(hald_t)
-')
-
optional_policy(`pcmcia',`
pcmcia_manage_pid(hald_t)
pcmcia_manage_runtime_chr(hald_t)
diff --git a/refpolicy/policy/modules/services/nis.if b/refpolicy/policy/modules/services/nis.if
index 9193fbe..297c4b7 100644
--- a/refpolicy/policy/modules/services/nis.if
+++ b/refpolicy/policy/modules/services/nis.if
@@ -217,11 +217,11 @@ interface(`nis_tcp_connect_ypbind',`
#
interface(`nis_read_ypbind_pid',`
gen_require(`
- type ypbind_t;
+ type ypbind_var_run_t;
')
files_search_pids($1)
- allow $1 ypbind_t:file r_file_perms;
+ allow $1 ypbind_var_run_t:file r_file_perms;
')
########################################
diff --git a/refpolicy/policy/modules/system/libraries.fc b/refpolicy/policy/modules/system/libraries.fc
index 82fb18a..e7f1ef0 100644
--- a/refpolicy/policy/modules/system/libraries.fc
+++ b/refpolicy/policy/modules/system/libraries.fc
@@ -113,6 +113,7 @@ ifdef(`distro_redhat',`
/usr/lib(64)?/.*/program/libsvx680li\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr(/.*)?/pcsc/drivers(/.*)?/libcm(2020|4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/firefox.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/mozilla.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/sunbird.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index c4c2a89..37b933d 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -1,5 +1,5 @@
-policy_module(unconfined,1.1.1)
+policy_module(unconfined,1.1.2)
########################################
#
@@ -118,6 +118,7 @@ ifdef(`targeted_policy',`
optional_policy(`rpm',`
rpm_domtrans(unconfined_t)
+ rpm_script_domtrans(unconfined_t)
')
optional_policy(`samba',`