diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 78a95ce81..a7bb2af57 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -1939,6 +1939,24 @@ interface(`dev_setattr_dri_dev',`
setattr_chr_files_pattern($1, device_t, dri_device_t)
')
+########################################
+##
+## IOCTL the dri devices.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`dev_ioctl_dri_dev',`
+ gen_require(`
+ type device_t, dri_device_t;
+ ')
+
+ allow $1 dri_device_t:chr_file ioctl;
+')
+
########################################
##
## Read and write the dri devices.
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index b9ae4079c..d230a5a29 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -397,9 +397,12 @@ optional_policy(`
')
optional_policy(`
- plymouthd_read_lib_files(kernel_t)
+ dev_ioctl_dri_dev(kernel_t)
+
+ plymouthd_delete_pid_files(kernel_t)
plymouthd_read_pid_files(kernel_t)
plymouthd_read_spool_files(kernel_t)
+ plymouthd_rw_lib_files(kernel_t)
term_use_ptmx(kernel_t)
term_use_unallocated_ttys(kernel_t)
diff --git a/policy/modules/services/plymouthd.if b/policy/modules/services/plymouthd.if
index 04e0c734f..3cc08b961 100644
--- a/policy/modules/services/plymouthd.if
+++ b/policy/modules/services/plymouthd.if
@@ -192,6 +192,25 @@ interface(`plymouthd_read_lib_files',`
read_files_pattern($1, plymouthd_var_lib_t, plymouthd_var_lib_t)
')
+########################################
+##
+## Read and write plymouthd lib files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`plymouthd_rw_lib_files',`
+ gen_require(`
+ type plymouthd_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ rw_files_pattern($1, plymouthd_var_lib_t, plymouthd_var_lib_t)
+')
+
########################################
##
## Create, read, write, and delete
@@ -232,6 +251,25 @@ interface(`plymouthd_read_pid_files',`
allow $1 plymouthd_var_run_t:file read_file_perms;
')
+########################################
+##
+## Delete the plymouthd pid files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`plymouthd_delete_pid_files',`
+ gen_require(`
+ type plymouthd_var_run_t;
+ ')
+
+ files_search_pids($1)
+ delete_files_pattern($1, plymouthd_var_run_t, plymouthd_var_run_t)
+')
+
########################################
##
## All of the rules required to
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index f118115ab..925c6ddfa 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -615,6 +615,10 @@ optional_policy(`
mta_dontaudit_getattr_spool_files(xdm_t)
')
+optional_policy(`
+ plymouthd_domtrans_plymouth(xdm_t)
+')
+
optional_policy(`
resmgr_stream_connect(xdm_t)
')