diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 49caf6c..ff22523 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -11,6 +11,7 @@
 	* Added policies:
 		acct
 		firstboot
+		gpm
 		ldap
 		loadkeys
 		mysql
diff --git a/refpolicy/policy/modules/services/gpm.fc b/refpolicy/policy/modules/services/gpm.fc
new file mode 100644
index 0000000..1383fa5
--- /dev/null
+++ b/refpolicy/policy/modules/services/gpm.fc
@@ -0,0 +1,7 @@
+
+/dev/gpmctl		-s	context_template(system_u:object_r:gpmctl_t,s0)
+/dev/gpmdata		-p	context_template(system_u:object_r:gpmctl_t,s0)
+
+/etc/gpm(/.*)?			context_template(system_u:object_r:gpm_conf_t,s0)
+
+/usr/sbin/gpm		--	context_template(system_u:object_r:gpm_exec_t,s0)
diff --git a/refpolicy/policy/modules/services/gpm.if b/refpolicy/policy/modules/services/gpm.if
new file mode 100644
index 0000000..12fefe9
--- /dev/null
+++ b/refpolicy/policy/modules/services/gpm.if
@@ -0,0 +1,59 @@
+## <summary>General Purpose Mouse driver</summary>
+
+########################################
+## <summary>
+##	Get the attributes of the GPM
+##	control channel named socket.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`gpm_getattr_gpmctl',`
+	gen_require(`
+		type gpmctl_t;
+		class sock_file getattr;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 gpmctl_t:sock_file getattr;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to get the 
+##	attributes of the GPM control channel
+##	named socket.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`gpm_dontaudit_getattr_gpmctl',`
+	gen_require(`
+		type gpmctl_t;
+		class sock_file getattr;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 gpmctl_t:sock_file getattr;
+')
+
+########################################
+## <summary>
+##	Set the attributes of the GPM
+##	control channel named socket.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`gpm_setattr_gpmctl',`
+	gen_require(`
+		type gpmctl_t;
+		class sock_file setattr;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 gpmctl_t:sock_file setattr;
+')
diff --git a/refpolicy/policy/modules/services/gpm.te b/refpolicy/policy/modules/services/gpm.te
new file mode 100644
index 0000000..44c5c03
--- /dev/null
+++ b/refpolicy/policy/modules/services/gpm.te
@@ -0,0 +1,102 @@
+
+policy_module(gpm,1.0)
+
+########################################
+#
+# Declarations
+#
+
+type gpm_t;
+type gpm_exec_t;
+init_daemon_domain(gpm_t,gpm_exec_t)
+
+type gpm_conf_t;
+files_type(gpm_conf_t)
+
+type gpm_tmp_t;
+files_tmp_file(gpm_tmp_t)
+
+type gpm_var_run_t;
+files_pid_file(gpm_var_run_t)
+
+type gpmctl_t;
+files_type(gpmctl_t)
+
+########################################
+#
+# Local policy
+#
+
+allow gpm_t self:capability { setuid dac_override sys_admin sys_tty_config };
+
+allow gpm_t gpm_conf_t:dir r_dir_perms;
+allow gpm_t gpm_conf_t:file r_file_perms;
+allow gpm_t gpm_conf_t:lnk_file { getattr read };
+
+allow gpm_t gpm_tmp_t:dir create_dir_perms;
+allow gpm_t gpm_tmp_t:file create_file_perms;
+files_create_tmp_files(gpm_t, gpm_tmp_t, { file dir })
+
+allow gpm_t gpm_var_run_t:file create_file_perms;
+files_create_pid(gpm_t,gpm_var_run_t)
+
+allow gpm_t gpmctl_t:sock_file create_file_perms;
+allow gpm_t gpmctl_t:fifo_file create_file_perms;
+dev_create_dev_node(gpm_t,gpmctl_t,{ sock_file fifo_file })
+
+# cjp: this has no effect
+allow gpm_t gpmctl_t:unix_stream_socket name_bind;
+
+kernel_read_kernel_sysctl(gpm_t)
+kernel_list_proc(gpm_t)
+kernel_read_proc_symlinks(gpm_t)
+
+dev_read_sysfs(gpm_t)
+# Access the mouse.
+dev_read_input(gpm_t)
+dev_read_mouse(gpm_t)
+
+fs_getattr_all_fs(gpm_t)
+fs_search_auto_mountpoints(gpm_t)
+
+term_use_unallocated_tty(gpm_t)
+term_dontaudit_use_console(gpm_t)
+
+domain_use_wide_inherit_fd(gpm_t)
+
+init_use_fd(gpm_t)
+init_use_script_pty(gpm_t)
+
+libs_use_ld_so(gpm_t)
+libs_use_shared_libs(gpm_t)
+
+logging_send_syslog_msg(gpm_t)
+
+miscfiles_read_localization(gpm_t)
+
+userdom_dontaudit_use_unpriv_user_fd(gpm_t)
+userdom_dontaudit_search_sysadm_home_dir(gpm_t)
+
+ifdef(`targeted_policy', `
+	term_dontaudit_use_unallocated_tty(gpm_t)
+	term_dontaudit_use_generic_pty(gpm_t)
+	files_dontaudit_read_root_file(gpm_t)
+')
+
+optional_policy(`rhgb.te',`
+	rhgb_domain(gpm_t)
+')
+
+optional_policy(`selinuxutil.te',`
+	seutil_sigchld_newrole(gpm_t)
+')
+
+optional_policy(`udev.te', `
+	udev_read_db(gpm_t)
+')
+
+ifdef(`TODO',`
+# Access the mouse.
+# cjp: why write?
+allow gpm_t { event_device_t mouse_device_t }:chr_file rw_file_perms;
+')
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index bbab98b..0e68a81 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -208,6 +208,11 @@ ifdef(`targeted_policy', `
 	files_dontaudit_read_root_file(pam_console_t)
 ')
 
+optional_policy(`gpm.te',`
+	gpm_getattr_gpmctl(pam_console_t)
+	gpm_setattr_gpmctl(pam_console_t)
+')
+
 optional_policy(`hotplug.te', `
 	hotplug_use_fd(pam_console_t)
 	hotplug_dontaudit_search_config(pam_console_t)
@@ -230,10 +235,6 @@ optional_policy(`rhgb.te', `
 	rhgb_domain(pam_console_t)
 ')
 
-ifdef(`gpm.te', `
-	allow pam_console_t gpmctl_t:sock_file { getattr setattr };
-')
-
 ifdef(`xdm.te', `
 	allow pam_console_t xdm_var_run_t:file { getattr read };
 ')
@@ -336,5 +337,5 @@ optional_policy(`xdm.te', `
 	#allow utempter_t xdm_t:fd use;
 	xdm_use_fd(utempter_t)
 	#allow utempter_t xdm_t:fifo_file { write getattr };
-	xdm_write_fifo(utempter_t)
+	xdm_write_pipe(utempter_t)
 ')
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index e9980fa..1b5c2e3 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -363,6 +363,10 @@ ifdef(`targeted_policy',`
 	unconfined_shell_domtrans(initrc_t)
 ')
 
+optional_policy(`gpm.te',`
+	gpm_setattr_gpmctl(initrc_t)
+')
+
 optional_policy(`hotplug.te',`
 	dev_read_usbfs(initrc_t)
 
diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te
index 295d626..26aa386 100644
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -186,6 +186,11 @@ tunable_policy(`use_samba_home_dirs',`
 	fs_read_cifs_symlinks(local_login_t)
 ')
 
+optional_policy(`gpm.te',`
+	gpm_getattr_gpmctl(local_login_t)
+	gpm_setattr_gpmctl(local_login_t)
+')
+
 optional_policy(`nis.te',`
 	nis_use_ypbind(local_login_t)
 ')
@@ -204,10 +209,6 @@ optional_policy(`locallogin.te',`
 	# FIXME: what is this for?
 	locallogin_signull(xdm_t)
 ')
-
-optional_policy(`gpm.te',`
-	allow local_login_t gpmctl_t:sock_file { getattr setattr };
-')
 ') dnl endif TODO
 
 #################################
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index 7236074..47cfa64 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -161,6 +161,10 @@ optional_policy(`bootloader.te',`
 	bootloader_rw_tmp_file(lvm_t)
 ')
 
+optional_policy(`gpm.te',`
+	gpm_dontaudit_getattr_gpmctl(lvm_t)
+')
+
 optional_policy(`udev.te', `
 	udev_read_db(lvm_t)
 ')
@@ -171,10 +175,6 @@ optional_policy(`gnome-pty-helper.te', `
 	allow lvm_t sysadm_gph_t:fd use;
 ')
 
-optional_policy(`gpm.te', `
-	dontaudit lvm_t gpmctl_t:sock_file getattr;
-')
-
 optional_policy(`rhgb.te',`
 rhgb_domain(lvm_t)
 ')