diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index 44e782e..c57356a 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -356,6 +356,7 @@ interface(`mta_send_mail',`
')
allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
+ corecmd_read_bin_symlinks($1)
domtrans_pattern($1, mta_exec_type, system_mail_t)
allow mta_user_agent $1:fd use;
@@ -400,6 +401,25 @@ interface(`mta_sendmail_domtrans',`
########################################
##
+## Send system mail client a signal
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+#
+interface(`mta_signal_system_mail',`
+ gen_require(`
+ type system_mail_t;
+ ')
+
+ allow $1 system_mail_t:process signal;
+')
+
+########################################
+##
## Execute sendmail in the caller domain.
##
##
@@ -765,6 +785,25 @@ interface(`mta_search_queue',`
#######################################
##
+## List the mail queue.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`mta_list_queue',`
+ gen_require(`
+ type mqueue_spool_t;
+ ')
+
+ allow $1 mqueue_spool_t:dir list_dir_perms;
+ files_search_spool($1)
+')
+
+#######################################
+##
## Read the mail queue.
##
##
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
index 797d86b..29f117c 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
-policy_module(mta, 2.2.1)
+policy_module(mta, 2.2.2)
########################################
#
@@ -71,10 +71,14 @@ dev_read_sysfs(system_mail_t)
dev_read_rand(system_mail_t)
dev_read_urand(system_mail_t)
+files_read_usr_files(system_mail_t)
+
fs_rw_anon_inodefs_files(system_mail_t)
selinux_getattr_fs(system_mail_t)
+term_dontaudit_use_unallocated_ttys(system_mail_t)
+
init_use_script_ptys(system_mail_t)
userdom_use_user_terminals(system_mail_t)
@@ -107,6 +111,7 @@ optional_policy(`
optional_policy(`
cron_read_system_job_tmp_files(system_mail_t)
cron_dontaudit_write_pipes(system_mail_t)
+ cron_rw_system_job_stream_sockets(system_mail_t)
')
optional_policy(`