another patch from dan

refpolicy/policy/modules/admin/rpm.if

@@ -26,6 +26,28 @@ interface(`rpm_domtrans',`
 	allow rpm_t $1:process sigchld;
 ')
 
+########################################
+## <summary>
+##	Execute rpm_script programs in the rpm_script domain.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`rpm_script_domtrans',`
+	gen_require(`
+		type rpm_exec_t;
+	')
+
+	# transition to rpm script:
+	corecmd_shell_domtrans($1,rpm_script_t)
+
+	allow $1 rpm_script_t:fd use;
+	allow rpm_script_t $1:fd use;
+	allow rpm_script_t $1:fifo_file rw_file_perms;
+	allow rpm_script_t $1:process sigchld;
+')
+
 ########################################
 ## <summary>
 ##	Execute RPM programs in the RPM domain.

refpolicy/policy/modules/admin/rpm.te

@@ -1,5 +1,5 @@
 
-policy_module(rpm,1.1.0)
+policy_module(rpm,1.1.1)
 
 ########################################
 #
@@ -47,12 +47,6 @@ files_tmp_file(rpm_script_tmp_t)
 type rpm_script_tmpfs_t;
 files_tmpfs_file(rpm_script_tmpfs_t)
 
-type rpmbuild_t;
-domain_type(rpmbuild_t)
-
-type rpmbuild_exec_t;
-domain_entry_file(rpmbuild_t,rpmbuild_exec_t)
-
 ########################################
 #
 # rpm Local policy
@@ -140,7 +134,7 @@ auth_dontaudit_read_shadow(rpm_t)
 corecmd_exec_bin(rpm_t)
 corecmd_exec_sbin(rpm_t)
 # transition to rpm script:
-corecmd_shell_domtrans(rpm_t,rpm_script_t)
+rpm_script_domtrans(rpm_t)
 
 domain_exec_all_entry_files(rpm_t)
 domain_read_all_domains_state(rpm_t)
@@ -362,27 +356,6 @@ ifdef(`TODO',`
 optional_policy(`lpd',`
 can_exec(rpm_script_t,printconf_t)
 ')
-') dnl end TODO
-
-########################################
-#
-# rpm-build Local policy
-#
-
-# cjp: this looks like dead policy.  nothing
-# can transition to this domain, nor can it
-# really do anything useful.
-
-selinux_get_fs_mount(rpmbuild_t)
-selinux_validate_context(rpmbuild_t)
-selinux_compute_access_vector(rpmbuild_t)
-selinux_compute_create_context(rpmbuild_t)
-selinux_compute_relabel_context(rpmbuild_t)
-selinux_compute_user_contexts(rpmbuild_t)
-
-seutil_read_src_pol(rpmbuild_t)
-
-ifdef(`TODO',`
 
 optional_policy(`cups',`
 allow cupsd_t rpm_var_lib_t:dir r_dir_perms;

refpolicy/policy/modules/services/hal.te

@@ -1,5 +1,5 @@
 
-policy_module(hal,1.1.2)
+policy_module(hal,1.1.3)
 
 ########################################
 #
@@ -182,10 +182,6 @@ optional_policy(`nscd',`
 	nscd_use_socket(hald_t)
 ')
 
-optional_policy(`ntp',`
-	ntp_domtrans(hald_t)
-')
-
 optional_policy(`pcmcia',`
 	pcmcia_manage_pid(hald_t)
 	pcmcia_manage_runtime_chr(hald_t)

refpolicy/policy/modules/services/nis.if

@@ -217,11 +217,11 @@ interface(`nis_tcp_connect_ypbind',`
 #
 interface(`nis_read_ypbind_pid',`
 	gen_require(`
-		type ypbind_t;
+		type ypbind_var_run_t;
 	')
 
 	files_search_pids($1)
-	allow $1 ypbind_t:file r_file_perms;
+	allow $1 ypbind_var_run_t:file r_file_perms;
 ')
 
 ########################################

refpolicy/policy/modules/system/libraries.fc

@@ -113,6 +113,7 @@ ifdef(`distro_redhat',`
 /usr/lib(64)?/.*/program/libsvx680li\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/.*/program/libsoffice\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr(/.*)?/pcsc/drivers(/.*)?/libcm(2020|4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/firefox.*\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/mozilla.*\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/sunbird.*\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)

refpolicy/policy/modules/system/unconfined.te

@@ -1,5 +1,5 @@
 
-policy_module(unconfined,1.1.1)
+policy_module(unconfined,1.1.2)
 
 ########################################
 #
@@ -118,6 +118,7 @@ ifdef(`targeted_policy',`
 
 	optional_policy(`rpm',`
 		rpm_domtrans(unconfined_t)
+		rpm_script_domtrans(unconfined_t)
 	')
 
 	optional_policy(`samba',`