diff --git a/policy-20071130.patch b/policy-20071130.patch
index cee24d2..3400eea 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -3601,8 +3601,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+/usr/lib/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.2.5/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.if 2008-01-03 17:03:53.000000000 -0500
-@@ -0,0 +1,205 @@
++++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.if 2008-01-04 08:37:32.000000000 -0500
+@@ -0,0 +1,227 @@
+
+## policy for nsplugin
+
@@ -3659,7 +3659,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+ type nsplugin_rw_t;
+ ')
+
-+ read_fils_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
++ read_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
++')
++
++########################################
++##
++## Exec nsplugin rw files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`nsplugin_rw_exec',`
++ gen_require(`
++ type nsplugin_rw_t;
++ ')
++
++ can_exec($1, nsplugin_rw_t)
+')
+
+########################################
@@ -3803,10 +3821,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+template(`nsplugin_per_role_template',`
+ gen_require(`
+ type nsplugin_t;
++ type nsplugin_rw_t;
+ ')
+ nsplugin_domtrans($2)
+ role $3 types nsplugin_t;
-+ nsplugin_read_rw_files($2)
++
++ read_files_pattern($2, , nsplugin_rw_t, nsplugin_rw_t)
++ read_lnk_files_pattern($2, , nsplugin_rw_t, nsplugin_rw_t)
++ can_exec($2, nsplugin_rw_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.2.5/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500