--- nsaserefpolicy/policy/modules/admin/firstboot.te	2008-08-25 09:12:31.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te	2008-08-25 10:24:58.000000000 -0400
@@ -118,6 +118,10 @@
 	usermanage_domtrans_admin_passwd(firstboot_t)
 ')
 
+optional_policy(`
+	xserver_xdm_rw_shm(firstboot_t)
+')
+
 ifdef(`TODO',`
 allow firstboot_t proc_t:file write;
 
--- nsaserefpolicy/policy/modules/services/xserver.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/xserver.if	2008-08-25 10:50:15.000000000 -0400
@@ -1674,6 +1963,65 @@
 
 ########################################
 ## <summary>
+##	Connect to apmd over an unix stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_xdm_stream_connect',`
+	gen_require(`
+		type xdm_t, xdm_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 xdm_var_run_t:sock_file write;
+	allow $1 xdm_t:unix_stream_socket connectto;
+')
+
+########################################
+## <summary>
+##	xdm xserver RW shared memory socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_xdm_rw_shm',`
+	gen_require(`
+		type xdm_xserver_t;
+	')
+
+	allow xdm_xserver_t $1:fd use;
+	allow $1 xdm_xserver_t:shm rw_shm_perms;
+	allow xdm_xserver_t $1:shm rw_shm_perms;
+
+')
+
+########################################
+## <summary>
+##	Ptrace XDM 
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit
+##	</summary>
+## </param>
+#
+interface(`xserver_ptrace_xdm',`
+	gen_require(`
+		type xdm_t;
+	')
+
+	allow $1 xdm_t:process ptrace;
+')
+
+########################################
+## <summary>
 ##	Interface to provide X object permissions on a given X server to
 ##	an X client domain.  Gives the domain complete control over the
 ##	display.