--- nsaserefpolicy/policy/modules/apps/podsleuth.fc	2008-08-07 11:15:02.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/apps/podsleuth.fc	2008-08-14 13:53:54.000000000 -0400
@@ -1,2 +1,4 @@
 
 /usr/bin/podsleuth	--	gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/usr/libexec/hal-podsleuth       --      gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/var/cache/podsleuth(/.*)?		gen_context(system_u:object_r:podsleuth_cache_t,s0)
--- nsaserefpolicy/policy/modules/apps/podsleuth.if	2008-08-07 11:15:02.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/apps/podsleuth.if	2008-08-14 13:53:54.000000000 -0400
@@ -16,4 +16,38 @@
 	')
 
 	domtrans_pattern($1, podsleuth_exec_t, podsleuth_t)
+	allow $1 podsleuth_t:process signal;
 ')
+
+
+########################################
+## <summary>
+##	Execute podsleuth in the podsleuth domain, and
+##	allow the specified role the podsleuth domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the podsleuth domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the role's terminal.
+##	</summary>
+## </param>
+#
+interface(`podsleuth_run',`
+	gen_require(`
+		type podsleuth_t;
+	')
+
+	podsleuth_domtrans($1)
+	role $2 types podsleuth_t;
+	dontaudit podsleuth_t $3:chr_file rw_term_perms;
+')
+
--- nsaserefpolicy/policy/modules/apps/podsleuth.te	2008-08-07 11:15:03.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/apps/podsleuth.te	2008-08-14 13:53:54.000000000 -0400
@@ -11,24 +11,55 @@
 application_domain(podsleuth_t, podsleuth_exec_t)
 role system_r types podsleuth_t;
 
+type podsleuth_tmp_t;
+files_tmp_file(podsleuth_tmp_t)
+
+type podsleuth_cache_t;
+files_type(podsleuth_cache_t)
+
 ########################################
 #
 # podsleuth local policy
 #
-
-allow podsleuth_t self:process { signal getsched execheap execmem };
+allow podsleuth_t self:capability sys_admin;
+allow podsleuth_t self:process { ptrace signal getsched execheap execmem };
 allow podsleuth_t self:fifo_file rw_file_perms;
 allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;
+allow podsleuth_t self:sem create_sem_perms;
+allow podsleuth_t self:tcp_socket create_stream_socket_perms;
+allow podsleuth_t self:udp_socket create_socket_perms;
 
 kernel_read_system_state(podsleuth_t)
 
+corecmd_exec_bin(podsleuth_t)
+corenet_tcp_connect_http_port(podsleuth_t)
+
 dev_read_urand(podsleuth_t)
 
 files_read_etc_files(podsleuth_t)
 
+fs_mount_dos_fs(podsleuth_t)
+fs_unmount_dos_fs(podsleuth_t)
+fs_getattr_dos_fs(podsleuth_t)
+fs_read_dos_files(podsleuth_t)
+fs_search_dos(podsleuth_t)
+
+allow podsleuth_t podsleuth_tmp_t:dir mounton;
+manage_files_pattern(podsleuth_t, podsleuth_tmp_t, podsleuth_tmp_t)
+files_tmp_filetrans(podsleuth_t, podsleuth_tmp_t, { file dir })
+manage_dirs_pattern(podsleuth_t, podsleuth_tmp_t, podsleuth_tmp_t)
+
+manage_dirs_pattern(podsleuth_t, podsleuth_cache_t, podsleuth_cache_t)
+manage_files_pattern(podsleuth_t, podsleuth_cache_t, podsleuth_cache_t)
+files_var_filetrans(podsleuth_t, podsleuth_cache_t, { file dir })
+
+storage_raw_rw_fixed_disk(podsleuth_t)
+
 libs_use_ld_so(podsleuth_t)
 libs_use_shared_libs(podsleuth_t)
 
+sysnet_dns_name_resolve(podsleuth_t)
+
 miscfiles_read_localization(podsleuth_t)
 
 dbus_system_bus_client_template(podsleuth, podsleuth_t)