diff --git a/libsepol-fedora.patch b/libsepol-fedora.patch
index b0e52c3..f29272f 100644
--- a/libsepol-fedora.patch
+++ b/libsepol-fedora.patch
@@ -11,10 +11,12 @@ index a43b343..5d2c96b 100644
  	-Wshadow -Wmissing-noreturn \
  	-Wmissing-format-attribute
 diff --git libsepol-2.5/ChangeLog libsepol-2.5/ChangeLog
-index ace3d54..9348d70 100644
+index ace3d54..12e2ebc 100644
 --- libsepol-2.5/ChangeLog
 +++ libsepol-2.5/ChangeLog
-@@ -1,3 +1,10 @@
+@@ -1,3 +1,12 @@
++	* Only apply bounds checking to source types in rules, from Stephen Smalley.
++	* Fix CIL and not add an attribute as a type in the attr_type_map, from James Carter
 +	* Build policy on systems not supporting DCCP protocol, from Richard Haines.
 +	* Fix extended permissions neverallow checking, from Jeff Vander Stoep.
 +	* Fix CIL neverallow and bounds checking, from James Carter
@@ -38,7 +40,7 @@ index afdc240..de7033a 100644
  	CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
  	CIL_KEY_ALLOW = cil_strpool_add("allow");
 diff --git libsepol-2.5/cil/src/cil_binary.c libsepol-2.5/cil/src/cil_binary.c
-index f749e53..b8437c9 100644
+index f749e53..1cd12d2 100644
 --- libsepol-2.5/cil/src/cil_binary.c
 +++ libsepol-2.5/cil/src/cil_binary.c
 @@ -31,6 +31,9 @@
@@ -51,7 +53,22 @@ index f749e53..b8437c9 100644
  
  #include <sepol/policydb/policydb.h>
  #include <sepol/policydb/polcaps.h>
-@@ -3035,6 +3038,9 @@ int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons)
+@@ -606,9 +609,11 @@ int __cil_typeattr_bitmap_init(policydb_t *pdb)
+ 			rc = SEPOL_ERR;
+ 			goto exit;
+ 		}
+-		if (ebitmap_set_bit(&pdb->attr_type_map[i], i, 1)) {
+-			rc = SEPOL_ERR;
+-			goto exit;
++		if (pdb->type_val_to_struct[i] && pdb->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
++			if (ebitmap_set_bit(&pdb->attr_type_map[i], i, 1)) {
++				rc = SEPOL_ERR;
++				goto exit;
++			}
+ 		}
+ 
+ 	}
+@@ -3035,6 +3040,9 @@ int cil_portcon_to_policydb(policydb_t *pdb, struct cil_sort *portcons)
  		case CIL_PROTOCOL_TCP:
  			new_ocon->u.port.protocol = IPPROTO_TCP;
  			break;
@@ -61,7 +78,7 @@ index f749e53..b8437c9 100644
  		default:
  			/* should not get here */
  			rc = SEPOL_ERR;
-@@ -4380,10 +4386,9 @@ exit:
+@@ -4380,10 +4388,9 @@ exit:
  	return rc;
  }
  
@@ -74,7 +91,7 @@ index f749e53..b8437c9 100644
  	struct cil_avrule *cil_rule = node->data;
  	struct cil_symtab_datum *tgt = cil_rule->tgt;
  	uint32_t kind;
-@@ -4422,11 +4427,11 @@ static int cil_check_neverallow(const struct cil_db *db, policydb_t *pdb, struct
+@@ -4422,11 +4429,11 @@ static int cil_check_neverallow(const struct cil_db *db, policydb_t *pdb, struct
  
  		rc = check_assertion(pdb, rule);
  		if (rc == CIL_TRUE) {
@@ -87,7 +104,7 @@ index f749e53..b8437c9 100644
  		}
  
  	} else {
-@@ -4444,12 +4449,11 @@ static int cil_check_neverallow(const struct cil_db *db, policydb_t *pdb, struct
+@@ -4444,12 +4451,11 @@ static int cil_check_neverallow(const struct cil_db *db, policydb_t *pdb, struct
  			rule->xperms = item->data;
  			rc = check_assertion(pdb, rule);
  			if (rc == CIL_TRUE) {
@@ -101,7 +118,7 @@ index f749e53..b8437c9 100644
  			}
  		}
  	}
-@@ -4466,34 +4470,23 @@ exit:
+@@ -4466,34 +4472,23 @@ exit:
  	rule->xperms = NULL;
  	__cil_destroy_sepol_avrules(rule);
  
@@ -141,7 +158,7 @@ index f749e53..b8437c9 100644
  }
  
  static struct cil_list *cil_classperms_from_sepol(policydb_t *pdb, uint16_t class, uint32_t data, struct cil_class *class_value_to_cil[], struct cil_perm **perm_value_to_cil[])
-@@ -4548,7 +4541,7 @@ exit:
+@@ -4548,7 +4543,7 @@ exit:
  	return rc;
  }
  
@@ -150,7 +167,7 @@ index f749e53..b8437c9 100644
  {
  	int rc = SEPOL_OK;
  	int i;
-@@ -4574,6 +4567,9 @@ static int cil_check_type_bounds(const struct cil_db *db, policydb_t *pdb, void
+@@ -4574,6 +4569,9 @@ static int cil_check_type_bounds(const struct cil_db *db, policydb_t *pdb, void
  		if (bad) {
  			avtab_ptr_t cur;
  			struct cil_avrule target;
@@ -160,7 +177,7 @@ index f749e53..b8437c9 100644
  
                          target.is_extended = 0;
  			target.rule_kind = CIL_AVRULE_ALLOWED;
-@@ -4585,7 +4581,6 @@ static int cil_check_type_bounds(const struct cil_db *db, policydb_t *pdb, void
+@@ -4585,7 +4583,6 @@ static int cil_check_type_bounds(const struct cil_db *db, policydb_t *pdb, void
  			for (cur = bad; cur; cur = cur->next) {
  				struct cil_list_item *i2;
  				struct cil_list *matching;
@@ -168,7 +185,7 @@ index f749e53..b8437c9 100644
  
  				rc = cil_avrule_from_sepol(pdb, cur, &target, type_value_to_cil, class_value_to_cil, perm_value_to_cil);
  				if (rc != SEPOL_OK) {
-@@ -4594,7 +4589,7 @@ static int cil_check_type_bounds(const struct cil_db *db, policydb_t *pdb, void
+@@ -4594,7 +4591,7 @@ static int cil_check_type_bounds(const struct cil_db *db, policydb_t *pdb, void
  				}
  				__cil_print_rule("  ", "allow", &target);
  				cil_list_init(&matching, CIL_NODE);
@@ -177,7 +194,7 @@ index f749e53..b8437c9 100644
  				if (rc) {
  					cil_log(CIL_ERR, "Error occurred while checking type bounds\n");
  					cil_list_destroy(&matching, CIL_FALSE);
-@@ -4602,14 +4597,17 @@ static int cil_check_type_bounds(const struct cil_db *db, policydb_t *pdb, void
+@@ -4602,14 +4599,17 @@ static int cil_check_type_bounds(const struct cil_db *db, policydb_t *pdb, void
  					bounds_destroy_bad(bad);
  					goto exit;
  				}
@@ -201,7 +218,7 @@ index f749e53..b8437c9 100644
  				cil_list_destroy(&matching, CIL_FALSE);
  				cil_list_destroy(&target.perms.classperms, CIL_TRUE);
  			}
-@@ -4753,20 +4751,32 @@ int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *p
+@@ -4753,20 +4753,32 @@ int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *p
  	__cil_set_conditional_state_and_flags(pdb);
  
  	if (db->disable_neverallow != CIL_TRUE) {
@@ -479,6 +496,61 @@ index fbf397f..f4429ad 100644
  		if (rc == 0)
  			goto exit;
  	}
+diff --git libsepol-2.5/src/hierarchy.c libsepol-2.5/src/hierarchy.c
+index 6f73195..b24b39e 100644
+--- libsepol-2.5/src/hierarchy.c
++++ libsepol-2.5/src/hierarchy.c
+@@ -121,18 +121,6 @@ static int bounds_expand_rule(sepol_handle_t *handle, policydb_t *p,
+ 		}
+ 	}
+ 
+-	if (ebitmap_get_bit(&p->attr_type_map[tgt - 1], parent - 1)) {
+-		avtab_key.target_type = parent;
+-		ebitmap_for_each_bit(&p->attr_type_map[src - 1], tnode, i) {
+-			if (!ebitmap_node_get_bit(tnode, i))
+-				continue;
+-			avtab_key.source_type = i + 1;
+-			rc = bounds_insert_rule(handle, avtab, global, other,
+-						&avtab_key, &datum);
+-			if (rc) goto exit;
+-		}
+-	}
+-
+ exit:
+ 	return rc;
+ }
+@@ -329,31 +317,6 @@ static int bounds_check_rule(sepol_handle_t *handle, policydb_t *p,
+ 			if (rc) goto exit;
+ 		}
+ 	}
+-	if (ebitmap_get_bit(&p->attr_type_map[tgt - 1], child - 1)) {
+-		avtab_key.target_type = parent;
+-		ebitmap_for_each_bit(&p->attr_type_map[src - 1], tnode, i) {
+-			if (!ebitmap_node_get_bit(tnode, i))
+-				continue;
+-			avtab_key.source_type = i + 1;
+-			if (avtab_key.source_type == child) {
+-				/* Checked above */
+-				continue;
+-			}
+-			d = bounds_not_covered(global_avtab, cur_avtab,
+-					       &avtab_key, data);
+-			if (!d) continue;
+-			td = p->type_val_to_struct[i];
+-			if (td && td->bounds) {
+-				avtab_key.source_type = td->bounds;
+-				d = bounds_not_covered(global_avtab, cur_avtab,
+-						       &avtab_key, data);
+-				if (!d) continue;
+-			}
+-			(*numbad)++;
+-			rc = bounds_add_bad(handle, i+1, child, class, d, bad);
+-			if (rc) goto exit;
+-		}
+-	}
+ 
+ exit:
+ 	return rc;
 diff --git libsepol-2.5/src/module_to_cil.c libsepol-2.5/src/module_to_cil.c
 index 18ec6b9..38f0dc3 100644
 --- libsepol-2.5/src/module_to_cil.c
diff --git a/libsepol.spec b/libsepol.spec
index 79b6fe2..aa8693e 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -1,14 +1,14 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsepol
 Version: 2.5
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libsepol-2.5.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.5 ./make-fedora-selinux-patch.sh libsepol
-# HEAD https://github.com/fedora-selinux/selinux/commit/f900ff37022119de47d516f103ccfd339d52c861
+# HEAD https://github.com/fedora-selinux/selinux/commit/3d38b0a219c3697546d813b6da9fff4d0da04a1e
 Patch1: libsepol-fedora.patch
 URL: https://github.com/SELinuxProject/selinux/wiki
 BuildRequires: flex
@@ -106,6 +106,10 @@ exit 0
 %{_libdir}/libsepol.so.1
 
 %changelog
+* Mon May 02 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5
+- Only apply bounds checking to source types in rules
+- Fix CIL and not add an attribute as a type in the attr_type_map
+
 * Fri Apr 29 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
 - Build policy on systems not supporting DCCP protocol
 - Fix extended permissions neverallow checking