+## abstract Machine Test Utility
@@ -289,7 +289,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.6.4/policy/modules/admin/amtu.te
--- nsaserefpolicy/policy/modules/admin/amtu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/admin/amtu.te 2007-05-08 09:59:33.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/amtu.te 2007-05-21 10:46:53.000000000 -0400
@@ -0,0 +1,57 @@
+policy_module(amtu,1.0.23)
+
@@ -349,8 +349,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te
+');
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.6.4/policy/modules/admin/bootloader.te
---- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/bootloader.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/bootloader.te 2007-05-21 10:46:53.000000000 -0400
@@ -65,6 +65,8 @@
files_tmp_filetrans(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
# for tune2fs (cjp: ?)
@@ -369,8 +369,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.6.4/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/consoletype.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/consoletype.te 2007-05-21 10:46:53.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -403,8 +403,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
domain_use_interactive_fds(consoletype_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.6.4/policy/modules/admin/dmesg.te
---- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/admin/dmesg.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/dmesg.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/dmesg.te 2007-05-21 10:46:53.000000000 -0400
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -414,8 +414,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.6.4/policy/modules/admin/kudzu.te
---- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/kudzu.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/kudzu.te 2007-05-21 10:46:53.000000000 -0400
@@ -21,8 +21,8 @@
# Local policy
#
@@ -437,8 +437,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.t
# the inittab after configuring serial consoles
init_telinit(kudzu_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.6.4/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-03-26 10:39:08.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/logrotate.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/logrotate.te 2007-05-21 10:46:53.000000000 -0400
@@ -75,6 +75,7 @@
mls_file_read_up(logrotate_t)
mls_file_write_down(logrotate_t)
@@ -448,8 +448,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
selinux_get_fs_mount(logrotate_t)
selinux_get_enforce_mode(logrotate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.6.4/policy/modules/admin/logwatch.te
---- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-05-02 15:04:46.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/logwatch.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/logwatch.te 2007-05-21 10:46:53.000000000 -0400
@@ -63,6 +63,8 @@
files_search_mnt(logwatch_t)
files_dontaudit_search_home(logwatch_t)
@@ -460,8 +460,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
fs_getattr_all_fs(logwatch_t)
fs_dontaudit_list_auto_mountpoints(logwatch_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.6.4/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2007-04-30 10:41:38.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-05-16 13:16:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-05-21 10:46:53.000000000 -0400
@@ -31,6 +31,7 @@
type traceroute_t;
type traceroute_exec_t;
@@ -470,9 +470,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
role system_r types traceroute_t;
########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.6.4/policy/modules/admin/prelink.te
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2007-05-21 11:37:13.000000000 -0400
+@@ -26,7 +26,7 @@
+ # Local policy
+ #
+
+-allow prelink_t self:capability { chown dac_override fowner fsetid };
++allow prelink_t self:capability { chown dac_override fowner fsetid sys_resource };
+ allow prelink_t self:process { execheap execmem execstack signal };
+ allow prelink_t self:fifo_file rw_fifo_file_perms;
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.6.4/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/admin/readahead.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/readahead.te 2007-05-21 10:46:53.000000000 -0400
@@ -18,7 +18,8 @@
# Local policy
#
@@ -501,8 +513,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
+ logging_dontaudit_search_audit_config(readahead_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.6.4/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.fc 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.fc 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.fc 2007-05-21 10:46:53.000000000 -0400
@@ -21,6 +21,9 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -514,8 +526,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.6.4/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if 2007-04-11 10:19:43.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.if 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-05-21 10:46:53.000000000 -0400
@@ -225,8 +225,29 @@
type rpm_script_tmp_t;
')
@@ -595,8 +607,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
+ dontaudit $1 rpm_tmp_t:file rw_file_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.6.4/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.te 2007-05-21 10:46:53.000000000 -0400
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
@@ -607,8 +619,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
domain_role_change_exemption(rpm_t)
domain_system_change_exemption(rpm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-2.6.4/policy/modules/admin/sudo.if
---- nsaserefpolicy/policy/modules/admin/sudo.if 2007-03-26 10:39:08.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/sudo.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/sudo.if 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/sudo.if 2007-05-21 10:46:53.000000000 -0400
@@ -69,7 +69,6 @@
allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
allow $1_sudo_t self:unix_dgram_socket sendto;
@@ -656,8 +668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.6.4/policy/modules/admin/su.if
---- nsaserefpolicy/policy/modules/admin/su.if 2007-04-30 10:41:38.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/su.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/su.if 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/su.if 2007-05-21 10:46:53.000000000 -0400
@@ -41,12 +41,11 @@
allow $2 $1_su_t:process signal;
@@ -731,8 +743,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
allow $1_su_t $1_home_t:file manage_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-2.6.4/policy/modules/admin/usermanage.if
---- nsaserefpolicy/policy/modules/admin/usermanage.if 2007-03-26 10:39:08.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/usermanage.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/usermanage.if 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/usermanage.if 2007-05-21 10:46:53.000000000 -0400
@@ -278,5 +278,5 @@
type crack_db_t;
')
@@ -741,8 +753,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
+ read_files_pattern($1,crack_db_t,crack_db_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.6.4/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/usermanage.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/usermanage.te 2007-05-21 10:46:53.000000000 -0400
@@ -184,7 +184,7 @@
# Groupadd local policy
#
@@ -903,8 +915,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
+ rpm_dontaudit_rw_tmp_files(useradd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-2.6.4/policy/modules/admin/vbetool.te
---- nsaserefpolicy/policy/modules/admin/vbetool.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/admin/vbetool.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/vbetool.te 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/vbetool.te 2007-05-21 10:46:53.000000000 -0400
@@ -32,4 +32,5 @@
optional_policy(`
@@ -912,8 +924,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
+ hal_write_log(vbetool_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-2.6.4/policy/modules/apps/gnome.if
---- nsaserefpolicy/policy/modules/apps/gnome.if 2007-02-19 11:32:52.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/apps/gnome.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/gnome.if 2007-05-21 10:46:53.000000000 -0400
@@ -35,6 +35,7 @@
template(`gnome_per_role_template',`
gen_require(`
@@ -968,8 +980,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
##
## This is a templated interface, and should only
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-2.6.4/policy/modules/apps/gpg.fc
---- nsaserefpolicy/policy/modules/apps/gpg.fc 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/apps/gpg.fc 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gpg.fc 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/gpg.fc 2007-05-21 10:46:53.000000000 -0400
@@ -7,6 +7,4 @@
/usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
@@ -977,9 +989,48 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
-ifdef(`targeted_policy',`',`
HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0)
-')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.6.4/policy/modules/apps/java.if
+--- nsaserefpolicy/policy/modules/apps/java.if 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/java.if 2007-05-21 10:47:26.000000000 -0400
+@@ -224,3 +224,35 @@
+ refpolicywarn(`$0($1) has no effect in strict policy.')
+ ')
+ ')
++
++########################################
++##
++## Execute a java in the specified domain
++##
++##
++##
++## Execute the java command in the specified domain. This allows
++## the specified domain to execute any file
++## on these filesystems in the specified
++## domain.
++##
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++##
++## The type of the new process.
++##
++##
++#
++interface(`java_spec_domtrans',`
++ gen_require(`
++ type java_exec_t;
++ ')
++
++ domain_trans($1,java_exec_t,$2)
++ type_transition $1 java_exec_t:process $2;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.6.4/policy/modules/apps/loadkeys.if
---- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if 2007-05-21 10:46:53.000000000 -0400
@@ -11,16 +11,12 @@
##
#
@@ -1047,8 +1098,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
+ can_exec($1,loadkeys_exec_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.6.4/policy/modules/apps/mozilla.if
---- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-03-26 16:24:09.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/mozilla.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/mozilla.if 2007-05-21 10:46:53.000000000 -0400
@@ -150,6 +150,7 @@
corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
@@ -1058,8 +1109,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
dev_read_sound($1_mozilla_t)
dev_dontaudit_rw_dri($1_mozilla_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.6.4/policy/modules/apps/slocate.te
---- nsaserefpolicy/policy/modules/apps/slocate.te 2007-04-30 11:25:12.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2007-05-15 11:05:16.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/slocate.te 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2007-05-21 10:46:53.000000000 -0400
@@ -39,11 +39,12 @@
files_list_all(locate_t)
@@ -1075,8 +1126,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
libs_use_shared_libs(locate_t)
libs_use_ld_so(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if serefpolicy-2.6.4/policy/modules/apps/uml.if
---- nsaserefpolicy/policy/modules/apps/uml.if 2007-03-26 10:38:58.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/uml.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/uml.if 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/uml.if 2007-05-21 10:46:53.000000000 -0400
@@ -193,33 +193,6 @@
nis_use_ypbind($1_uml_t)
')
@@ -1112,8 +1163,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if s
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-04-11 15:52:53.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2007-05-21 10:46:53.000000000 -0400
@@ -36,6 +36,11 @@
/etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0)
/etc/cipe/ip-down.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -1133,8 +1184,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
+/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.6.4/policy/modules/kernel/corecommands.if
---- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-03-26 10:38:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.if 2007-05-21 10:46:53.000000000 -0400
@@ -988,3 +988,23 @@
mmap_files_pattern($1,bin_t,exec_type)
@@ -1160,8 +1211,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-05-07 10:32:44.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in 2007-05-21 10:46:53.000000000 -0400
@@ -48,6 +48,11 @@
type reserved_port_t, port_type, reserved_port_type;
@@ -1211,8 +1262,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
portcon udp 1-1023 gen_context(system_u:object_r:reserved_port_t, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.6.4/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-03-01 10:01:48.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2007-05-21 10:46:53.000000000 -0400
@@ -19,6 +19,7 @@
/dev/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0)
@@ -1231,8 +1282,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
/dev/cpu/mtrr -c gen_context(system_u:object_r:mtrr_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.6.4/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2007-05-07 14:50:42.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-05-21 10:46:53.000000000 -0400
@@ -2729,6 +2729,24 @@
########################################
@@ -1338,8 +1389,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.6.4/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te 2007-05-07 14:50:42.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.te 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.te 2007-05-21 10:46:53.000000000 -0400
@@ -139,6 +139,12 @@
#
# Type for sound devices and mixers
@@ -1354,8 +1405,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
dev_node(sound_device_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-2.6.4/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if 2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/kernel/domain.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/domain.if 2007-05-21 10:46:53.000000000 -0400
@@ -1254,3 +1254,21 @@
typeattribute $1 can_change_object_identity;
typeattribute $1 set_curr_context;
@@ -1379,8 +1430,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ allow $1 domain:association { sendto recvfrom };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.6.4/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te 2007-04-23 09:35:56.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/domain.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/domain.te 2007-05-21 10:46:53.000000000 -0400
@@ -6,6 +6,29 @@
# Declarations
#
@@ -1439,8 +1490,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.6.4/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-05-16 17:44:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.fc 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-05-21 10:46:53.000000000 -0400
@@ -45,7 +45,6 @@
/etc -d gen_context(system_u:object_r:etc_t,s0)
/etc/.* gen_context(system_u:object_r:etc_t,s0)
@@ -1458,8 +1509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
/etc/nohotplug -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.6.4/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.if 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-05-21 10:46:53.000000000 -0400
@@ -343,8 +343,7 @@
########################################
@@ -1637,8 +1688,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+ allow $1 root_t:file { create getattr write };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.6.4/policy/modules/kernel/files.te
---- nsaserefpolicy/policy/modules/kernel/files.te 2007-04-23 09:35:56.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.te 2007-05-17 14:00:25.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.te 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.te 2007-05-21 10:46:53.000000000 -0400
@@ -54,6 +54,7 @@
files_type(etc_t)
# compatibility aliases for removed types:
@@ -1648,8 +1699,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
#
# etc_runtime_t is the type of various
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.6.4/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-03-26 16:24:09.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if 2007-05-21 10:46:53.000000000 -0400
@@ -1096,6 +1096,24 @@
########################################
@@ -1726,8 +1777,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+ allow $1 fusefs_t:filesystem mount;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.6.4/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-04-23 09:35:56.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2007-05-16 11:07:59.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2007-05-21 10:46:53.000000000 -0400
@@ -54,17 +54,29 @@
type capifs_t;
@@ -1783,8 +1834,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
# tmpfs_t is the type for tmpfs filesystems
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.6.4/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-05-02 15:04:46.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-05-21 10:46:53.000000000 -0400
@@ -1848,6 +1848,26 @@
########################################
@@ -1823,8 +1874,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.6.4/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-05-02 15:04:46.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2007-05-21 10:46:53.000000000 -0400
@@ -146,6 +146,8 @@
type unlabeled_t;
sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
@@ -1843,8 +1894,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-2.6.4/policy/modules/kernel/mls.if
---- nsaserefpolicy/policy/modules/kernel/mls.if 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/kernel/mls.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/mls.if 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/mls.if 2007-05-21 10:46:53.000000000 -0400
@@ -154,6 +154,26 @@
########################################
##
@@ -1873,8 +1924,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if
##
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.6.4/policy/modules/kernel/mls.te
---- nsaserefpolicy/policy/modules/kernel/mls.te 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/kernel/mls.te 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/mls.te 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/mls.te 2007-05-21 10:46:53.000000000 -0400
@@ -18,6 +18,7 @@
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
@@ -1893,8 +1944,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te
attribute privrangetrans;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-2.6.4/policy/modules/kernel/selinux.if
---- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-02-27 14:37:10.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/kernel/selinux.if 2007-05-08 09:59:33.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/selinux.if 2007-05-21 10:46:53.000000000 -0400
@@ -51,6 +51,44 @@
########################################
@@ -1941,8 +1992,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
##
##