diff --git a/policy/modules/apps/uml.if b/policy/modules/apps/uml.if
index 8a662d4..29dcf95 100644
--- a/policy/modules/apps/uml.if
+++ b/policy/modules/apps/uml.if
@@ -33,7 +33,6 @@
 ## </param>
 #
 template(`uml_per_role_template',`
-	
 	gen_require(`
 		type uml_ro_t, uml_exec_t;
 	')
@@ -42,6 +41,7 @@ template(`uml_per_role_template',`
 	#
 	# Declarations
 	#
+
 	type $1_uml_t;
 	domain_type($1_uml_t)
 	role $3 types $1_uml_t;
@@ -192,34 +192,6 @@ template(`uml_per_role_template',`
 	optional_policy(`
 		nis_use_ypbind($1_uml_t)
 	')
-
-	ifdef(`TODO',`
-		# for X
-		optional_policy(`
-			ifelse($1, sysadm,`
-			',`
-				optional_policy(`
-					allow $1_uml_t xdm_xserver_tmp_t:dir search;
-				')
-				allow $1_uml_t $1_xserver_tmp_t:sock_file write;
-				allow $1_uml_t $1_xserver_t:unix_stream_socket connectto;
-			')
-		')
-
-		optional_policy(`
-			# for uml_net
-			domain_auto_trans($1_uml_t, uml_net_exec_t, uml_net_t)
-			allow uml_net_t $1_uml_t:unix_stream_socket { read write };
-			allow uml_net_t $1_uml_t:unix_dgram_socket { read write };
-			dontaudit uml_net_t privfd:fd use;
-			can_access_pty(uml_net_t, $1_uml)
-			dontaudit uml_net_t $1_uml_rw_t:dir { getattr search };
-		')
-		#TODO
-		optional_policy(`
-			allow $1_uml_t $1_xauth_home_t:file { getattr read };
-		')
-	')
 ')
 
 ########################################
diff --git a/policy/modules/services/rwho.if b/policy/modules/services/rwho.if
index d2d17a0..2de6247 100644
--- a/policy/modules/services/rwho.if
+++ b/policy/modules/services/rwho.if
@@ -1 +1,77 @@
 ## <summary>Who is logged in on other machines?</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run rwho.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`rwho_domtrans',`
+	gen_require(`
+		type rwho_t, rwho_exec_t;
+	')
+
+	domtrans_pattern($1,rwho_exec_t,rwho_t)
+')
+
+########################################
+## <summary>
+##	Search rwho spool directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`rwho_search_spool',`
+	gen_require(`
+		type rwho_spool_t;
+	')
+
+	allow $1 rwho_spool_t:dir search_dir_perms;
+	files_search_spool($1)
+')
+
+########################################
+## <summary>
+##	Read rwho spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`rwho_read_spool_files',`
+	gen_require(`
+		type rwho_spool_t;
+	')
+
+	read_files_pattern($1,rwho_spool_t,rwho_spool_t)
+	files_search_spool($1)
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	rwho spool files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`rwho_manage_spool_files',`
+	gen_require(`
+		type rwho_spool_t;
+	')
+
+	manage_files_pattern($1,rwho_spool_t,rwho_spool_t)
+	files_search_spool($1)
+')
diff --git a/policy/modules/services/rwho.te b/policy/modules/services/rwho.te
index ab29729..d47263a 100644
--- a/policy/modules/services/rwho.te
+++ b/policy/modules/services/rwho.te
@@ -1,5 +1,5 @@
 
-policy_module(rwho,1.0.0)
+policy_module(rwho,1.0.1)
 
 ########################################
 #