diff --git a/policy-20080710.patch b/policy-20080710.patch
index fea3976..d3c60f5 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -79,13 +79,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rul
  $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.8/config/appconfig-mcs/default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.8/config/appconfig-mcs/default_contexts	2008-09-17 08:49:08.000000000 -0400
-@@ -1,15 +0,0 @@
++++ serefpolicy-3.5.8/config/appconfig-mcs/default_contexts	2008-09-22 15:25:07.000000000 -0400
+@@ -1,15 +1,6 @@
 -system_r:crond_t:s0		user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
 -system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 -system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
 -system_r:sshd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
--system_r:sulogin_t:s0		sysadm_r:sysadm_t:s0
++system_r:crond_t:s0		system_r:system_crond_t:s0
++system_r:local_login_t:s0	user_r:user_t:s0
++system_r:remote_login_t:s0	user_r:user_t:s0
++system_r:sshd_t:s0		user_r:user_t:s0
+ system_r:sulogin_t:s0		sysadm_r:sysadm_t:s0
 -system_r:xdm_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 -
 -staff_r:staff_su_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
@@ -96,6 +100,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 -
 -user_r:user_su_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 -user_r:user_sudo_t:s0		sysadm_r:sysadm_t:s0 user_r:user_t:s0
++system_r:xdm_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.8/config/appconfig-mcs/failsafe_context
 --- nsaserefpolicy/config/appconfig-mcs/failsafe_context	2008-08-07 11:15:14.000000000 -0400
 +++ serefpolicy-3.5.8/config/appconfig-mcs/failsafe_context	2008-09-17 08:49:08.000000000 -0400
@@ -104,19 +109,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:unconfined_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/config/appconfig-mcs/guest_u_default_contexts	2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mcs/guest_u_default_contexts	2008-09-22 15:33:55.000000000 -0400
 @@ -0,0 +1,6 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
 +system_r:sshd_t:s0		guest_r:guest_t:s0
-+system_r:crond_t:s0		guest_r:guest_crond_t:s0
++system_r:crond_t:s0		guest_r:guest_t:s0
 +system_r:initrc_su_t:s0		guest_r:guest_t:s0
 +guest_r:guest_t:s0		guest_r:guest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/root_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.8/config/appconfig-mcs/root_default_contexts	2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mcs/root_default_contexts	2008-09-22 15:36:05.000000000 -0400
 @@ -1,11 +1,7 @@
- system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+-system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
++system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
  system_r:local_login_t:s0	unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
  
 -staff_r:staff_su_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -130,8 +136,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.8/config/appconfig-mcs/staff_u_default_contexts	2008-09-17 08:49:08.000000000 -0400
-@@ -5,6 +5,8 @@
++++ serefpolicy-3.5.8/config/appconfig-mcs/staff_u_default_contexts	2008-09-22 15:33:36.000000000 -0400
+@@ -1,10 +1,12 @@
+ system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+ system_r:remote_login_t:s0	staff_r:staff_t:s0
+ system_r:sshd_t:s0		staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-system_r:crond_t:s0		staff_r:staff_crond_t:s0
++system_r:crond_t:s0		staff_r:staff_t:s0
  system_r:xdm_t:s0		staff_r:staff_t:s0
  staff_r:staff_su_t:s0		staff_r:staff_t:s0
  staff_r:staff_sudo_t:s0		staff_r:staff_t:s0
@@ -152,8 +163,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
  system_r:xdm_t:s0		unconfined_r:unconfined_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.8/config/appconfig-mcs/user_u_default_contexts	2008-09-17 08:49:08.000000000 -0400
-@@ -5,4 +5,5 @@
++++ serefpolicy-3.5.8/config/appconfig-mcs/user_u_default_contexts	2008-09-22 15:33:49.000000000 -0400
+@@ -1,8 +1,9 @@
+ system_r:local_login_t:s0	user_r:user_t:s0
+ system_r:remote_login_t:s0	user_r:user_t:s0
+ system_r:sshd_t:s0		user_r:user_t:s0
+-system_r:crond_t:s0		user_r:user_crond_t:s0
++system_r:crond_t:s0		user_r:user_t:s0
  system_r:xdm_t:s0		user_r:user_t:s0
  user_r:user_su_t:s0		user_r:user_t:s0
  user_r:user_sudo_t:s0		user_r:user_t:s0
@@ -168,23 +184,103 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
 +system_u:system_r:unconfined_t:s0	
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/config/appconfig-mcs/xguest_u_default_contexts	2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mcs/xguest_u_default_contexts	2008-09-22 15:34:01.000000000 -0400
 @@ -0,0 +1,7 @@
 +system_r:local_login_t	xguest_r:xguest_t:s0
 +system_r:remote_login_t	xguest_r:xguest_t:s0
 +system_r:sshd_t		xguest_r:xguest_t:s0
-+system_r:crond_t	xguest_r:xguest_crond_t:s0
++system_r:crond_t	xguest_r:xguest_t:s0
 +system_r:xdm_t		xguest_r:xguest_t:s0
 +system_r:initrc_su_t:s0	xguest_r:xguest_t:s0
 +xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.8/config/appconfig-mls/default_contexts
+--- nsaserefpolicy/config/appconfig-mls/default_contexts	2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/default_contexts	2008-09-22 15:37:18.000000000 -0400
+@@ -1,15 +1,6 @@
+-system_r:crond_t:s0		user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
+-system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
+-system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
+-system_r:sshd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
++system_r:crond_t:s0		system_r:system_crond_t:s0
++system_r:local_login_t:s0	user_r:user_t:s0
++system_r:remote_login_t:s0	user_r:user_t:s0
++system_r:sshd_t:s0		user_r:user_t:s0
+ system_r:sulogin_t:s0		sysadm_r:sysadm_t:s0
+-system_r:xdm_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
+-
+-staff_r:staff_su_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-staff_r:staff_sudo_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+-
+-sysadm_r:sysadm_su_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0
+-
+-user_r:user_su_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-user_r:user_sudo_t:s0		sysadm_r:sysadm_t:s0 user_r:user_t:s0
++system_r:xdm_t:s0		user_r:user_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.8/config/appconfig-mls/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/config/appconfig-mls/guest_u_default_contexts	2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/guest_u_default_contexts	2008-09-22 15:34:31.000000000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
 +system_r:sshd_t:s0		guest_r:guest_t:s0
-+system_r:crond_t:s0		guest_r:guest_crond_t:s0
++system_r:crond_t:s0		guest_r:guest_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.8/config/appconfig-mls/root_default_contexts
+--- nsaserefpolicy/config/appconfig-mls/root_default_contexts	2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/root_default_contexts	2008-09-22 15:47:13.000000000 -0400
+@@ -1,11 +1,11 @@
+-system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+-system_r:local_login_t:s0	unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
++system_r:crond_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
++system_r:local_login_t:s0	sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+ 
+-staff_r:staff_su_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+-sysadm_r:sysadm_su_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+-user_r:user_su_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
++staff_r:staff_su_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
++sysadm_r:sysadm_su_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
++user_r:user_su_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+ 
+ #
+ # Uncomment if you want to automatically login as sysadm_r
+ #
+-#system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
++#system_r:sshd_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.8/config/appconfig-mls/staff_u_default_contexts
+--- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/staff_u_default_contexts	2008-09-22 15:34:13.000000000 -0400
+@@ -1,7 +1,7 @@
+ system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+ system_r:remote_login_t:s0	staff_r:staff_t:s0
+ system_r:sshd_t:s0		staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-system_r:crond_t:s0		staff_r:staff_crond_t:s0
++system_r:crond_t:s0		staff_r:staff_t:s0
+ system_r:xdm_t:s0		staff_r:staff_t:s0
+ staff_r:staff_su_t:s0		staff_r:staff_t:s0
+ staff_r:staff_sudo_t:s0		staff_r:staff_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.8/config/appconfig-mls/user_u_default_contexts
+--- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/user_u_default_contexts	2008-09-22 15:34:21.000000000 -0400
+@@ -1,7 +1,7 @@
+ system_r:local_login_t:s0	user_r:user_t:s0
+ system_r:remote_login_t:s0	user_r:user_t:s0
+ system_r:sshd_t:s0		user_r:user_t:s0
+-system_r:crond_t:s0		user_r:user_crond_t:s0
++system_r:crond_t:s0		user_r:user_t:s0
+ system_r:xdm_t:s0		user_r:user_t:s0
+ user_r:user_su_t:s0		user_r:user_t:s0
+ user_r:user_sudo_t:s0		user_r:user_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.5.8/config/appconfig-mls/xguest_u_default_contexts
+--- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.8/config/appconfig-mls/xguest_u_default_contexts	2008-09-22 15:37:37.000000000 -0400
+@@ -0,0 +1,7 @@
++system_r:local_login_t	xguest_r:xguest_t:s0
++system_r:remote_login_t	xguest_r:xguest_t:s0
++system_r:sshd_t		xguest_r:xguest_t:s0
++system_r:crond_t	xguest_r:xguest_t:s0
++system_r:xdm_t		xguest_r:xguest_t:s0
++system_r:initrc_su_t:s0	xguest_r:xguest_t:s0
++xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.8/config/appconfig-standard/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.5.8/config/appconfig-standard/guest_u_default_contexts	2008-09-17 08:49:08.000000000 -0400
@@ -209,6 +305,30 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
  #
 -#system_r:sshd_t	unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
 +system_r:sshd_t	unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts serefpolicy-3.5.8/config/appconfig-standard/staff_u_default_contexts
+--- nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-standard/staff_u_default_contexts	2008-09-22 15:34:45.000000000 -0400
+@@ -1,7 +1,7 @@
+ system_r:local_login_t		staff_r:staff_t sysadm_r:sysadm_t
+ system_r:remote_login_t		staff_r:staff_t
+ system_r:sshd_t			staff_r:staff_t sysadm_r:sysadm_t
+-system_r:crond_t		staff_r:staff_crond_t
++system_r:crond_t		staff_r:staff_t
+ system_r:xdm_t			staff_r:staff_t
+ staff_r:staff_su_t		staff_r:staff_t
+ staff_r:staff_sudo_t		staff_r:staff_t
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/user_u_default_contexts serefpolicy-3.5.8/config/appconfig-standard/user_u_default_contexts
+--- nsaserefpolicy/config/appconfig-standard/user_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-standard/user_u_default_contexts	2008-09-22 15:34:52.000000000 -0400
+@@ -1,7 +1,7 @@
+ system_r:local_login_t		user_r:user_t
+ system_r:remote_login_t		user_r:user_t
+ system_r:sshd_t			user_r:user_t
+-system_r:crond_t		user_r:user_crond_t
++system_r:crond_t		user_r:user_t
+ system_r:xdm_t			user_r:user_t
+ user_r:user_su_t		user_r:user_t
+ user_r:user_sudo_t		user_r:user_t
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.5.8/config/appconfig-standard/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.5.8/config/appconfig-standard/xguest_u_default_contexts	2008-09-17 08:49:08.000000000 -0400
@@ -4279,8 +4399,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +HOME_DIR/\.gstreamer-.*			gen_context(system_u:object_r:nsplugin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.5.8/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.if	2008-09-21 07:27:44.000000000 -0400
-@@ -0,0 +1,493 @@
++++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.if	2008-09-22 15:35:16.000000000 -0400
+@@ -0,0 +1,293 @@
 +
 +## <summary>policy for nsplugin</summary>
 +
@@ -4363,247 +4483,45 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		type nsplugin_exec_t;
 +		type nsplugin_config_exec_t;
 +		type $1_tmpfs_t;
++		type nsplugin_t;
++		type nsplugin_config_t;
 +	')
-+	type $1_nsplugin_t;
-+	domain_type($1_nsplugin_t)
-+	domain_entry_file($1_nsplugin_t, nsplugin_exec_t)
-+	role $3 types $1_nsplugin_t;
-+
-+	type $1_nsplugin_config_t;
-+	domain_type($1_nsplugin_config_t)
-+	domain_entry_file($1_nsplugin_config_t, nsplugin_config_exec_t)
-+	role $3 types $1_nsplugin_config_t;
 +
-+	role $3 types $1_nsplugin_t;
-+	role $3 types $1_nsplugin_config_t;
++	role $3 types nsplugin_t;
++	role $3 types nsplugin_config_t;
 +
-+	allow $1_nsplugin_t $2:process signull;
++	allow nsplugin_t $2:process signull;
 +
 +	list_dirs_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
 +	read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
 +	read_lnk_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
 +	can_exec($2, nsplugin_rw_t)
 +
-+	allow $1_nsplugin_t $1_tmpfs_t:file { read getattr };
-+
 +	#Leaked File Descriptors
-+	dontaudit $1_nsplugin_t $2:tcp_socket rw_socket_perms;
-+	dontaudit $1_nsplugin_t $2:udp_socket rw_socket_perms;
-+	dontaudit $1_nsplugin_t $2:unix_stream_socket rw_socket_perms;
-+	dontaudit $1_nsplugin_t $2:unix_dgram_socket rw_socket_perms;
-+	dontaudit $1_nsplugin_config_t $2:tcp_socket rw_socket_perms;
-+	dontaudit $1_nsplugin_config_t $2:udp_socket rw_socket_perms;
-+	dontaudit $1_nsplugin_config_t $2:unix_stream_socket rw_socket_perms;
-+	dontaudit $1_nsplugin_config_t $2:unix_dgram_socket rw_socket_perms;
-+	allow $1_nsplugin_t $2:unix_stream_socket connectto;
-+	dontaudit $1_nsplugin_t $2:process ptrace;
-+
-+	allow $2 $1_nsplugin_t:process { getattr ptrace signal_perms };
-+	allow $2 $1_nsplugin_t:unix_stream_socket connectto;
++	dontaudit nsplugin_t $2:tcp_socket rw_socket_perms;
++	dontaudit nsplugin_t $2:udp_socket rw_socket_perms;
++	dontaudit nsplugin_t $2:unix_stream_socket rw_socket_perms;
++	dontaudit nsplugin_t $2:unix_dgram_socket rw_socket_perms;
++	dontaudit nsplugin_config_t $2:tcp_socket rw_socket_perms;
++	dontaudit nsplugin_config_t $2:udp_socket rw_socket_perms;
++	dontaudit nsplugin_config_t $2:unix_stream_socket rw_socket_perms;
++	dontaudit nsplugin_config_t $2:unix_dgram_socket rw_socket_perms;
++	allow nsplugin_t $2:unix_stream_socket connectto;
++	dontaudit nsplugin_t $2:process ptrace;
++
++	allow $2 nsplugin_t:process { getattr ptrace signal_perms };
++	allow $2 nsplugin_t:unix_stream_socket connectto;
 +
 +	# Connect to pulseaudit server
-+	stream_connect_pattern($1_nsplugin_t, user_home_t, user_home_t, $2)
-+	gnome_stream_connect($1_nsplugin_t, $2)
-+
-+	userdom_use_user_terminals($1, $1_nsplugin_t)
-+	userdom_use_user_terminals($1, $1_nsplugin_config_t)
-+
-+	xserver_common_app($1, $1_nsplugin_t)
-+	
-+########################################
-+#
-+# nsplugin local policy
-+#
-+dontaudit $1_nsplugin_t self:capability sys_tty_config;
-+allow $1_nsplugin_t self:fifo_file rw_file_perms;
-+allow $1_nsplugin_t self:process { ptrace getsched setsched signal_perms };
-+
-+allow $1_nsplugin_t self:sem create_sem_perms;
-+allow $1_nsplugin_t self:shm create_shm_perms;
-+allow $1_nsplugin_t self:msgq create_msgq_perms;
-+allow $1_nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
-+
-+tunable_policy(`allow_nsplugin_execmem',`
-+	allow $1_nsplugin_t self:process { execstack execmem };
-+	allow $1_nsplugin_config_t self:process { execstack execmem };
-+')
-+	
-+manage_dirs_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+exec_files_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+manage_files_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+manage_lnk_files_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+userdom_user_home_dir_filetrans(user, $1_nsplugin_t, nsplugin_home_t, {file dir})
-+unprivuser_dontaudit_write_home_content_files($1_nsplugin_t)
-+
-+corecmd_exec_bin($1_nsplugin_t)
-+corecmd_exec_shell($1_nsplugin_t)
-+
-+corenet_all_recvfrom_unlabeled($1_nsplugin_t)
-+corenet_all_recvfrom_netlabel($1_nsplugin_t)
-+corenet_tcp_connect_flash_port($1_nsplugin_t)
-+corenet_tcp_connect_pulseaudio_port($1_nsplugin_t)
-+corenet_tcp_connect_http_port($1_nsplugin_t)
-+corenet_tcp_sendrecv_generic_if($1_nsplugin_t)
-+corenet_tcp_sendrecv_all_nodes($1_nsplugin_t)
-+
-+domain_dontaudit_read_all_domains_state($1_nsplugin_t)
-+
-+dev_read_rand($1_nsplugin_t)
-+dev_read_sound($1_nsplugin_t)
-+dev_write_sound($1_nsplugin_t)
-+dev_read_video_dev($1_nsplugin_t)
-+dev_write_video_dev($1_nsplugin_t)
-+dev_getattr_dri_dev($1_nsplugin_t)
-+dev_rwx_zero($1_nsplugin_t)
-+
-+kernel_read_kernel_sysctls($1_nsplugin_t)
-+kernel_read_system_state($1_nsplugin_t)
-+
-+files_read_usr_files($1_nsplugin_t)
-+files_read_etc_files($1_nsplugin_t)
-+files_read_config_files($1_nsplugin_t)
-+
-+fs_list_inotifyfs($1_nsplugin_t)
-+fs_manage_tmpfs_files($1_nsplugin_t)
-+fs_getattr_tmpfs($1_nsplugin_t)
-+fs_getattr_xattr_fs($1_nsplugin_t)
-+
-+term_dontaudit_getattr_all_user_ptys($1_nsplugin_t)
-+term_dontaudit_getattr_all_user_ttys($1_nsplugin_t)
-+
-+auth_use_nsswitch($1_nsplugin_t)
-+
-+libs_use_ld_so($1_nsplugin_t)
-+libs_use_shared_libs($1_nsplugin_t)
-+libs_exec_ld_so($1_nsplugin_t)
-+
-+miscfiles_read_localization($1_nsplugin_t)
-+miscfiles_read_fonts($1_nsplugin_t)
-+
-+unprivuser_manage_tmp_dirs($1_nsplugin_t)
-+unprivuser_manage_tmp_files($1_nsplugin_t)
-+unprivuser_manage_tmp_sockets($1_nsplugin_t)
-+userdom_tmp_filetrans_user_tmp(user, $1_nsplugin_t, { file dir sock_file })
-+unprivuser_read_tmpfs_files($1_nsplugin_t)
-+unprivuser_rw_semaphores($1_nsplugin_t)
-+unprivuser_delete_tmpfs_files($1_nsplugin_t)
-+
-+unprivuser_read_home_content_symlinks($1_nsplugin_t)
-+unprivuser_read_home_content_files($1_nsplugin_t)
-+unprivuser_read_tmp_files($1_nsplugin_t)
-+userdom_write_user_tmp_sockets(user, $1_nsplugin_t)
-+unprivuser_dontaudit_append_home_content_files($1_nsplugin_t)
-+userdom_dontaudit_unlink_unpriv_home_content_files($1_nsplugin_t)
-+userdom_dontaudit_manage_user_tmp_files(user, $1_nsplugin_t)
-+
-+optional_policy(`
-+	alsa_read_rw_config($1_nsplugin_t)
-+')
-+
-+optional_policy(`
-+	gnome_exec_gconf($1_nsplugin_t)
-+	gnome_manage_user_gnome_config(user, $1_nsplugin_t)
-+	allow $1_nsplugin_t gnome_home_t:sock_file write;
-+')
-+
-+optional_policy(`
-+	mozilla_read_user_home_files(user, $1_nsplugin_t)
-+	mozilla_write_user_home_files(user, $1_nsplugin_t)
-+')
-+
-+optional_policy(`
-+	mplayer_exec($1_nsplugin_t)
-+	mplayer_read_user_home_files(user, $1_nsplugin_t)
-+')
-+
-+optional_policy(`
-+	unconfined_execmem_signull($1_nsplugin_t)
-+	unconfined_delete_tmpfs_files($1_nsplugin_t)
-+')
-+
-+optional_policy(`
-+	xserver_stream_connect_xdm_xserver($1_nsplugin_t)
-+	xserver_xdm_rw_shm($1_nsplugin_t)
-+	xserver_read_xdm_tmp_files($1_nsplugin_t)
-+	xserver_read_xdm_pid($1_nsplugin_t)
-+	xserver_read_user_xauth(user, $1_nsplugin_t)
-+	xserver_read_user_iceauth(user, $1_nsplugin_t)
-+	xserver_use_user_fonts(user, $1_nsplugin_t)
-+	xserver_manage_home_fonts($1_nsplugin_t)
-+	xserver_dontaudit_rw_xdm_home_files($1_nsplugin_t)
-+')
-+
-+########################################
-+#
-+# $1_nsplugin_config local policy
-+#
-+
-+allow $1_nsplugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
-+allow $1_nsplugin_config_t self:process { setsched sigkill getsched execmem };
-+#execing pulseaudio
-+dontaudit $1_nsplugin_t self:process { getcap setcap };
-+
-+allow $1_nsplugin_config_t self:fifo_file rw_file_perms;
-+allow $1_nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
-+
-+fs_list_inotifyfs($1_nsplugin_config_t)
-+
-+can_exec($1_nsplugin_config_t, nsplugin_rw_t)
-+manage_dirs_pattern($1_nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-+manage_files_pattern($1_nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-+manage_lnk_files_pattern($1_nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-+
-+manage_dirs_pattern($1_nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-+manage_files_pattern($1_nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-+manage_lnk_files_pattern($1_nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++	stream_connect_pattern(nsplugin_t, user_home_t, user_home_t, $2)
++	gnome_stream_connect(nsplugin_t, $2)
 +
-+corecmd_exec_bin($1_nsplugin_config_t)
-+corecmd_exec_shell($1_nsplugin_config_t)
++	allow nsplugin_t $1_tmpfs_t:file { read getattr };
 +
-+kernel_read_system_state($1_nsplugin_config_t)
++	userdom_use_user_terminals($1, nsplugin_t)
++	userdom_use_user_terminals($1, nsplugin_config_t)
 +
-+files_read_etc_files($1_nsplugin_config_t)
-+files_read_usr_files($1_nsplugin_config_t)
-+files_dontaudit_search_home($1_nsplugin_config_t)
-+files_list_tmp($1_nsplugin_config_t)
-+
-+auth_use_nsswitch($1_nsplugin_config_t)
-+
-+libs_use_ld_so($1_nsplugin_config_t)
-+libs_use_shared_libs($1_nsplugin_config_t)
-+
-+miscfiles_read_localization($1_nsplugin_config_t)
-+miscfiles_read_fonts($1_nsplugin_config_t)
-+
-+userdom_search_all_users_home_content($1_nsplugin_config_t)
-+
-+tunable_policy(`use_nfs_home_dirs',`
-+	fs_manage_nfs_dirs($1_nsplugin_t)
-+	fs_manage_nfs_files($1_nsplugin_t)
-+	fs_manage_nfs_dirs($1_nsplugin_config_t)
-+	fs_manage_nfs_files($1_nsplugin_config_t)
-+')
-+
-+tunable_policy(`use_samba_home_dirs',`
-+	fs_manage_cifs_dirs($1_nsplugin_t)
-+	fs_manage_cifs_files($1_nsplugin_t)
-+	fs_manage_cifs_dirs($1_nsplugin_config_t)
-+	fs_manage_cifs_files($1_nsplugin_config_t)
-+')
-+
-+domtrans_pattern($1_nsplugin_config_t, nsplugin_exec_t, $1_nsplugin_t)
-+
-+optional_policy(`
-+	xserver_read_home_fonts($1_nsplugin_config_t)
-+')
-+
-+optional_policy(`
-+	mozilla_read_user_home_files(user, $1_nsplugin_config_t)
-+')
-+
-+	optional_policy(`
-+		openoffice_plugin_per_role_template($1, $1_nsplugin_t)
-+	')
++	xserver_common_app($1, nsplugin_t)
 +')
 +
 +#######################################
@@ -4642,12 +4560,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	gen_require(`
 +		type nsplugin_exec_t;
 +		type nsplugin_config_exec_t;
++		type nsplugin_t;
++		type nsplugin_config_t;
 +	')
 +
 +	nsplugin_per_role_template_notrans($1, $2, $3)
 +
-+	domtrans_pattern($2, nsplugin_exec_t, $1_nsplugin_t)
-+	domtrans_pattern($2, nsplugin_config_exec_t, $1_nsplugin_config_t)
++	domtrans_pattern($2, nsplugin_exec_t, nsplugin_t)
++	domtrans_pattern($2, nsplugin_config_exec_t, nsplugin_config_t)
 +')
 +
 +#######################################
@@ -4680,10 +4600,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +interface(`nsplugin_domtrans_user',`
 +	gen_require(`
 +		type nsplugin_exec_t;
-+		type $1_nsplugin_t;
++		type nsplugin_t;
 +	')
 +
-+	domtrans_pattern($2, nsplugin_exec_t, $1_nsplugin_t)
++	domtrans_pattern($2, nsplugin_exec_t, nsplugin_t)
 +')
 +#######################################
 +## <summary>
@@ -4715,10 +4635,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +interface(`nsplugin_domtrans_user_config',`
 +	gen_require(`
 +		type nsplugin_config_exec_t;
-+		type $1_nsplugin_config_t;
++		type nsplugin_config_t;
 +	')
 +
-+	domtrans_pattern($2, nsplugin_config_exec_t, $1_nsplugin_config_t)
++	domtrans_pattern($2, nsplugin_config_exec_t, nsplugin_config_t)
 +')
 +
 +########################################
@@ -4776,8 +4696,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.8/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.te	2008-09-17 19:06:31.000000000 -0400
-@@ -0,0 +1,36 @@
++++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.te	2008-09-22 14:52:12.000000000 -0400
+@@ -0,0 +1,234 @@
 +
 +policy_module(nsplugin, 1.0.0)
 +
@@ -4810,10 +4730,208 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +userdom_user_home_content(user, nsplugin_home_t)
 +typealias nsplugin_home_t alias user_nsplugin_home_t;
 +
++type nsplugin_t;
++domain_type(nsplugin_t)
++domain_entry_file(nsplugin_t, nsplugin_exec_t)
++
++type nsplugin_config_t;
++domain_type(nsplugin_config_t)
++domain_entry_file(nsplugin_config_t, nsplugin_config_exec_t)
++
 +application_executable_file(nsplugin_exec_t)
 +application_executable_file(nsplugin_config_exec_t)
 +
 +
++########################################
++#
++# nsplugin local policy
++#
++dontaudit nsplugin_t self:capability sys_tty_config;
++allow nsplugin_t self:fifo_file rw_file_perms;
++allow nsplugin_t self:process { ptrace getsched setsched signal_perms };
++
++allow nsplugin_t self:sem create_sem_perms;
++allow nsplugin_t self:shm create_shm_perms;
++allow nsplugin_t self:msgq create_msgq_perms;
++allow nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
++
++tunable_policy(`allow_nsplugin_execmem',`
++	allow nsplugin_t self:process { execstack execmem };
++	allow nsplugin_config_t self:process { execstack execmem };
++')
++	
++manage_dirs_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++exec_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++manage_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++manage_lnk_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++userdom_user_home_dir_filetrans(user, nsplugin_t, nsplugin_home_t, {file dir})
++unprivuser_dontaudit_write_home_content_files(nsplugin_t)
++
++corecmd_exec_bin(nsplugin_t)
++corecmd_exec_shell(nsplugin_t)
++
++corenet_all_recvfrom_unlabeled(nsplugin_t)
++corenet_all_recvfrom_netlabel(nsplugin_t)
++corenet_tcp_connect_flash_port(nsplugin_t)
++corenet_tcp_connect_pulseaudio_port(nsplugin_t)
++corenet_tcp_connect_http_port(nsplugin_t)
++corenet_tcp_sendrecv_generic_if(nsplugin_t)
++corenet_tcp_sendrecv_all_nodes(nsplugin_t)
++
++domain_dontaudit_read_all_domains_state(nsplugin_t)
++
++dev_read_rand(nsplugin_t)
++dev_read_sound(nsplugin_t)
++dev_write_sound(nsplugin_t)
++dev_read_video_dev(nsplugin_t)
++dev_write_video_dev(nsplugin_t)
++dev_getattr_dri_dev(nsplugin_t)
++dev_rwx_zero(nsplugin_t)
++
++kernel_read_kernel_sysctls(nsplugin_t)
++kernel_read_system_state(nsplugin_t)
++
++files_read_usr_files(nsplugin_t)
++files_read_etc_files(nsplugin_t)
++files_read_config_files(nsplugin_t)
++
++fs_list_inotifyfs(nsplugin_t)
++fs_manage_tmpfs_files(nsplugin_t)
++fs_getattr_tmpfs(nsplugin_t)
++fs_getattr_xattr_fs(nsplugin_t)
++
++term_dontaudit_getattr_all_user_ptys(nsplugin_t)
++term_dontaudit_getattr_all_user_ttys(nsplugin_t)
++
++auth_use_nsswitch(nsplugin_t)
++
++libs_use_ld_so(nsplugin_t)
++libs_use_shared_libs(nsplugin_t)
++libs_exec_ld_so(nsplugin_t)
++
++miscfiles_read_localization(nsplugin_t)
++miscfiles_read_fonts(nsplugin_t)
++
++unprivuser_manage_tmp_dirs(nsplugin_t)
++unprivuser_manage_tmp_files(nsplugin_t)
++unprivuser_manage_tmp_sockets(nsplugin_t)
++userdom_tmp_filetrans_user_tmp(user, nsplugin_t, { file dir sock_file })
++unprivuser_read_tmpfs_files(nsplugin_t)
++unprivuser_rw_semaphores(nsplugin_t)
++unprivuser_delete_tmpfs_files(nsplugin_t)
++
++unprivuser_read_home_content_symlinks(nsplugin_t)
++unprivuser_read_home_content_files(nsplugin_t)
++unprivuser_read_tmp_files(nsplugin_t)
++userdom_write_user_tmp_sockets(user, nsplugin_t)
++unprivuser_dontaudit_append_home_content_files(nsplugin_t)
++userdom_dontaudit_unlink_unpriv_home_content_files(nsplugin_t)
++userdom_dontaudit_manage_user_tmp_files(user, nsplugin_t)
++
++optional_policy(`
++	alsa_read_rw_config(nsplugin_t)
++')
++
++optional_policy(`
++	gnome_exec_gconf(nsplugin_t)
++	gnome_manage_user_gnome_config(user, nsplugin_t)
++	allow nsplugin_t gnome_home_t:sock_file write;
++')
++
++optional_policy(`
++	mozilla_read_user_home_files(user, nsplugin_t)
++	mozilla_write_user_home_files(user, nsplugin_t)
++')
++
++optional_policy(`
++	mplayer_exec(nsplugin_t)
++	mplayer_read_user_home_files(user, nsplugin_t)
++')
++
++optional_policy(`
++	unconfined_execmem_signull(nsplugin_t)
++	unconfined_delete_tmpfs_files(nsplugin_t)
++')
++
++optional_policy(`
++	xserver_stream_connect_xdm_xserver(nsplugin_t)
++	xserver_xdm_rw_shm(nsplugin_t)
++	xserver_read_xdm_tmp_files(nsplugin_t)
++	xserver_read_xdm_pid(nsplugin_t)
++	xserver_read_user_xauth(user, nsplugin_t)
++	xserver_read_user_iceauth(user, nsplugin_t)
++	xserver_use_user_fonts(user, nsplugin_t)
++	xserver_manage_home_fonts(nsplugin_t)
++	xserver_dontaudit_rw_xdm_home_files(nsplugin_t)
++')
++
++########################################
++#
++# nsplugin_config local policy
++#
++
++allow nsplugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
++allow nsplugin_config_t self:process { setsched sigkill getsched execmem };
++#execing pulseaudio
++dontaudit nsplugin_t self:process { getcap setcap };
++
++allow nsplugin_config_t self:fifo_file rw_file_perms;
++allow nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
++
++fs_list_inotifyfs(nsplugin_config_t)
++
++can_exec(nsplugin_config_t, nsplugin_rw_t)
++manage_dirs_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++manage_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++manage_lnk_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++
++manage_dirs_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++manage_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++manage_lnk_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++
++corecmd_exec_bin(nsplugin_config_t)
++corecmd_exec_shell(nsplugin_config_t)
++
++kernel_read_system_state(nsplugin_config_t)
++
++files_read_etc_files(nsplugin_config_t)
++files_read_usr_files(nsplugin_config_t)
++files_dontaudit_search_home(nsplugin_config_t)
++files_list_tmp(nsplugin_config_t)
++
++auth_use_nsswitch(nsplugin_config_t)
++
++libs_use_ld_so(nsplugin_config_t)
++libs_use_shared_libs(nsplugin_config_t)
++
++miscfiles_read_localization(nsplugin_config_t)
++miscfiles_read_fonts(nsplugin_config_t)
++
++userdom_search_all_users_home_content(nsplugin_config_t)
++
++tunable_policy(`use_nfs_home_dirs',`
++	fs_manage_nfs_dirs(nsplugin_t)
++	fs_manage_nfs_files(nsplugin_t)
++	fs_manage_nfs_dirs(nsplugin_config_t)
++	fs_manage_nfs_files(nsplugin_config_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++	fs_manage_cifs_dirs(nsplugin_t)
++	fs_manage_cifs_files(nsplugin_t)
++	fs_manage_cifs_dirs(nsplugin_config_t)
++	fs_manage_cifs_files(nsplugin_config_t)
++')
++
++domtrans_pattern(nsplugin_config_t, nsplugin_exec_t, nsplugin_t)
++
++optional_policy(`
++	xserver_read_home_fonts(nsplugin_config_t)
++')
++
++optional_policy(`
++	mozilla_read_user_home_files(user, nsplugin_config_t)
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.5.8/policy/modules/apps/openoffice.fc
 --- nsaserefpolicy/policy/modules/apps/openoffice.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.5.8/policy/modules/apps/openoffice.fc	2008-09-17 08:49:08.000000000 -0400
@@ -8292,7 +8410,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.5.8/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/kernel/storage.fc	2008-09-22 12:22:40.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/kernel/storage.fc	2008-09-22 15:56:42.000000000 -0400
 @@ -27,6 +27,7 @@
  /dev/mcdx?		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/megadev.*		-c	gen_context(system_u:object_r:removable_device_t,s0)
@@ -8301,14 +8419,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /dev/nb[^/]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/optcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/p[fg][0-3]		-b	gen_context(system_u:object_r:removable_device_t,s0)
-@@ -65,6 +66,7 @@
- 
- /dev/md/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
- /dev/mapper/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-+/dev/mspblk.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
- 
- /dev/raw/raw[0-9]+	-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
- 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.5.8/policy/modules/roles/guest.fc
 --- nsaserefpolicy/policy/modules/roles/guest.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.5.8/policy/modules/roles/guest.fc	2008-09-17 08:49:08.000000000 -0400
@@ -13976,7 +14086,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.8/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/cups.te	2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/cups.te	2008-09-22 14:18:53.000000000 -0400
 @@ -48,6 +48,10 @@
  type hplip_t;
  type hplip_exec_t;
@@ -14058,7 +14168,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow cupsd_t hplip_var_run_t:file { read getattr };
  
  stream_connect_pattern(cupsd_t, ptal_var_run_t, ptal_var_run_t, ptal_t)
-@@ -149,44 +174,48 @@
+@@ -149,44 +174,49 @@
  corenet_tcp_bind_reserved_port(cupsd_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
  corenet_tcp_connect_all_ports(cupsd_t)
@@ -14072,6 +14182,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dev_read_urand(cupsd_t)
  dev_read_sysfs(cupsd_t)
 -dev_read_usbfs(cupsd_t)
++dev_rw_input_dev(cupsd_t)  #447878
 +dev_rw_generic_usb_dev(cupsd_t)
 +dev_rw_usbfs(cupsd_t)
  dev_getattr_printer_dev(cupsd_t)
@@ -14112,7 +14223,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  files_list_world_readable(cupsd_t)
  files_read_world_readable_files(cupsd_t)
  files_read_world_readable_symlinks(cupsd_t)
-@@ -195,15 +224,16 @@
+@@ -195,15 +225,16 @@
  files_read_var_symlinks(cupsd_t)
  # for /etc/printcap
  files_dontaudit_write_etc_files(cupsd_t)
@@ -14133,7 +14244,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  auth_use_nsswitch(cupsd_t)
  
  libs_use_ld_so(cupsd_t)
-@@ -219,17 +249,22 @@
+@@ -219,17 +250,22 @@
  miscfiles_read_fonts(cupsd_t)
  
  seutil_read_config(cupsd_t)
@@ -14158,7 +14269,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -246,8 +281,16 @@
+@@ -246,8 +282,16 @@
  	userdom_dbus_send_all_users(cupsd_t)
  
  	optional_policy(`
@@ -14175,7 +14286,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -263,6 +306,10 @@
+@@ -263,6 +307,10 @@
  ')
  
  optional_policy(`
@@ -14186,7 +14297,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	# cups execs smbtool which reads samba_etc_t files
  	samba_read_config(cupsd_t)
  	samba_rw_var_files(cupsd_t)
-@@ -281,7 +328,7 @@
+@@ -281,7 +329,7 @@
  # Cups configuration daemon local policy
  #
  
@@ -14195,7 +14306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  dontaudit cupsd_config_t self:capability sys_tty_config;
  allow cupsd_config_t self:process signal_perms;
  allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
-@@ -326,6 +373,7 @@
+@@ -326,6 +374,7 @@
  dev_read_sysfs(cupsd_config_t)
  dev_read_urand(cupsd_config_t)
  dev_read_rand(cupsd_config_t)
@@ -14203,7 +14314,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  fs_getattr_all_fs(cupsd_config_t)
  fs_search_auto_mountpoints(cupsd_config_t)
-@@ -343,7 +391,7 @@
+@@ -343,7 +392,7 @@
  files_read_var_symlinks(cupsd_config_t)
  
  # Alternatives asks for this
@@ -14212,7 +14323,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  auth_use_nsswitch(cupsd_config_t)
  
-@@ -353,6 +401,7 @@
+@@ -353,6 +402,7 @@
  logging_send_syslog_msg(cupsd_config_t)
  
  miscfiles_read_localization(cupsd_config_t)
@@ -14220,7 +14331,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  seutil_dontaudit_search_config(cupsd_config_t)
  
-@@ -365,14 +414,16 @@
+@@ -365,14 +415,16 @@
  sysadm_dontaudit_search_home_dirs(cupsd_config_t)
  
  ifdef(`distro_redhat',`
@@ -14239,7 +14350,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
  ')
  
-@@ -388,6 +439,7 @@
+@@ -388,6 +440,7 @@
  optional_policy(`
  	hal_domtrans(cupsd_config_t)
  	hal_read_tmp_files(cupsd_config_t)
@@ -14247,7 +14358,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -500,7 +552,7 @@
+@@ -500,7 +553,7 @@
  allow hplip_t self:udp_socket create_socket_perms;
  allow hplip_t self:rawip_socket create_socket_perms;
  
@@ -14256,7 +14367,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  cups_stream_connect(hplip_t)
  
-@@ -509,6 +561,8 @@
+@@ -509,6 +562,8 @@
  read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
  files_search_etc(hplip_t)
  
@@ -14265,7 +14376,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_files_pattern(hplip_t, hplip_var_run_t, hplip_var_run_t)
  files_pid_filetrans(hplip_t, hplip_var_run_t, file)
  
-@@ -538,7 +592,8 @@
+@@ -538,7 +593,8 @@
  dev_read_urand(hplip_t)
  dev_read_rand(hplip_t)
  dev_rw_generic_usb_dev(hplip_t)
@@ -14275,7 +14386,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  fs_getattr_all_fs(hplip_t)
  fs_search_auto_mountpoints(hplip_t)
-@@ -564,12 +619,14 @@
+@@ -564,12 +620,14 @@
  userdom_dontaudit_use_unpriv_user_fds(hplip_t)
  userdom_dontaudit_search_all_users_home_content(hplip_t)
  
@@ -14291,7 +14402,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -651,3 +708,45 @@
+@@ -651,3 +709,45 @@
  optional_policy(`
  	udev_read_db(ptal_t)
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e8bd192..c14f3cc 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.8
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Sep 22 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-6
+- Fix transition to nsplugin
+
 * Mon Sep 22 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-5
 - Add file context for /dev/mspblk.*