[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/

["Jason Zaman" <perfinion@gentoo.org>]

commit:     a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Apr 26 10:35:47 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 09:21:11 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a8cb4e80

Rename apm to acpi from Russell Coker.

This patch is slightly more involved than just running sed.  It also adds
typealias rules and doesn't change the FC entries.

The /dev/apm_bios device doesn't exist on modern systems.  I have left that
policy in for the moment on the principle of making one change per patch.  But
I might send another patch to remove that as it won't exist with modern
kernels.

 policy/modules/contrib/acpi.fc             |  21 +++
 policy/modules/contrib/{apm.if => acpi.if} |  70 ++++----
 policy/modules/contrib/acpi.te             | 247 +++++++++++++++++++++++++++++
 policy/modules/contrib/apm.fc              |  21 ---
 policy/modules/contrib/apm.te              | 236 ---------------------------
 policy/modules/contrib/cups.te             |   2 +-
 policy/modules/contrib/hal.te              |   2 +-
 7 files changed, 305 insertions(+), 294 deletions(-)

diff --git a/policy/modules/contrib/acpi.fc b/policy/modules/contrib/acpi.fc
new file mode 100644
index 00000000..bfbe255b
--- /dev/null
+++ b/policy/modules/contrib/acpi.fc
@@ -0,0 +1,21 @@
+/etc/rc\.d/init\.d/acpid	--	gen_context(system_u:object_r:acpid_initrc_exec_t,s0)
+
+/usr/bin/apm	--	gen_context(system_u:object_r:acpi_exec_t,s0)
+
+/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:acpid_unit_t,s0)
+
+/usr/sbin/acpid	--	gen_context(system_u:object_r:acpid_exec_t,s0)
+/usr/sbin/apmd	--	gen_context(system_u:object_r:acpid_exec_t,s0)
+/usr/sbin/powersaved	--	gen_context(system_u:object_r:acpid_exec_t,s0)
+
+/var/lock/subsys/acpid	--	gen_context(system_u:object_r:acpid_lock_t,s0)
+
+/var/log/acpid.*	--	gen_context(system_u:object_r:acpid_log_t,s0)
+
+/run/\.?acpid\.socket	-s	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/acpid\.pid	--	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/apmd\.pid	--	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/powersaved\.pid	--	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/powersave_socket	-s	gen_context(system_u:object_r:acpid_var_run_t,s0)
+
+/var/lib/acpi(/.*)?	gen_context(system_u:object_r:acpid_var_lib_t,s0)

diff --git a/policy/modules/contrib/apm.if b/policy/modules/contrib/acpi.if
similarity index 65%
rename from policy/modules/contrib/apm.if
rename to policy/modules/contrib/acpi.if
index cbf60b55..109b644e 100644
--- a/policy/modules/contrib/apm.if
+++ b/policy/modules/contrib/acpi.if
@@ -10,13 +10,13 @@
 ##	</summary>
 ## </param>
 #
-interface(`apm_domtrans_client',`
+interface(`acpi_domtrans_client',`
 	gen_require(`
-		type apm_t, apm_exec_t;
+		type acpi_t, acpi_exec_t;
 	')
 
 	corecmd_search_bin($1)
-	domtrans_pattern($1, apm_exec_t, apm_t)
+	domtrans_pattern($1, acpi_exec_t, acpi_t)
 ')
 
 ########################################
@@ -36,13 +36,13 @@ interface(`apm_domtrans_client',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_run_client',`
+interface(`acpi_run_client',`
 	gen_require(`
-		attribute_role apm_roles;
+		attribute_role acpi_roles;
 	')
 
-	apm_domtrans_client($1)
-	roleattribute $2 apm_roles;
+	acpi_domtrans_client($1)
+	roleattribute $2 acpi_roles;
 ')
 
 ########################################
@@ -55,12 +55,12 @@ interface(`apm_run_client',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_use_fds',`
+interface(`acpi_use_fds',`
 	gen_require(`
-		type apmd_t;
+		type acpid_t;
 	')
 
-	allow $1 apmd_t:fd use;
+	allow $1 acpid_t:fd use;
 ')
 
 ########################################
@@ -73,12 +73,12 @@ interface(`apm_use_fds',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_write_pipes',`
+interface(`acpi_write_pipes',`
 	gen_require(`
-		type apmd_t;
+		type acpid_t;
 	')
 
-	allow $1 apmd_t:fifo_file write;
+	allow $1 acpid_t:fifo_file write;
 ')
 
 ########################################
@@ -92,12 +92,12 @@ interface(`apm_write_pipes',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_rw_stream_sockets',`
+interface(`acpi_rw_stream_sockets',`
 	gen_require(`
-		type apmd_t;
+		type acpid_t;
 	')
 
-	allow $1 apmd_t:unix_stream_socket { read write };
+	allow $1 acpid_t:unix_stream_socket { read write };
 ')
 
 ########################################
@@ -110,13 +110,13 @@ interface(`apm_rw_stream_sockets',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_append_log',`
+interface(`acpi_append_log',`
 	gen_require(`
-		type apmd_log_t;
+		type acpid_log_t;
 	')
 
 	logging_search_logs($1)
-	allow $1 apmd_log_t:file append_file_perms;
+	allow $1 acpid_log_t:file append_file_perms;
 ')
 
 ########################################
@@ -130,13 +130,13 @@ interface(`apm_append_log',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_stream_connect',`
+interface(`acpi_stream_connect',`
 	gen_require(`
-		type apmd_t, apmd_var_run_t;
+		type acpid_t, acpid_var_run_t;
 	')
 
 	files_search_pids($1)
-	stream_connect_pattern($1, apmd_var_run_t, apmd_var_run_t, apmd_t)
+	stream_connect_pattern($1, acpid_var_run_t, acpid_var_run_t, acpid_t)
 ')
 
 ########################################
@@ -156,32 +156,32 @@ interface(`apm_stream_connect',`
 ## </param>
 ## <rolecap/>
 #
-interface(`apm_admin',`
+interface(`acpi_admin',`
 	gen_require(`
-		type apmd_t, apmd_initrc_exec_t, apmd_log_t;
-		type apmd_lock_t, apmd_var_run_t, apmd_var_lib_t;
-		type apmd_tmp_t;
+		type acpid_t, acpid_initrc_exec_t, acpid_log_t;
+		type acpid_lock_t, acpid_var_run_t, acpid_var_lib_t;
+		type acpid_tmp_t;
 	')
 
-	allow $1 apmd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, apmd_t)
+	allow $1 acpid_t:process { ptrace signal_perms };
+	ps_process_pattern($1, acpid_t)
 
-	init_startstop_service($1, $2, apmd_t, apmd_initrc_exec_t)
+	init_startstop_service($1, $2, acpid_t, acpid_initrc_exec_t)
 
 	logging_search_logs($1)
-	admin_pattern($1, apmd_log_t)
+	admin_pattern($1, acpid_log_t)
 
 	files_search_locks($1)
-	admin_pattern($1, apmd_lock_t)
+	admin_pattern($1, acpid_lock_t)
 
 	files_search_pids($1)
-	admin_pattern($1, apmd_var_run_t)
+	admin_pattern($1, acpid_var_run_t)
 
 	files_search_var_lib($1)
-	admin_pattern($1, apmd_var_lib_t)
+	admin_pattern($1, acpid_var_lib_t)
 
 	files_search_tmp($1)
-	admin_pattern($1, apmd_tmp_t)
+	admin_pattern($1, acpid_tmp_t)
 
-	apm_run_client($1, $2)
+	acpi_run_client($1, $2)
 ')

diff --git a/policy/modules/contrib/acpi.te b/policy/modules/contrib/acpi.te
new file mode 100644
index 00000000..0cd3d884
--- /dev/null
+++ b/policy/modules/contrib/acpi.te
@@ -0,0 +1,247 @@
+policy_module(acpi, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+attribute_role acpi_roles;
+roleattribute system_r acpi_roles;
+
+type acpid_t;
+type acpid_exec_t;
+typealias acpid_t alias apmd_t;
+typealias acpid_exec_t alias apmd_exec_t;
+init_daemon_domain(acpid_t, acpid_exec_t)
+
+type acpid_initrc_exec_t;
+typealias acpid_initrc_exec_t alias apmd_initrc_exec_t;
+init_script_file(acpid_initrc_exec_t)
+
+type acpi_t;
+type acpi_exec_t;
+typealias acpi_t alias apm_t;
+typealias acpi_exec_t alias apm_exec_t;
+application_domain(acpi_t, acpi_exec_t)
+role acpi_roles types acpi_t;
+
+type acpid_lock_t;
+typealias acpid_lock_t alias apmd_lock_t;
+files_lock_file(acpid_lock_t)
+
+type acpid_log_t;
+typealias acpid_log_t alias apmd_log_t;
+logging_log_file(acpid_log_t)
+
+type acpid_tmp_t;
+typealias acpid_tmp_t alias apmd_tmp_t;
+files_tmp_file(acpid_tmp_t)
+
+type acpid_unit_t;
+typealias acpid_unit_t alias apmd_unit_t;
+init_unit_file(acpid_unit_t)
+
+type acpid_var_lib_t;
+typealias acpid_var_lib_t alias apmd_var_lib_t;
+files_type(acpid_var_lib_t)
+
+type acpid_var_run_t;
+typealias acpid_var_run_t alias apmd_var_run_t;
+files_pid_file(acpid_var_run_t)
+
+########################################
+#
+# Client local policy
+#
+
+allow acpi_t self:capability { dac_override sys_admin };
+
+kernel_read_system_state(acpi_t)
+
+dev_rw_acpi_bios(acpi_t)
+
+fs_getattr_xattr_fs(acpi_t)
+
+term_use_all_terms(acpi_t)
+
+domain_use_interactive_fds(acpi_t)
+
+logging_send_syslog_msg(acpi_t)
+
+########################################
+#
+# Server local policy
+#
+
+allow acpid_t self:capability { kill mknod sys_admin sys_nice sys_time };
+dontaudit acpid_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config };
+allow acpid_t self:process { signal_perms getsession };
+allow acpid_t self:fifo_file rw_fifo_file_perms;
+allow acpid_t self:netlink_socket create_socket_perms;
+allow acpid_t self:netlink_generic_socket create_socket_perms;
+allow acpid_t self:unix_stream_socket { accept listen };
+
+allow acpid_t acpid_lock_t:file manage_file_perms;
+files_lock_filetrans(acpid_t, acpid_lock_t, file)
+
+allow acpid_t acpid_log_t:file manage_file_perms;
+logging_log_filetrans(acpid_t, acpid_log_t, file)
+
+manage_dirs_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t)
+manage_files_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t)
+files_tmp_filetrans(acpid_t, acpid_tmp_t, { file dir })
+
+manage_dirs_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t)
+manage_files_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t)
+files_var_lib_filetrans(acpid_t, acpid_var_lib_t, dir)
+
+manage_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t)
+manage_sock_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t)
+files_pid_filetrans(acpid_t, acpid_var_run_t, { file sock_file })
+
+can_exec(acpid_t, acpid_var_run_t)
+
+kernel_read_kernel_sysctls(acpid_t)
+kernel_rw_all_sysctls(acpid_t)
+kernel_read_system_state(acpid_t)
+kernel_write_proc_files(acpid_t)
+kernel_request_load_module(acpid_t)
+
+dev_read_input(acpid_t)
+dev_read_mouse(acpid_t)
+dev_read_realtime_clock(acpid_t)
+dev_read_urand(acpid_t)
+dev_rw_acpi_bios(acpid_t)
+dev_rw_sysfs(acpid_t)
+dev_dontaudit_getattr_all_chr_files(acpid_t)
+dev_dontaudit_getattr_all_blk_files(acpid_t)
+
+files_exec_etc_files(acpid_t)
+files_read_etc_runtime_files(acpid_t)
+files_dontaudit_getattr_all_files(acpid_t)
+files_dontaudit_getattr_all_symlinks(acpid_t)
+files_dontaudit_getattr_all_pipes(acpid_t)
+files_dontaudit_getattr_all_sockets(acpid_t)
+
+fs_dontaudit_list_tmpfs(acpid_t)
+fs_getattr_all_fs(acpid_t)
+fs_search_auto_mountpoints(acpid_t)
+fs_dontaudit_getattr_all_files(acpid_t)
+fs_dontaudit_getattr_all_symlinks(acpid_t)
+fs_dontaudit_getattr_all_pipes(acpid_t)
+fs_dontaudit_getattr_all_sockets(acpid_t)
+
+selinux_search_fs(acpid_t)
+
+corecmd_exec_all_executables(acpid_t)
+
+domain_read_all_domains_state(acpid_t)
+domain_dontaudit_ptrace_all_domains(acpid_t)
+domain_use_interactive_fds(acpid_t)
+domain_dontaudit_getattr_all_sockets(acpid_t)
+domain_dontaudit_getattr_all_key_sockets(acpid_t)
+domain_dontaudit_list_all_domains_state(acpid_t)
+
+auth_use_nsswitch(acpid_t)
+
+init_domtrans_script(acpid_t)
+
+libs_exec_ld_so(acpid_t)
+libs_exec_lib_files(acpid_t)
+
+logging_send_audit_msgs(acpid_t)
+logging_send_syslog_msg(acpid_t)
+
+miscfiles_read_localization(acpid_t)
+miscfiles_read_hwdata(acpid_t)
+
+modutils_domtrans(acpid_t)
+modutils_read_module_config(acpid_t)
+
+seutil_dontaudit_read_config(acpid_t)
+
+userdom_dontaudit_use_unpriv_user_fds(acpid_t)
+userdom_dontaudit_search_user_home_dirs(acpid_t)
+userdom_dontaudit_search_user_home_content(acpid_t)
+
+optional_policy(`
+	automount_domtrans(acpid_t)
+')
+
+optional_policy(`
+	clock_domtrans(acpid_t)
+	clock_rw_adjtime(acpid_t)
+')
+
+optional_policy(`
+	cron_system_entry(acpid_t, acpid_exec_t)
+	cron_anacron_domtrans_system_job(acpid_t)
+')
+
+optional_policy(`
+	devicekit_manage_pid_files(acpid_t)
+	devicekit_manage_log_files(acpid_t)
+	devicekit_relabel_log_files(acpid_t)
+')
+
+optional_policy(`
+	dbus_system_bus_client(acpid_t)
+
+	optional_policy(`
+		consolekit_dbus_chat(acpid_t)
+	')
+
+	optional_policy(`
+		networkmanager_dbus_chat(acpid_t)
+	')
+')
+
+optional_policy(`
+	fstools_domtrans(acpid_t)
+')
+
+optional_policy(`
+	iptables_domtrans(acpid_t)
+')
+
+optional_policy(`
+	logrotate_use_fds(acpid_t)
+')
+
+optional_policy(`
+	mta_send_mail(acpid_t)
+')
+
+optional_policy(`
+	netutils_domtrans(acpid_t)
+')
+
+optional_policy(`
+	pcmcia_domtrans_cardmgr(acpid_t)
+	pcmcia_domtrans_cardctl(acpid_t)
+')
+
+optional_policy(`
+	seutil_sigchld_newrole(acpid_t)
+')
+
+optional_policy(`
+	shutdown_domtrans(acpid_t)
+')
+
+optional_policy(`
+	sysnet_domtrans_ifconfig(acpid_t)
+')
+
+optional_policy(`
+	udev_read_db(acpid_t)
+	udev_read_state(acpid_t)
+')
+
+optional_policy(`
+	vbetool_domtrans(acpid_t)
+')
+
+optional_policy(`
+	xserver_domtrans(acpid_t)
+')

diff --git a/policy/modules/contrib/apm.fc b/policy/modules/contrib/apm.fc
deleted file mode 100644
index bfa60ae0..00000000
--- a/policy/modules/contrib/apm.fc
+++ /dev/null
@@ -1,21 +0,0 @@
-/etc/rc\.d/init\.d/acpid	--	gen_context(system_u:object_r:apmd_initrc_exec_t,s0)
-
-/usr/bin/apm	--	gen_context(system_u:object_r:apm_exec_t,s0)
-
-/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:apmd_unit_t,s0)
-
-/usr/sbin/acpid	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-/usr/sbin/apmd	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-/usr/sbin/powersaved	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-
-/var/lock/subsys/acpid	--	gen_context(system_u:object_r:apmd_lock_t,s0)
-
-/var/log/acpid.*	--	gen_context(system_u:object_r:apmd_log_t,s0)
-
-/run/\.?acpid\.socket	-s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/acpid\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/apmd\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/powersaved\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/powersave_socket	-s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-
-/var/lib/acpi(/.*)?	gen_context(system_u:object_r:apmd_var_lib_t,s0)

diff --git a/policy/modules/contrib/apm.te b/policy/modules/contrib/apm.te
deleted file mode 100644
index 7f41a450..00000000
--- a/policy/modules/contrib/apm.te
+++ /dev/null
@@ -1,236 +0,0 @@
-policy_module(apm, 1.16.1)
-
-########################################
-#
-# Declarations
-#
-
-attribute_role apm_roles;
-roleattribute system_r apm_roles;
-
-type apmd_t;
-type apmd_exec_t;
-init_daemon_domain(apmd_t, apmd_exec_t)
-
-type apmd_initrc_exec_t;
-init_script_file(apmd_initrc_exec_t)
-
-type apm_t;
-type apm_exec_t;
-application_domain(apm_t, apm_exec_t)
-role apm_roles types apm_t;
-
-type apmd_lock_t;
-files_lock_file(apmd_lock_t)
-
-type apmd_log_t;
-logging_log_file(apmd_log_t)
-
-type apmd_tmp_t;
-files_tmp_file(apmd_tmp_t)
-
-type apmd_unit_t;
-init_unit_file(apmd_unit_t)
-
-type apmd_var_lib_t;
-files_type(apmd_var_lib_t)
-
-type apmd_var_run_t;
-files_pid_file(apmd_var_run_t)
-
-########################################
-#
-# Client local policy
-#
-
-allow apm_t self:capability { dac_override sys_admin };
-
-kernel_read_system_state(apm_t)
-
-dev_rw_apm_bios(apm_t)
-
-fs_getattr_xattr_fs(apm_t)
-
-term_use_all_terms(apm_t)
-
-domain_use_interactive_fds(apm_t)
-
-logging_send_syslog_msg(apm_t)
-
-########################################
-#
-# Server local policy
-#
-
-allow apmd_t self:capability { kill mknod sys_admin sys_nice sys_time };
-dontaudit apmd_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config };
-allow apmd_t self:process { signal_perms getsession };
-allow apmd_t self:fifo_file rw_fifo_file_perms;
-allow apmd_t self:netlink_socket create_socket_perms;
-allow apmd_t self:netlink_generic_socket create_socket_perms;
-allow apmd_t self:unix_stream_socket { accept listen };
-
-allow apmd_t apmd_lock_t:file manage_file_perms;
-files_lock_filetrans(apmd_t, apmd_lock_t, file)
-
-allow apmd_t apmd_log_t:file manage_file_perms;
-logging_log_filetrans(apmd_t, apmd_log_t, file)
-
-manage_dirs_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
-manage_files_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
-files_tmp_filetrans(apmd_t, apmd_tmp_t, { file dir })
-
-manage_dirs_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
-manage_files_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
-files_var_lib_filetrans(apmd_t, apmd_var_lib_t, dir)
-
-manage_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
-manage_sock_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
-files_pid_filetrans(apmd_t, apmd_var_run_t, { file sock_file })
-
-can_exec(apmd_t, apmd_var_run_t)
-
-kernel_read_kernel_sysctls(apmd_t)
-kernel_rw_all_sysctls(apmd_t)
-kernel_read_system_state(apmd_t)
-kernel_write_proc_files(apmd_t)
-kernel_request_load_module(apmd_t)
-
-dev_read_input(apmd_t)
-dev_read_mouse(apmd_t)
-dev_read_realtime_clock(apmd_t)
-dev_read_urand(apmd_t)
-dev_rw_apm_bios(apmd_t)
-dev_rw_sysfs(apmd_t)
-dev_dontaudit_getattr_all_chr_files(apmd_t)
-dev_dontaudit_getattr_all_blk_files(apmd_t)
-
-files_exec_etc_files(apmd_t)
-files_read_etc_runtime_files(apmd_t)
-files_dontaudit_getattr_all_files(apmd_t)
-files_dontaudit_getattr_all_symlinks(apmd_t)
-files_dontaudit_getattr_all_pipes(apmd_t)
-files_dontaudit_getattr_all_sockets(apmd_t)
-
-fs_dontaudit_list_tmpfs(apmd_t)
-fs_getattr_all_fs(apmd_t)
-fs_search_auto_mountpoints(apmd_t)
-fs_dontaudit_getattr_all_files(apmd_t)
-fs_dontaudit_getattr_all_symlinks(apmd_t)
-fs_dontaudit_getattr_all_pipes(apmd_t)
-fs_dontaudit_getattr_all_sockets(apmd_t)
-
-selinux_search_fs(apmd_t)
-
-corecmd_exec_all_executables(apmd_t)
-
-domain_read_all_domains_state(apmd_t)
-domain_dontaudit_ptrace_all_domains(apmd_t)
-domain_use_interactive_fds(apmd_t)
-domain_dontaudit_getattr_all_sockets(apmd_t)
-domain_dontaudit_getattr_all_key_sockets(apmd_t)
-domain_dontaudit_list_all_domains_state(apmd_t)
-
-auth_use_nsswitch(apmd_t)
-
-init_domtrans_script(apmd_t)
-
-libs_exec_ld_so(apmd_t)
-libs_exec_lib_files(apmd_t)
-
-logging_send_audit_msgs(apmd_t)
-logging_send_syslog_msg(apmd_t)
-
-miscfiles_read_localization(apmd_t)
-miscfiles_read_hwdata(apmd_t)
-
-modutils_domtrans(apmd_t)
-modutils_read_module_config(apmd_t)
-
-seutil_dontaudit_read_config(apmd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(apmd_t)
-userdom_dontaudit_search_user_home_dirs(apmd_t)
-userdom_dontaudit_search_user_home_content(apmd_t)
-
-optional_policy(`
-	automount_domtrans(apmd_t)
-')
-
-optional_policy(`
-	clock_domtrans(apmd_t)
-	clock_rw_adjtime(apmd_t)
-')
-
-optional_policy(`
-	cron_system_entry(apmd_t, apmd_exec_t)
-	cron_anacron_domtrans_system_job(apmd_t)
-')
-
-optional_policy(`
-	devicekit_manage_pid_files(apmd_t)
-	devicekit_manage_log_files(apmd_t)
-	devicekit_relabel_log_files(apmd_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(apmd_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(apmd_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(apmd_t)
-	')
-')
-
-optional_policy(`
-	fstools_domtrans(apmd_t)
-')
-
-optional_policy(`
-	iptables_domtrans(apmd_t)
-')
-
-optional_policy(`
-	logrotate_use_fds(apmd_t)
-')
-
-optional_policy(`
-	mta_send_mail(apmd_t)
-')
-
-optional_policy(`
-	netutils_domtrans(apmd_t)
-')
-
-optional_policy(`
-	pcmcia_domtrans_cardmgr(apmd_t)
-	pcmcia_domtrans_cardctl(apmd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(apmd_t)
-')
-
-optional_policy(`
-	shutdown_domtrans(apmd_t)
-')
-
-optional_policy(`
-	sysnet_domtrans_ifconfig(apmd_t)
-')
-
-optional_policy(`
-	udev_read_db(apmd_t)
-	udev_read_state(apmd_t)
-')
-
-optional_policy(`
-	vbetool_domtrans(apmd_t)
-')
-
-optional_policy(`
-	xserver_domtrans(apmd_t)
-')

diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te
index 8fdd713f..3a6c0b92 100644
--- a/policy/modules/contrib/cups.te
+++ b/policy/modules/contrib/cups.te
@@ -273,7 +273,7 @@ userdom_dontaudit_use_unpriv_user_fds(cupsd_t)
 userdom_dontaudit_search_user_home_content(cupsd_t)
 
 optional_policy(`
-	apm_domtrans_client(cupsd_t)
+	acpi_domtrans_client(cupsd_t)
 ')
 
 optional_policy(`

diff --git a/policy/modules/contrib/hal.te b/policy/modules/contrib/hal.te
index d260d697..29b473e7 100644
--- a/policy/modules/contrib/hal.te
+++ b/policy/modules/contrib/hal.te
@@ -221,7 +221,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	apm_stream_connect(hald_t)
+	acpi_stream_connect(hald_t)
 ')
 
 optional_policy(`