diff --git a/policy/modules/services/gpsd.fc b/policy/modules/services/gpsd.fc
index e7bbeb1..5e81e33 100644
--- a/policy/modules/services/gpsd.fc
+++ b/policy/modules/services/gpsd.fc
@@ -1 +1,6 @@
-/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
+/etc/rc\.d/init\.d/gpsd -- gen_context(system_u:object_r:gpsd_initrc_exec_t,s0)
+
+/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
+
+/var/run/gpsd\.pid -- gen_context(system_u:object_r:gpsd_var_run_t,s0)
+/var/run/gpsd\.sock -s gen_context(system_u:object_r:gpsd_var_run_t,s0)
diff --git a/policy/modules/services/gpsd.if b/policy/modules/services/gpsd.if
index 7597332..39fc12f 100644
--- a/policy/modules/services/gpsd.if
+++ b/policy/modules/services/gpsd.if
@@ -33,11 +33,6 @@ interface(`gpsd_domtrans',`
## The role to be allowed the gpsd domain.
##
##
-##
-##
-## The type of the role's terminal.
-##
-##
#
interface(`gpsd_run',`
gen_require(`
@@ -46,11 +41,10 @@ interface(`gpsd_run',`
gpsd_domtrans($1)
role $2 types gpsd_t;
- allow gpsd_t $3:chr_file rw_term_perms;
')
########################################
-##
+##
## Read and write gpsd shared memory.
##
##
diff --git a/policy/modules/services/gpsd.te b/policy/modules/services/gpsd.te
index 9cdc1f1..d8c1654 100644
--- a/policy/modules/services/gpsd.te
+++ b/policy/modules/services/gpsd.te
@@ -1,5 +1,5 @@
-policy_module(gpsd, 1.0.0)
+policy_module(gpsd, 1.0.1)
########################################
#
@@ -11,15 +11,21 @@ type gpsd_exec_t;
application_domain(gpsd_t, gpsd_exec_t)
init_daemon_domain(gpsd_t, gpsd_exec_t)
+type gpsd_initrc_exec_t;
+init_script_file(gpsd_initrc_exec_t)
+
type gpsd_tmpfs_t;
files_tmpfs_file(gpsd_tmpfs_t)
+type gpsd_var_run_t;
+files_pid_file(gpsd_var_run_t)
+
########################################
#
# gpsd local policy
#
-allow gpsd_t self:capability { setuid sys_nice setgid fowner };
+allow gpsd_t self:capability { fsetid setuid sys_nice setgid fowner };
allow gpsd_t self:process setsched;
allow gpsd_t self:shm create_shm_perms;
allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -29,6 +35,10 @@ manage_dirs_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file })
+manage_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
+manage_sock_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
+files_pid_filetrans(gpsd_t, gpsd_var_run_t, { file sock_file })
+
corenet_all_recvfrom_unlabeled(gpsd_t)
corenet_all_recvfrom_netlabel(gpsd_t)
corenet_tcp_sendrecv_generic_if(gpsd_t)
@@ -51,5 +61,5 @@ optional_policy(`
')
optional_policy(`
- ntpd_rw_shm(gpsd_t)
+ ntp_rw_shm(gpsd_t)
')