UDEV patch from Dan Walsh.

policy/modules/system/udev.fc

@@ -6,8 +6,11 @@
 
 /etc/hotplug\.d/default/udev.* -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
 
+/etc/udev/rules.d(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
 /etc/udev/scripts/.+ --	gen_context(system_u:object_r:udev_helper_exec_t,s0)
 
+/lib/udev/udev-acl --	gen_context(system_u:object_r:udev_exec_t,s0)
+
 /sbin/start_udev --	gen_context(system_u:object_r:udev_exec_t,s0)
 /sbin/udev	--	gen_context(system_u:object_r:udev_exec_t,s0)
 /sbin/udevadm	--	gen_context(system_u:object_r:udev_exec_t,s0)

policy/modules/system/udev.if

@@ -1,5 +1,23 @@
 ## <summary>Policy for udev.</summary>
 
+########################################
+## <summary>
+##	Send generic signals to udev.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`udev_signal',`
+	gen_require(`
+		type udev_t;
+	')
+
+	allow $1 udev_t:process signal;
+')
+
 ########################################
 ## <summary>
 ##	Execute udev in the udev domain.
@@ -169,3 +187,23 @@ interface(`udev_rw_db',`
 	dev_list_all_dev_nodes($1)
 	allow $1 udev_tbl_t:file rw_file_perms;
 ')
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	udev pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`udev_manage_pid_files',`
+	gen_require(`
+		type udev_var_run_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, udev_var_run_t, udev_var_run_t)
+')

policy/modules/system/udev.te

@@ -1,5 +1,5 @@
 
-policy_module(udev, 1.11.0)
+policy_module(udev, 1.11.1)
 
 ########################################
 #
@@ -66,9 +66,11 @@ dev_filetrans(udev_t, udev_tbl_t, file)
 
 manage_dirs_pattern(udev_t, udev_var_run_t, udev_var_run_t)
 manage_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
+manage_lnk_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
 files_pid_filetrans(udev_t, udev_var_run_t, { dir file })
 
 kernel_read_system_state(udev_t)
+kernel_request_load_module(udev_t)
 kernel_getattr_core_if(udev_t)
 kernel_use_fds(udev_t)
 kernel_read_device_sysctls(udev_t)
@@ -111,6 +113,7 @@ files_search_mnt(udev_t)
 
 fs_getattr_all_fs(udev_t)
 fs_list_inotifyfs(udev_t)
+fs_rw_anon_inodefs_files(udev_t)
 
 mcs_ptrace_all(udev_t)
 
@@ -140,6 +143,7 @@ logging_send_syslog_msg(udev_t)
 logging_send_audit_msgs(udev_t)
 
 miscfiles_read_localization(udev_t)
+miscfiles_read_hwdata(udev_t)
 
 modutils_domtrans_insmod(udev_t)
 # read modules.inputmap:
@@ -193,6 +197,10 @@ optional_policy(`
 	alsa_read_rw_config(udev_t)
 ')
 
+optional_policy(`
+	bluetooth_domtrans(udev_t)
+')
+
 optional_policy(`
 	brctl_domtrans(udev_t)
 ')
@@ -205,10 +213,19 @@ optional_policy(`
 	consoletype_exec(udev_t)
 ')
 
+optional_policy(`
+	cups_domtrans_config(udev_t)
+')
+
 optional_policy(`
 	dbus_system_bus_client(udev_t)
 ')
 
+optional_policy(`
+	devicekit_read_pid_files(udev_t)
+	devicekit_dgram_send(udev_t)
+')
+
 optional_policy(`
 	lvm_domtrans(udev_t)
 ')
@@ -227,6 +244,10 @@ optional_policy(`
 	hotplug_search_pids(udev_t)
 ')
 
+optional_policy(`
+	mount_domtrans(udev_t)
+')
+
 optional_policy(`
 	openct_read_pid_files(udev_t)
 	openct_domtrans(udev_t)
@@ -241,6 +262,14 @@ optional_policy(`
 	raid_domtrans_mdadm(udev_t)
 ')
 
+optional_policy(`
+	unconfined_signal(udev_t)
+')
+
+optional_policy(`
+	vbetool_domtrans(udev_t)
+')
+
 optional_policy(`
 	kernel_write_xen_state(udev_t)
 	kernel_read_xen_state(udev_t)