##
## Allow the specified domain to
@@ -14327,7 +14496,7 @@ index dfe361a..6d0cc0b 100644
## Example attributes:
##
##
-@@ -4681,3 +5101,24 @@ interface(`fs_unconfined',`
+@@ -4681,3 +5142,24 @@ interface(`fs_unconfined',`
typeattribute $1 filesystem_unconfined_type;
')
@@ -23044,10 +23213,10 @@ index 0000000..939d76e
+')
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
new file mode 100644
-index 0000000..c151fe6
+index 0000000..67db20a
--- /dev/null
+++ b/policy/modules/services/colord.te
-@@ -0,0 +1,117 @@
+@@ -0,0 +1,120 @@
+policy_module(colord,1.0.0)
+
+########################################
@@ -23121,10 +23290,13 @@ index 0000000..c151fe6
+files_read_etc_files(colord_t)
+files_read_usr_files(colord_t)
+
++fs_getattr_all_fs(colord_t)
+fs_search_all(colord_t)
++fs_list_noxattr_fs(colord_t)
+fs_read_noxattr_fs_files(colord_t)
+
+storage_getattr_fixed_disk_dev(colord_t)
++storage_getattr_removable_dev(colord_t)
+storage_read_scsi_generic(colord_t)
+storage_write_scsi_generic(colord_t)
+
@@ -23137,11 +23309,11 @@ index 0000000..c151fe6
+userdom_read_inherited_user_home_content_files(colord_t)
+
+tunable_policy(`use_nfs_home_dirs',`
-+ fs_read_nfs_files(colord_t)
++ fs_read_nfs_files(colord_t)
+')
+
+tunable_policy(`use_samba_home_dirs',`
-+ fs_read_cifs_files(colord_t)
++ fs_read_cifs_files(colord_t)
+')
+
+optional_policy(`
@@ -26639,7 +26811,7 @@ index e1d7dc5..673f185 100644
admin_pattern($1, dovecot_var_run_t)
diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
-index cbe14e4..778b174 100644
+index cbe14e4..ce42295 100644
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@@ -18,7 +18,7 @@ type dovecot_auth_tmp_t;
@@ -26759,7 +26931,7 @@ index cbe14e4..778b174 100644
postfix_search_spool(dovecot_auth_t)
')
-@@ -249,23 +273,40 @@ optional_policy(`
+@@ -249,23 +273,42 @@ optional_policy(`
#
# dovecot deliver local policy
#
@@ -26774,8 +26946,6 @@ index cbe14e4..778b174 100644
+read_files_pattern(dovecot_deliver_t, dovecot_etc_t, dovecot_etc_t)
+read_lnk_files_pattern(dovecot_deliver_t, dovecot_etc_t, dovecot_etc_t)
+
- allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
-
+allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;
+
+append_files_pattern(dovecot_deliver_t, dovecot_var_log_t, dovecot_var_log_t)
@@ -26784,8 +26954,12 @@ index cbe14e4..778b174 100644
+manage_files_pattern(dovecot_deliver_t, dovecot_deliver_tmp_t, dovecot_deliver_tmp_t)
+files_tmp_filetrans(dovecot_deliver_t, dovecot_deliver_tmp_t, { file dir })
+
-+can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
+ allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
++read_sock_files_pattern(dovecot_deliver_t, dovecot_var_run_t, dovecot_var_run_t)
++dovecot_stream_connect(dovecot_deliver_t)
+
++can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
+
kernel_read_all_sysctls(dovecot_deliver_t)
kernel_read_system_state(dovecot_deliver_t)
@@ -26802,7 +26976,7 @@ index cbe14e4..778b174 100644
miscfiles_read_localization(dovecot_deliver_t)
-@@ -301,5 +342,15 @@ tunable_policy(`use_samba_home_dirs',`
+@@ -301,5 +344,15 @@ tunable_policy(`use_samba_home_dirs',`
')
optional_policy(`
@@ -32306,7 +32480,7 @@ index 256166a..15daf47 100644
/usr/lib(64)?/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
-index 343cee3..3d7edf0 100644
+index 343cee3..4238760 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -37,9 +37,9 @@ interface(`mta_stub',`
@@ -32465,7 +32639,37 @@ index 343cee3..3d7edf0 100644
## Execute sendmail in the caller domain.
##