6 files changed, 97 insertions, 3 deletions

diff --git a/selinux_pols/dmesg.te b/selinux_pols/dmesg.te
new file mode 100644
index 0000000..dd85723
--- /dev/null
+++ b/selinux_pols/dmesg.te
@@ -0,0 +1,10 @@
+module dmesg 1.0;
+
+require {
+	type dmesg_t;
+	type tty_device_t;
+	class chr_file { read write };
+}
+
+#============= dmesg_t ==============
+allow dmesg_t tty_device_t:chr_file { read write };
diff --git a/selinux_pols/exim.te b/selinux_pols/exim.te
new file mode 100644
index 0000000..9b0cb01
--- /dev/null
+++ b/selinux_pols/exim.te
@@ -0,0 +1,12 @@
+module exim-custom 1.0;
+
+require {
+	type sysctl_crypto_t;
+	type exim_t;
+	class dir search;
+	class file { read getattr open };
+}
+
+#============= exim_t ==============
+allow exim_t sysctl_crypto_t:dir search;
+allow exim_t sysctl_crypto_t:file { read getattr open };
diff --git a/selinux_pols/fuse.te b/selinux_pols/fuse.te
new file mode 100644
index 0000000..510cbe3
--- /dev/null
+++ b/selinux_pols/fuse.te
@@ -0,0 +1,10 @@
+module fuse-custom 1.0;
+
+require {
+	type fuse_device_t;
+	type mount_t;
+	class chr_file { write read };
+}
+
+#============= mount_t ==============
+allow mount_t fuse_device_t:chr_file { write read };
diff --git a/selinux_pols/hald.te b/selinux_pols/hald.te
index cff1057..6f40fad 100644
--- a/selinux_pols/hald.te
+++ b/selinux_pols/hald.te
@@ -1,5 +1,4 @@
-
-module hald-custom 1.0;
+module hald-custom 1.2;
 
 require {
 	type fixed_disk_device_t;
@@ -17,3 +16,24 @@ allow system_dbusd_t fixed_disk_device_t:blk_file { ioctl open };
 
 allow system_dbusd_t mnt_t:dir { write remove_name add_name };
 allow system_dbusd_t mnt_t:file { write rename create unlink };
+
+require {
+	type removable_device_t;
+	type event_device_t;
+	type system_dbusd_t;
+	class blk_file { read ioctl open };
+	class chr_file read;
+}
+
+#============= system_dbusd_t ==============
+allow system_dbusd_t event_device_t:chr_file read;
+allow system_dbusd_t removable_device_t:blk_file { read ioctl open };
+
+require {
+	type removable_device_t;
+	type system_dbusd_t;
+	class blk_file { read ioctl open };
+}
+
+#============= system_dbusd_t ==============
+allow system_dbusd_t removable_device_t:blk_file { read ioctl open };
diff --git a/selinux_pols/pulse.te b/selinux_pols/pulse.te
index 2c48f8b..6e7672d 100644
--- a/selinux_pols/pulse.te
+++ b/selinux_pols/pulse.te
@@ -1,4 +1,4 @@
-module pulse-custom 1.0;
+module pulse-custom 1.2;
 
 require {
 	type pulseaudio_t;
@@ -7,3 +7,33 @@ require {
 
 #============= pulseaudio_t ==============
 allow pulseaudio_t self:sem { read write unix_write };
+
+require {
+	type udev_tbl_t;
+	type pulseaudio_t;
+	class file { read getattr open };
+}
+
+#============= pulseaudio_t ==============
+allow pulseaudio_t udev_tbl_t:file { read getattr open };
+
+require {
+	type pulseaudio_t;
+	class sem destroy;
+}
+
+#============= pulseaudio_t ==============
+allow pulseaudio_t self:sem destroy;
+
+require {
+	type initrc_state_t;
+	type tmpfs_t;
+	type pulseaudio_t;
+	class sem { unix_read create getattr setattr associate };
+	class file { read write getattr open };
+}
+
+#============= pulseaudio_t ==============
+allow pulseaudio_t initrc_state_t:file { read getattr open };
+allow pulseaudio_t self:sem { unix_read create getattr setattr associate };
+allow pulseaudio_t tmpfs_t:file { read write };
diff --git a/selinux_pols/samba.te b/selinux_pols/samba.te
new file mode 100644
index 0000000..b153f83
--- /dev/null
+++ b/selinux_pols/samba.te
@@ -0,0 +1,12 @@
+module samba-custom 1.0;
+
+require {
+	type sysctl_crypto_t;
+	type smbd_t;
+	class dir search;
+	class file { read getattr open };
+}
+
+#============= smbd_t ==============
+allow smbd_t sysctl_crypto_t:dir search;
+allow smbd_t sysctl_crypto_t:file { read getattr open };