From bd70373de4aba5859db39b72deedfdd943cc16a0 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 6 Dec 2005 19:59:50 +0000
Subject: [PATCH] add unlabeled association rules

---
 refpolicy/Changelog                           |  2 ++
 refpolicy/policy/modules/admin/amanda.te      |  8 +++--
 refpolicy/policy/modules/admin/firstboot.te   |  3 +-
 refpolicy/policy/modules/admin/netutils.te    |  5 ++-
 refpolicy/policy/modules/admin/rpm.te         |  3 +-
 refpolicy/policy/modules/admin/vpn.te         |  1 +
 refpolicy/policy/modules/apps/gpg.if          |  2 ++
 refpolicy/policy/modules/apps/webalizer.te    |  3 +-
 .../policy/modules/kernel/corenetwork.if.in   | 16 ++++++++++
 refpolicy/policy/modules/kernel/kernel.if     | 32 +++++++++++++++++++
 refpolicy/policy/modules/kernel/kernel.te     |  3 +-
 refpolicy/policy/modules/services/apache.if   |  2 ++
 refpolicy/policy/modules/services/apache.te   |  5 ++-
 refpolicy/policy/modules/services/arpwatch.te |  3 +-
 refpolicy/policy/modules/services/avahi.te    |  3 +-
 refpolicy/policy/modules/services/bind.te     |  4 ++-
 .../policy/modules/services/bluetooth.te      |  7 ++--
 refpolicy/policy/modules/services/canna.te    |  1 +
 refpolicy/policy/modules/services/comsat.te   |  3 +-
 refpolicy/policy/modules/services/cron.if     |  1 +
 refpolicy/policy/modules/services/cron.te     |  3 +-
 refpolicy/policy/modules/services/cups.te     |  9 ++++--
 refpolicy/policy/modules/services/cvs.te      |  3 +-
 refpolicy/policy/modules/services/cyrus.te    |  3 +-
 refpolicy/policy/modules/services/dbskk.te    |  3 +-
 refpolicy/policy/modules/services/dbus.if     |  1 +
 refpolicy/policy/modules/services/dbus.te     |  2 +-
 refpolicy/policy/modules/services/dhcp.te     |  3 +-
 refpolicy/policy/modules/services/dictd.te    |  3 +-
 refpolicy/policy/modules/services/distcc.te   |  5 ++-
 refpolicy/policy/modules/services/dovecot.te  |  1 +
 refpolicy/policy/modules/services/finger.te   |  3 +-
 refpolicy/policy/modules/services/ftp.te      |  3 +-
 refpolicy/policy/modules/services/hal.te      |  3 +-
 refpolicy/policy/modules/services/howl.te     |  3 +-
 .../policy/modules/services/i18n_input.te     |  3 +-
 refpolicy/policy/modules/services/inetd.te    |  4 ++-
 refpolicy/policy/modules/services/inn.te      |  3 +-
 refpolicy/policy/modules/services/kerberos.if |  1 +
 refpolicy/policy/modules/services/kerberos.te |  4 ++-
 refpolicy/policy/modules/services/ktalk.te    |  3 +-
 refpolicy/policy/modules/services/ldap.te     |  3 +-
 refpolicy/policy/modules/services/lpd.te      |  4 ++-
 refpolicy/policy/modules/services/mailman.if  |  1 +
 refpolicy/policy/modules/services/mailman.te  |  2 +-
 refpolicy/policy/modules/services/mta.if      |  1 +
 refpolicy/policy/modules/services/mta.te      |  2 +-
 refpolicy/policy/modules/services/mysql.te    |  3 +-
 .../policy/modules/services/networkmanager.te |  3 +-
 refpolicy/policy/modules/services/nis.if      |  2 ++
 refpolicy/policy/modules/services/nis.te      |  7 ++--
 refpolicy/policy/modules/services/nscd.te     |  3 +-
 refpolicy/policy/modules/services/ntp.te      |  3 +-
 refpolicy/policy/modules/services/pegasus.te  |  3 +-
 refpolicy/policy/modules/services/portmap.te  |  4 ++-
 refpolicy/policy/modules/services/postfix.if  |  1 +
 refpolicy/policy/modules/services/postfix.te  |  8 +++--
 .../policy/modules/services/postgresql.te     |  3 +-
 refpolicy/policy/modules/services/ppp.te      |  4 ++-
 refpolicy/policy/modules/services/privoxy.te  |  3 +-
 refpolicy/policy/modules/services/procmail.te |  3 +-
 refpolicy/policy/modules/services/radius.te   |  5 +--
 refpolicy/policy/modules/services/radvd.te    |  3 +-
 refpolicy/policy/modules/services/rdisc.te    |  3 +-
 refpolicy/policy/modules/services/rlogin.te   |  3 +-
 refpolicy/policy/modules/services/rpc.if      |  1 +
 refpolicy/policy/modules/services/rpc.te      |  2 +-
 refpolicy/policy/modules/services/rshd.te     |  3 +-
 refpolicy/policy/modules/services/rsync.te    |  3 +-
 refpolicy/policy/modules/services/samba.te    |  8 ++++-
 refpolicy/policy/modules/services/sasl.te     |  3 +-
 refpolicy/policy/modules/services/sendmail.te |  3 +-
 refpolicy/policy/modules/services/snmp.te     |  3 +-
 .../policy/modules/services/spamassassin.if   |  2 ++
 .../policy/modules/services/spamassassin.te   |  3 +-
 refpolicy/policy/modules/services/squid.te    |  3 +-
 refpolicy/policy/modules/services/ssh.if      |  2 ++
 refpolicy/policy/modules/services/ssh.te      |  2 +-
 refpolicy/policy/modules/services/stunnel.te  |  3 +-
 refpolicy/policy/modules/services/tcpd.te     |  1 +
 refpolicy/policy/modules/services/telnet.te   |  3 +-
 refpolicy/policy/modules/services/tftp.te     |  3 +-
 refpolicy/policy/modules/services/timidity.te |  3 +-
 refpolicy/policy/modules/services/uucp.te     |  3 +-
 refpolicy/policy/modules/services/zebra.te    |  3 +-
 refpolicy/policy/modules/system/hotplug.te    |  3 +-
 refpolicy/policy/modules/system/init.te       |  3 +-
 refpolicy/policy/modules/system/ipsec.te      |  3 +-
 refpolicy/policy/modules/system/logging.te    |  3 +-
 refpolicy/policy/modules/system/lvm.te        |  3 +-
 refpolicy/policy/modules/system/mount.te      |  3 +-
 refpolicy/policy/modules/system/sysnetwork.if |  3 ++
 refpolicy/policy/modules/system/sysnetwork.te |  3 +-
 refpolicy/policy/modules/system/userdomain.if |  1 +
 refpolicy/policy/modules/system/userdomain.te |  2 +-
 95 files changed, 249 insertions(+), 85 deletions(-)

diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 456d58ff4..207c23f17 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,5 @@
+- Add unlabeled IPSEC association to domains with
+  networking permsiisions.
 - Merge systemuser back in to users, as these files
   do not need to be split.
 - Add check for duplicate interface/template definitions.
diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index 5aacf1bae..496f2144c 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -1,5 +1,5 @@
 
-policy_module(amanda,1.0)
+policy_module(amanda,1.0.1)
 
 #######################################
 #
@@ -132,10 +132,11 @@ corenet_raw_sendrecv_all_if(amanda_t)
 corenet_tcp_sendrecv_all_nodes(amanda_t)
 corenet_udp_sendrecv_all_nodes(amanda_t)
 corenet_raw_sendrecv_all_nodes(amanda_t)
-corenet_tcp_bind_all_nodes(amanda_t)
-corenet_udp_bind_all_nodes(amanda_t)
 corenet_tcp_sendrecv_all_ports(amanda_t)
 corenet_udp_sendrecv_all_ports(amanda_t)
+corenet_non_ipsec_sendrecv(amanda_t)
+corenet_tcp_bind_all_nodes(amanda_t)
+corenet_udp_bind_all_nodes(amanda_t)
 
 dev_getattr_all_blk_files(amanda_t)
 dev_getattr_all_chr_files(amanda_t)
@@ -221,6 +222,7 @@ corenet_udp_sendrecv_all_nodes(amanda_recover_t)
 corenet_raw_sendrecv_all_nodes(amanda_recover_t)
 corenet_tcp_sendrecv_all_ports(amanda_recover_t)
 corenet_udp_sendrecv_all_ports(amanda_recover_t)
+corenet_non_ipsec_sendrecv(amanda_recover_t)
 corenet_tcp_bind_all_nodes(amanda_recover_t)
 corenet_udp_bind_all_nodes(amanda_recover_t)
 corenet_tcp_connect_amanda_port(amanda_recover_t)
diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te
index cd171a640..c52971105 100644
--- a/refpolicy/policy/modules/admin/firstboot.te
+++ b/refpolicy/policy/modules/admin/firstboot.te
@@ -1,5 +1,5 @@
 
-policy_module(firstboot,1.0)
+policy_module(firstboot,1.0.1)
 
 gen_require(`
 	class passwd rootok;
@@ -53,6 +53,7 @@ corenet_raw_sendrecv_all_if(firstboot_t)
 corenet_tcp_sendrecv_all_nodes(firstboot_t)
 corenet_raw_sendrecv_all_nodes(firstboot_t)
 corenet_tcp_sendrecv_all_ports(firstboot_t)
+corenet_non_ipsec_sendrecv(firstboot_t)
 corenet_tcp_bind_all_nodes(firstboot_t)
 
 dev_read_urand(firstboot_t)
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index 3842a4687..036be3b5a 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -1,5 +1,5 @@
 
-policy_module(netutils,1.0)
+policy_module(netutils,1.0.1)
 
 ########################################
 #
@@ -51,6 +51,7 @@ corenet_raw_sendrecv_all_nodes(netutils_t)
 corenet_udp_sendrecv_all_nodes(netutils_t)
 corenet_tcp_sendrecv_all_ports(netutils_t)
 corenet_udp_sendrecv_all_ports(netutils_t)
+corenet_non_ipsec_sendrecv(netutils_t)
 corenet_tcp_bind_all_nodes(netutils_t)
 corenet_udp_bind_all_nodes(netutils_t)
 corenet_tcp_connect_all_ports(netutils_t)
@@ -110,6 +111,7 @@ corenet_tcp_sendrecv_all_nodes(ping_t)
 corenet_udp_sendrecv_all_nodes(ping_t)
 corenet_tcp_sendrecv_all_ports(ping_t)
 corenet_udp_sendrecv_all_ports(ping_t)
+corenet_non_ipsec_sendrecv(ping_t)
 corenet_udp_bind_all_nodes(ping_t)
 corenet_tcp_bind_all_nodes(ping_t)
 
@@ -188,6 +190,7 @@ corenet_tcp_sendrecv_all_nodes(traceroute_t)
 corenet_udp_sendrecv_all_nodes(traceroute_t)
 corenet_tcp_sendrecv_all_ports(traceroute_t)
 corenet_udp_sendrecv_all_ports(traceroute_t)
+corenet_non_ipsec_sendrecv(traceroute_t)
 corenet_udp_bind_all_nodes(traceroute_t)
 corenet_tcp_bind_all_nodes(traceroute_t)
 # traceroute needs this but not tracepath
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index 246c73f2e..0a797441b 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -1,5 +1,5 @@
 
-policy_module(rpm,1.0.2)
+policy_module(rpm,1.0.3)
 
 ########################################
 #
@@ -104,6 +104,7 @@ corenet_raw_sendrecv_all_nodes(rpm_t)
 corenet_udp_sendrecv_all_nodes(rpm_t)
 corenet_tcp_sendrecv_all_ports(rpm_t)
 corenet_udp_sendrecv_all_ports(rpm_t)
+corenet_non_ipsec_sendrecv(rpm_t)
 corenet_tcp_bind_all_nodes(rpm_t)
 corenet_udp_bind_all_nodes(rpm_t)
 corenet_tcp_connect_all_ports(rpm_t)
diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te
index 832d64d9a..0dc9382b9 100644
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(vpnc_t)
 corenet_raw_sendrecv_all_nodes(vpnc_t)
 corenet_tcp_sendrecv_all_ports(vpnc_t)
 corenet_udp_sendrecv_all_ports(vpnc_t)
+corenet_non_ipsec_sendrecv(vpnc_t)
 corenet_tcp_bind_all_nodes(vpnc_t)
 corenet_udp_bind_all_nodes(vpnc_t)
 corenet_udp_bind_generic_port(vpnc_t)
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 50e1b4274..3495ef029 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -99,6 +99,7 @@ template(`gpg_per_userdomain_template',`
 	corenet_udp_sendrecv_all_nodes($1_gpg_t)
 	corenet_tcp_sendrecv_all_ports($1_gpg_t)
 	corenet_udp_sendrecv_all_ports($1_gpg_t)
+	corenet_non_ipsec_sendrecv($1_gpg_t)
 	corenet_tcp_bind_all_nodes($1_gpg_t)
 	corenet_udp_bind_all_nodes($1_gpg_t)
 	corenet_tcp_connect_all_ports($1_gpg_t)
@@ -179,6 +180,7 @@ template(`gpg_per_userdomain_template',`
 	corenet_raw_sendrecv_all_nodes($1_gpg_helper_t)
 	corenet_tcp_sendrecv_all_ports($1_gpg_helper_t)
 	corenet_udp_sendrecv_all_ports($1_gpg_helper_t)
+	corenet_non_ipsec_sendrecv($1_gpg_helper_t)
 	corenet_tcp_bind_all_nodes($1_gpg_helper_t)
 	corenet_udp_bind_all_nodes($1_gpg_helper_t)
 	corenet_tcp_connect_all_ports($1_gpg_helper_t)
diff --git a/refpolicy/policy/modules/apps/webalizer.te b/refpolicy/policy/modules/apps/webalizer.te
index 80dcd4302..7180ce740 100644
--- a/refpolicy/policy/modules/apps/webalizer.te
+++ b/refpolicy/policy/modules/apps/webalizer.te
@@ -1,5 +1,5 @@
 
-policy_module(webalizer,1.0.1)
+policy_module(webalizer,1.0.2)
 
 ########################################
 #
@@ -67,6 +67,7 @@ corenet_tcp_sendrecv_all_nodes(webalizer_t)
 corenet_raw_sendrecv_all_nodes(webalizer_t)
 corenet_tcp_sendrecv_all_ports(webalizer_t)
 corenet_udp_sendrecv_all_ports(webalizer_t)
+corenet_non_ipsec_sendrecv(webalizer_t)
 corenet_tcp_bind_all_nodes(webalizer_t)
 corenet_udp_bind_all_nodes(webalizer_t)
 
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index bd845e448..680714a9a 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1039,6 +1039,20 @@ interface(`corenet_use_ppp_device',`
 	allow $1 ppp_device_t:chr_file rw_file_perms;
 ')
 
+########################################
+## <summary>
+##	Send and receive messages on a
+##	non-encrypted (no IPSEC) network
+##	session.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`corenet_non_ipsec_sendrecv',`
+	kernel_sendrecv_unlabeled_association($1)
+')
+
 ########################################
 ## <summary>
 ##	Unconfined access to network objects.
@@ -1061,4 +1075,6 @@ interface(`corenet_unconfined',`
 	# cjp: rawip_socket doesnt make any sense
 	allow $1 port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
 	allow $1 node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
+
+	corenet_non_ipsec_sendrecv($1)
 ')
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 9f2544418..4b0530254 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -1683,6 +1683,37 @@ interface(`kernel_relabel_unlabeled',`
 	allow $1 unlabeled_t:dir_file_class_set { getattr relabelfrom };
 ')
 
+########################################
+## <summary>
+##	Send and receive messages from an
+##	unlabeled IPSEC association.
+## </summary>
+## <desc>
+##	<p>
+##	Send and receive messages from an
+##	unlabeled IPSEC association.  Network
+##	connections that are not protected
+##	by IPSEC have use an unlabeled
+##	assocation.
+##	</p>
+##	<p>
+##	The corenetwork interface
+##	corenet_sendrecv_no_ipsec() should
+##	be used instead of this one.
+##	</p>
+## </desc>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`kernel_sendrecv_unlabeled_association',`
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:association { sendto recvfrom };
+')
+
 ########################################
 ## <summary>
 ##	Unconfined access to the kernel.
@@ -1709,6 +1740,7 @@ interface(`kernel_unconfined',`
 
 	allow $1 unlabeled_t:dir_file_class_set *;
 	allow $1 unlabeled_t:filesystem *;
+	allow $1 unlabeled_t:association *;
 
 	typeattribute $1 can_load_kernmodule, can_receive_kernel_messages;
 	typeattribute $1 kern_unconfined;
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 9d670f4f6..71ba5e8e4 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
 
-policy_module(kernel,1.0)
+policy_module(kernel,1.0.1)
 
 ########################################
 #
@@ -193,6 +193,7 @@ allow kernel_t sysctl_kernel_t:file r_file_perms;
 # cjp: this seems questionable
 allow kernel_t unlabeled_t:fifo_file rw_file_perms;
 
+corenet_non_ipsec_sendrecv(kernel_t)
 # Kernel-generated traffic e.g., ICMP replies:
 corenet_raw_sendrecv_all_if(kernel_t)
 corenet_raw_sendrecv_all_nodes(kernel_t)
diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if
index ea81708ed..6748e10ab 100644
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@@ -191,6 +191,7 @@ template(`apache_content_template',`
 	tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
 		allow httpd_$1_script_t self:tcp_socket create_stream_socket_perms;
 		allow httpd_$1_script_t self:udp_socket create_socket_perms;
+
 		corenet_tcp_sendrecv_all_if(httpd_$1_script_t)
 		corenet_udp_sendrecv_all_if(httpd_$1_script_t)
 		corenet_raw_sendrecv_all_if(httpd_$1_script_t)
@@ -199,6 +200,7 @@ template(`apache_content_template',`
 		corenet_raw_sendrecv_all_nodes(httpd_$1_script_t)
 		corenet_tcp_sendrecv_all_ports(httpd_$1_script_t)
 		corenet_udp_sendrecv_all_ports(httpd_$1_script_t)
+		corenet_non_ipsec_sendrecv(httpd_$1_script_t)
 		corenet_tcp_bind_all_nodes(httpd_$1_script_t)
 		corenet_udp_bind_all_nodes(httpd_$1_script_t)
 		corenet_tcp_connect_all_ports(httpd_$1_script_t)
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index d55849670..793754f09 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
 
-policy_module(apache,1.0.1)
+policy_module(apache,1.0.2)
 
 #
 # NOTES: 
@@ -221,6 +221,7 @@ corenet_udp_sendrecv_all_nodes(httpd_t)
 corenet_raw_sendrecv_all_nodes(httpd_t)
 corenet_tcp_sendrecv_all_ports(httpd_t)
 corenet_udp_sendrecv_all_ports(httpd_t)
+corenet_non_ipsec_sendrecv(httpd_t)
 corenet_tcp_bind_all_nodes(httpd_t)
 corenet_udp_bind_all_nodes(httpd_t)
 corenet_tcp_bind_http_port(httpd_t)
@@ -315,6 +316,7 @@ tunable_policy(`httpd_can_network_connect',`
 	corenet_raw_sendrecv_all_nodes(httpd_t)
 	corenet_tcp_sendrecv_all_ports(httpd_t)
 	corenet_udp_sendrecv_all_ports(httpd_t)
+	corenet_non_ipsec_sendrecv(httpd_t)
 	corenet_tcp_bind_all_nodes(httpd_t)
 	corenet_udp_bind_all_nodes(httpd_t)
 	corenet_tcp_connect_all_ports(httpd_t)
@@ -568,6 +570,7 @@ tunable_policy(`httpd_can_network_connect',`
 	corenet_raw_sendrecv_all_nodes(httpd_suexec_t)
 	corenet_tcp_sendrecv_all_ports(httpd_suexec_t)
 	corenet_udp_sendrecv_all_ports(httpd_suexec_t)
+	corenet_non_ipsec_sendrecv(httpd_suexec_t)
 	corenet_tcp_bind_all_nodes(httpd_suexec_t)
 	corenet_udp_bind_all_nodes(httpd_suexec_t)
 	corenet_tcp_connect_all_ports(httpd_suexec_t)
diff --git a/refpolicy/policy/modules/services/arpwatch.te b/refpolicy/policy/modules/services/arpwatch.te
index 74e4d5c70..03b23864e 100644
--- a/refpolicy/policy/modules/services/arpwatch.te
+++ b/refpolicy/policy/modules/services/arpwatch.te
@@ -1,5 +1,5 @@
 
-policy_module(arpwatch,1.0)
+policy_module(arpwatch,1.0.1)
 
 ########################################
 #
@@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(arpwatch_t)
 corenet_raw_sendrecv_all_nodes(arpwatch_t)
 corenet_tcp_sendrecv_all_ports(arpwatch_t)
 corenet_udp_sendrecv_all_ports(arpwatch_t)
+corenet_non_ipsec_sendrecv(arpwatch_t)
 corenet_tcp_bind_all_nodes(arpwatch_t)
 corenet_udp_bind_all_nodes(arpwatch_t)
 
diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index fe04bba3a..148e959a6 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -1,5 +1,5 @@
 
-policy_module(avahi,1.0.2)
+policy_module(avahi,1.0.3)
 
 ########################################
 #
@@ -46,6 +46,7 @@ corenet_raw_sendrecv_all_nodes(avahi_t)
 corenet_udp_sendrecv_all_nodes(avahi_t)
 corenet_tcp_sendrecv_all_ports(avahi_t)
 corenet_udp_sendrecv_all_ports(avahi_t)
+corenet_non_ipsec_sendrecv(avahi_t)
 corenet_tcp_bind_all_nodes(avahi_t)
 corenet_udp_bind_all_nodes(avahi_t)
 corenet_tcp_bind_howl_port(avahi_t)
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 659b761f9..6c24b210f 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -1,5 +1,5 @@
 
-policy_module(bind,1.0.1)
+policy_module(bind,1.0.2)
 
 ########################################
 #
@@ -107,6 +107,7 @@ corenet_udp_sendrecv_all_nodes(named_t)
 corenet_raw_sendrecv_all_nodes(named_t)
 corenet_tcp_sendrecv_all_ports(named_t)
 corenet_udp_sendrecv_all_ports(named_t)
+corenet_non_ipsec_sendrecv(named_t)
 corenet_tcp_bind_all_nodes(named_t)
 corenet_udp_bind_all_nodes(named_t)
 corenet_tcp_bind_dns_port(named_t)
@@ -243,6 +244,7 @@ corenet_raw_sendrecv_all_if(ndc_t)
 corenet_tcp_sendrecv_all_nodes(ndc_t)
 corenet_raw_sendrecv_all_nodes(ndc_t)
 corenet_tcp_sendrecv_all_ports(ndc_t)
+corenet_non_ipsec_sendrecv(ndc_t)
 corenet_tcp_bind_all_nodes(ndc_t)
 corenet_tcp_connect_rndc_port(ndc_t)
 
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 8b35c1d2e..03e5a2940 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -1,5 +1,5 @@
 
-policy_module(bluetooth,1.0.1)
+policy_module(bluetooth,1.0.2)
 
 ########################################
 #
@@ -93,10 +93,11 @@ corenet_raw_sendrecv_all_if(bluetooth_t)
 corenet_tcp_sendrecv_all_nodes(bluetooth_t)
 corenet_udp_sendrecv_all_nodes(bluetooth_t)
 corenet_raw_sendrecv_all_nodes(bluetooth_t)
-corenet_tcp_bind_all_nodes(bluetooth_t)
-corenet_udp_bind_all_nodes(bluetooth_t)
 corenet_tcp_sendrecv_all_ports(bluetooth_t)
 corenet_udp_sendrecv_all_ports(bluetooth_t)
+corenet_non_ipsec_sendrecv(bluetooth_t)
+corenet_tcp_bind_all_nodes(bluetooth_t)
+corenet_udp_bind_all_nodes(bluetooth_t)
 
 dev_read_sysfs(bluetooth_t)
 dev_rw_usbfs(bluetooth_t)
diff --git a/refpolicy/policy/modules/services/canna.te b/refpolicy/policy/modules/services/canna.te
index f0004d82a..b119afeaf 100644
--- a/refpolicy/policy/modules/services/canna.te
+++ b/refpolicy/policy/modules/services/canna.te
@@ -54,6 +54,7 @@ corenet_raw_sendrecv_all_if(canna_t)
 corenet_tcp_sendrecv_all_nodes(canna_t)
 corenet_raw_sendrecv_all_nodes(canna_t)
 corenet_tcp_sendrecv_all_ports(canna_t)
+corenet_non_ipsec_sendrecv(canna_t)
 corenet_tcp_bind_all_nodes(canna_t)
 corenet_tcp_connect_all_ports(canna_t)
 
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index dc2cfb577..7ee2abd78 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -1,5 +1,5 @@
 
-policy_module(comsat,1.0)
+policy_module(comsat,1.0.1)
 
 ########################################
 #
@@ -51,6 +51,7 @@ corenet_udp_sendrecv_all_nodes(comsat_t)
 corenet_raw_sendrecv_all_nodes(comsat_t)
 corenet_tcp_sendrecv_all_ports(comsat_t)
 corenet_udp_sendrecv_all_ports(comsat_t)
+corenet_non_ipsec_sendrecv(comsat_t)
 corenet_tcp_bind_all_nodes(comsat_t)
 corenet_udp_bind_all_nodes(comsat_t)
 
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index ad04e4dee..72f4d1085 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -93,6 +93,7 @@ template(`cron_per_userdomain_template',`
 	corenet_udp_sendrecv_all_nodes($1_crond_t)
 	corenet_tcp_sendrecv_all_ports($1_crond_t)
 	corenet_udp_sendrecv_all_ports($1_crond_t)
+	corenet_non_ipsec_sendrecv($1_crond_t)
 	corenet_tcp_bind_all_nodes($1_crond_t)
 	corenet_udp_bind_all_nodes($1_crond_t)
 	corenet_tcp_connect_all_ports($1_crond_t)
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index c59ade910..e5792d2d5 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -1,5 +1,5 @@
 
-policy_module(cron, 1.0.2)
+policy_module(cron, 1.0.3)
 
 gen_require(`
 	class passwd rootok;
@@ -285,6 +285,7 @@ ifdef(`targeted_policy',`
 	corenet_udp_sendrecv_all_nodes(system_crond_t)
 	corenet_tcp_sendrecv_all_ports(system_crond_t)
 	corenet_udp_sendrecv_all_ports(system_crond_t)
+	corenet_non_ipsec_sendrecv(system_crond_t)
 	corenet_tcp_bind_all_nodes(system_crond_t)
 	corenet_udp_bind_all_nodes(system_crond_t)
 
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 34be18854..1ff7d2009 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -1,5 +1,5 @@
 
-policy_module(cups,1.0.2)
+policy_module(cups,1.0.3)
 
 ########################################
 #
@@ -130,6 +130,7 @@ corenet_udp_sendrecv_all_nodes(cupsd_t)
 corenet_raw_sendrecv_all_nodes(cupsd_t)
 corenet_tcp_sendrecv_all_ports(cupsd_t)
 corenet_udp_sendrecv_all_ports(cupsd_t)
+corenet_non_ipsec_sendrecv(cupsd_t)
 corenet_tcp_bind_all_nodes(cupsd_t)
 corenet_udp_bind_all_nodes(cupsd_t)
 corenet_tcp_bind_ipp_port(cupsd_t)
@@ -312,8 +313,9 @@ corenet_tcp_sendrecv_all_if(ptal_t)
 corenet_raw_sendrecv_all_if(ptal_t)
 corenet_tcp_sendrecv_all_nodes(ptal_t)
 corenet_raw_sendrecv_all_nodes(ptal_t)
-corenet_tcp_bind_all_nodes(ptal_t)
 corenet_tcp_sendrecv_all_ports(ptal_t)
+corenet_non_ipsec_sendrecv(ptal_t)
+corenet_tcp_bind_all_nodes(ptal_t)
 corenet_tcp_bind_ptal_port(ptal_t)
 
 dev_read_sysfs(ptal_t)
@@ -400,6 +402,7 @@ corenet_udp_sendrecv_all_nodes(hplip_t)
 corenet_raw_sendrecv_all_nodes(hplip_t)
 corenet_tcp_sendrecv_all_ports(hplip_t)
 corenet_udp_sendrecv_all_ports(hplip_t)
+corenet_non_ipsec_sendrecv(hplip_t)
 corenet_tcp_bind_all_nodes(hplip_t)
 corenet_udp_bind_all_nodes(hplip_t)
 corenet_tcp_bind_hplip_port(hplip_t)
@@ -518,6 +521,7 @@ corenet_raw_sendrecv_all_if(cupsd_config_t)
 corenet_tcp_sendrecv_all_nodes(cupsd_config_t)
 corenet_raw_sendrecv_all_nodes(cupsd_config_t)
 corenet_tcp_sendrecv_all_ports(cupsd_config_t)
+corenet_non_ipsec_sendrecv(cupsd_config_t)
 corenet_tcp_bind_all_nodes(cupsd_config_t)
 corenet_tcp_connect_all_ports(cupsd_config_t)
 
@@ -694,6 +698,7 @@ corenet_udp_sendrecv_all_nodes(cupsd_lpd_t)
 corenet_raw_sendrecv_all_nodes(cupsd_lpd_t)
 corenet_tcp_sendrecv_all_ports(cupsd_lpd_t)
 corenet_udp_sendrecv_all_ports(cupsd_lpd_t)
+corenet_non_ipsec_sendrecv(cupsd_lpd_t)
 corenet_tcp_bind_all_nodes(cupsd_lpd_t)
 corenet_udp_bind_all_nodes(cupsd_lpd_t)
 corenet_tcp_connect_ipp_port(cupsd_lpd_t)
diff --git a/refpolicy/policy/modules/services/cvs.te b/refpolicy/policy/modules/services/cvs.te
index e2c87e133..0dd1d2deb 100644
--- a/refpolicy/policy/modules/services/cvs.te
+++ b/refpolicy/policy/modules/services/cvs.te
@@ -1,5 +1,5 @@
 
-policy_module(cvs,1.0)
+policy_module(cvs,1.0.1)
 
 ########################################
 #
@@ -56,6 +56,7 @@ corenet_udp_sendrecv_all_nodes(cvs_t)
 corenet_raw_sendrecv_all_nodes(cvs_t)
 corenet_tcp_sendrecv_all_ports(cvs_t)
 corenet_udp_sendrecv_all_ports(cvs_t)
+corenet_non_ipsec_sendrecv(cvs_t)
 corenet_tcp_bind_all_nodes(cvs_t)
 corenet_udp_bind_all_nodes(cvs_t)
 
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index fa3c89754..83d91ad79 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -1,5 +1,5 @@
 
-policy_module(cyrus,1.0)
+policy_module(cyrus,1.0.1)
 
 ########################################
 #
@@ -67,6 +67,7 @@ corenet_udp_sendrecv_all_nodes(cyrus_t)
 corenet_raw_sendrecv_all_nodes(cyrus_t)
 corenet_tcp_sendrecv_all_ports(cyrus_t)
 corenet_udp_sendrecv_all_ports(cyrus_t)
+corenet_non_ipsec_sendrecv(cyrus_t)
 corenet_tcp_bind_all_nodes(cyrus_t)
 corenet_udp_bind_all_nodes(cyrus_t)
 corenet_tcp_bind_mail_port(cyrus_t)
diff --git a/refpolicy/policy/modules/services/dbskk.te b/refpolicy/policy/modules/services/dbskk.te
index 935427cf0..09a97b8dc 100644
--- a/refpolicy/policy/modules/services/dbskk.te
+++ b/refpolicy/policy/modules/services/dbskk.te
@@ -1,5 +1,5 @@
 
-policy_module(dbskk,1.0)
+policy_module(dbskk,1.0.1)
 
 ########################################
 #
@@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(dbskkd_t)
 corenet_raw_sendrecv_all_nodes(dbskkd_t)
 corenet_tcp_sendrecv_all_ports(dbskkd_t)
 corenet_udp_sendrecv_all_ports(dbskkd_t)
+corenet_non_ipsec_sendrecv(dbskkd_t)
 corenet_tcp_bind_all_nodes(dbskkd_t)
 corenet_udp_bind_all_nodes(dbskkd_t)
 
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index 3259c6a40..a271d2722 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -107,6 +107,7 @@ template(`dbus_per_userdomain_template',`
 	corenet_tcp_sendrecv_all_nodes($1_dbusd_t)
 	corenet_raw_sendrecv_all_nodes($1_dbusd_t)
 	corenet_tcp_sendrecv_all_ports($1_dbusd_t)
+	corenet_non_ipsec_sendrecv($1_dbusd_t)
 	corenet_tcp_bind_all_nodes($1_dbusd_t)
 	corenet_tcp_bind_reserved_port($1_dbusd_t)
 
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index ff68da787..64d25a99e 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -1,5 +1,5 @@
 
-policy_module(dbus,1.0.1)
+policy_module(dbus,1.0.2)
 
 gen_require(`
 	class dbus { send_msg acquire_svc };
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index 0ad9809c7..9b879a7d8 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -1,5 +1,5 @@
 
-policy_module(dhcp,1.0)
+policy_module(dhcp,1.0.1)
 
 ########################################
 #
@@ -62,6 +62,7 @@ corenet_udp_sendrecv_all_nodes(dhcpd_t)
 corenet_raw_sendrecv_all_nodes(dhcpd_t)
 corenet_tcp_sendrecv_all_ports(dhcpd_t)
 corenet_udp_sendrecv_all_ports(dhcpd_t)
+corenet_non_ipsec_sendrecv(dhcpd_t)
 corenet_tcp_bind_all_nodes(dhcpd_t)
 corenet_udp_bind_all_nodes(dhcpd_t)
 corenet_tcp_bind_dhcpd_port(dhcpd_t)
diff --git a/refpolicy/policy/modules/services/dictd.te b/refpolicy/policy/modules/services/dictd.te
index c13cf87e7..3fb6a0376 100644
--- a/refpolicy/policy/modules/services/dictd.te
+++ b/refpolicy/policy/modules/services/dictd.te
@@ -1,5 +1,5 @@
 
-policy_module(dictd,1.0)
+policy_module(dictd,1.0.1)
 
 ########################################
 #
@@ -46,6 +46,7 @@ corenet_udp_sendrecv_all_nodes(dictd_t)
 corenet_raw_sendrecv_all_nodes(dictd_t)
 corenet_tcp_sendrecv_all_ports(dictd_t)
 corenet_udp_sendrecv_all_ports(dictd_t)
+corenet_non_ipsec_sendrecv(dictd_t)
 corenet_tcp_bind_all_nodes(dictd_t)
 corenet_udp_bind_all_nodes(dictd_t)
 corenet_tcp_bind_dict_port(dictd_t)
diff --git a/refpolicy/policy/modules/services/distcc.te b/refpolicy/policy/modules/services/distcc.te
index c84cd3ad1..b480c932c 100644
--- a/refpolicy/policy/modules/services/distcc.te
+++ b/refpolicy/policy/modules/services/distcc.te
@@ -1,5 +1,5 @@
 
-policy_module(distcc,1.0)
+policy_module(distcc,1.0.1)
 
 ########################################
 #
@@ -45,8 +45,6 @@ files_create_pid(distccd_t,distccd_var_run_t)
 kernel_read_system_state(distccd_t)
 kernel_read_kernel_sysctl(distccd_t)
 
-allow distccd_t self:tcp_socket create_stream_socket_perms;
-allow distccd_t self:udp_socket create_socket_perms;
 corenet_tcp_sendrecv_all_if(distccd_t)
 corenet_udp_sendrecv_all_if(distccd_t)
 corenet_raw_sendrecv_all_if(distccd_t)
@@ -55,6 +53,7 @@ corenet_udp_sendrecv_all_nodes(distccd_t)
 corenet_raw_sendrecv_all_nodes(distccd_t)
 corenet_tcp_sendrecv_all_ports(distccd_t)
 corenet_udp_sendrecv_all_ports(distccd_t)
+corenet_non_ipsec_sendrecv(distccd_t)
 corenet_tcp_bind_all_nodes(distccd_t)
 corenet_udp_bind_all_nodes(distccd_t)
 corenet_tcp_bind_distccd_port(distccd_t)
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index 718dc0f39..df3787283 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -75,6 +75,7 @@ corenet_raw_sendrecv_all_if(dovecot_t)
 corenet_tcp_sendrecv_all_nodes(dovecot_t)
 corenet_raw_sendrecv_all_nodes(dovecot_t)
 corenet_tcp_sendrecv_all_ports(dovecot_t)
+corenet_non_ipsec_sendrecv(dovecot_t)
 corenet_tcp_bind_all_nodes(dovecot_t)
 corenet_tcp_bind_pop_port(dovecot_t)
 corenet_tcp_connect_all_ports(dovecot_t)
diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te
index 50b676939..0667d9323 100644
--- a/refpolicy/policy/modules/services/finger.te
+++ b/refpolicy/policy/modules/services/finger.te
@@ -1,5 +1,5 @@
 
-policy_module(finger,1.0)
+policy_module(finger,1.0.1)
 
 ########################################
 #
@@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(fingerd_t)
 corenet_raw_sendrecv_all_nodes(fingerd_t)
 corenet_tcp_sendrecv_all_ports(fingerd_t)
 corenet_udp_sendrecv_all_ports(fingerd_t)
+corenet_non_ipsec_sendrecv(fingerd_t)
 corenet_tcp_bind_all_nodes(fingerd_t)
 corenet_udp_bind_all_nodes(fingerd_t)
 corenet_tcp_bind_fingerd_port(fingerd_t)
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index 1490fb1bf..1a83d1c93 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -1,5 +1,5 @@
 
-policy_module(ftp,1.0.1)
+policy_module(ftp,1.0.2)
 
 ########################################
 #
@@ -82,6 +82,7 @@ corenet_udp_sendrecv_all_nodes(ftpd_t)
 corenet_raw_sendrecv_all_nodes(ftpd_t)
 corenet_tcp_sendrecv_all_ports(ftpd_t)
 corenet_udp_sendrecv_all_ports(ftpd_t)
+corenet_non_ipsec_sendrecv(ftpd_t)
 corenet_tcp_bind_all_nodes(ftpd_t)
 corenet_udp_bind_all_nodes(ftpd_t)
 corenet_tcp_bind_ftp_data_port(ftpd_t)
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 215e5bcec..8f5a8f3ab 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -1,5 +1,5 @@
 
-policy_module(hal,1.0.3)
+policy_module(hal,1.0.4)
 
 ########################################
 #
@@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(hald_t)
 corenet_raw_sendrecv_all_nodes(hald_t)
 corenet_tcp_sendrecv_all_ports(hald_t)
 corenet_udp_sendrecv_all_ports(hald_t)
+corenet_non_ipsec_sendrecv(hald_t)
 corenet_tcp_bind_all_nodes(hald_t)
 corenet_udp_bind_all_nodes(hald_t)
 
diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te
index 5673c90c1..3e1c8fc9f 100644
--- a/refpolicy/policy/modules/services/howl.te
+++ b/refpolicy/policy/modules/services/howl.te
@@ -1,5 +1,5 @@
 
-policy_module(howl,1.0)
+policy_module(howl,1.0.1)
 
 ########################################
 #
@@ -43,6 +43,7 @@ corenet_udp_sendrecv_all_nodes(howl_t)
 corenet_raw_sendrecv_all_nodes(howl_t)
 corenet_tcp_sendrecv_all_ports(howl_t)
 corenet_udp_sendrecv_all_ports(howl_t)
+corenet_non_ipsec_sendrecv(howl_t)
 corenet_tcp_bind_all_nodes(howl_t)
 corenet_udp_bind_all_nodes(howl_t)
 corenet_tcp_bind_howl_port(howl_t)
diff --git a/refpolicy/policy/modules/services/i18n_input.te b/refpolicy/policy/modules/services/i18n_input.te
index 9501590e7..02ac2a4c1 100644
--- a/refpolicy/policy/modules/services/i18n_input.te
+++ b/refpolicy/policy/modules/services/i18n_input.te
@@ -1,5 +1,5 @@
 
-policy_module(i18n_input,1.0.0)
+policy_module(i18n_input,1.0.1)
 
 ########################################
 #
@@ -46,6 +46,7 @@ corenet_udp_sendrecv_all_nodes(i18n_input_t)
 corenet_raw_sendrecv_all_nodes(i18n_input_t)
 corenet_tcp_sendrecv_all_ports(i18n_input_t)
 corenet_udp_sendrecv_all_ports(i18n_input_t)
+corenet_non_ipsec_sendrecv(i18n_input_t)
 corenet_tcp_bind_all_nodes(i18n_input_t)
 corenet_udp_bind_all_nodes(i18n_input_t)
 corenet_tcp_bind_i18n_input_port(i18n_input_t)
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 37de54397..898b55167 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -1,5 +1,5 @@
 
-policy_module(inetd,1.0.1)
+policy_module(inetd,1.0.2)
 
 ########################################
 #
@@ -66,6 +66,7 @@ corenet_udp_sendrecv_all_nodes(inetd_t)
 corenet_raw_sendrecv_all_nodes(inetd_t)
 corenet_tcp_sendrecv_all_ports(inetd_t)
 corenet_udp_sendrecv_all_ports(inetd_t)
+corenet_non_ipsec_sendrecv(inetd_t)
 corenet_tcp_bind_all_nodes(inetd_t)
 corenet_udp_bind_all_nodes(inetd_t)
 corenet_tcp_connect_all_ports(inetd_t)
@@ -192,6 +193,7 @@ corenet_udp_sendrecv_all_nodes(inetd_child_t)
 corenet_raw_sendrecv_all_nodes(inetd_child_t)
 corenet_tcp_sendrecv_all_ports(inetd_child_t)
 corenet_udp_sendrecv_all_ports(inetd_child_t)
+corenet_non_ipsec_sendrecv(inetd_child_t)
 corenet_tcp_bind_all_nodes(inetd_child_t)
 corenet_udp_bind_all_nodes(inetd_child_t)
 
diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te
index cc15668d5..95b87dca7 100644
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@@ -1,5 +1,5 @@
 
-policy_module(inn,1.0)
+policy_module(inn,1.0.1)
 
 ########################################
 #
@@ -71,6 +71,7 @@ corenet_tcp_sendrecv_all_nodes(innd_t)
 corenet_udp_sendrecv_all_nodes(innd_t)
 corenet_tcp_sendrecv_all_ports(innd_t)
 corenet_udp_sendrecv_all_ports(innd_t)
+corenet_non_ipsec_sendrecv(innd_t)
 corenet_tcp_bind_all_nodes(innd_t)
 corenet_udp_bind_all_nodes(innd_t)
 corenet_tcp_bind_innd_port(innd_t)
diff --git a/refpolicy/policy/modules/services/kerberos.if b/refpolicy/policy/modules/services/kerberos.if
index 9821152aa..153fd02f4 100644
--- a/refpolicy/policy/modules/services/kerberos.if
+++ b/refpolicy/policy/modules/services/kerberos.if
@@ -49,6 +49,7 @@ interface(`kerberos_use',`
 		corenet_raw_sendrecv_all_nodes($1)
 		corenet_tcp_sendrecv_kerberos_port($1)
 		corenet_udp_sendrecv_kerberos_port($1)
+		corenet_non_ipsec_sendrecv($1)
 		corenet_tcp_bind_all_nodes($1)
 		corenet_udp_bind_all_nodes($1)
 		corenet_tcp_connect_kerberos_port($1)
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index 852efe57b..3406a9fab 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -1,5 +1,5 @@
 
-policy_module(kerberos,1.0)
+policy_module(kerberos,1.0.1)
 
 ########################################
 #
@@ -95,6 +95,7 @@ corenet_udp_sendrecv_all_nodes(kadmind_t)
 corenet_raw_sendrecv_all_nodes(kadmind_t)
 corenet_tcp_sendrecv_all_ports(kadmind_t)
 corenet_udp_sendrecv_all_ports(kadmind_t)
+corenet_non_ipsec_sendrecv(kadmind_t)
 corenet_tcp_bind_all_nodes(kadmind_t)
 corenet_udp_bind_all_nodes(kadmind_t)
 corenet_tcp_bind_kerberos_admin_port(kadmind_t)
@@ -197,6 +198,7 @@ corenet_udp_sendrecv_all_nodes(krb5kdc_t)
 corenet_raw_sendrecv_all_nodes(krb5kdc_t)
 corenet_tcp_sendrecv_all_ports(krb5kdc_t)
 corenet_udp_sendrecv_all_ports(krb5kdc_t)
+corenet_non_ipsec_sendrecv(krb5kdc_t)
 corenet_tcp_bind_all_nodes(krb5kdc_t)
 corenet_udp_bind_all_nodes(krb5kdc_t)
 corenet_tcp_bind_kerberos_port(krb5kdc_t)
diff --git a/refpolicy/policy/modules/services/ktalk.te b/refpolicy/policy/modules/services/ktalk.te
index e346e9982..9966c38c3 100644
--- a/refpolicy/policy/modules/services/ktalk.te
+++ b/refpolicy/policy/modules/services/ktalk.te
@@ -1,5 +1,5 @@
 
-policy_module(ktalk,1.0)
+policy_module(ktalk,1.0.1)
 
 ########################################
 #
@@ -58,6 +58,7 @@ corenet_udp_sendrecv_all_nodes(ktalkd_t)
 corenet_raw_sendrecv_all_nodes(ktalkd_t)
 corenet_tcp_sendrecv_all_ports(ktalkd_t)
 corenet_udp_sendrecv_all_ports(ktalkd_t)
+corenet_non_ipsec_sendrecv(ktalkd_t)
 corenet_tcp_bind_all_nodes(ktalkd_t)
 corenet_udp_bind_all_nodes(ktalkd_t)
 
diff --git a/refpolicy/policy/modules/services/ldap.te b/refpolicy/policy/modules/services/ldap.te
index 973a7d3ec..5ac249519 100644
--- a/refpolicy/policy/modules/services/ldap.te
+++ b/refpolicy/policy/modules/services/ldap.te
@@ -1,5 +1,5 @@
 
-policy_module(ldap,1.0.1)
+policy_module(ldap,1.0.2)
 
 ########################################
 #
@@ -86,6 +86,7 @@ corenet_udp_sendrecv_all_nodes(slapd_t)
 corenet_raw_sendrecv_all_nodes(slapd_t)
 corenet_tcp_sendrecv_all_ports(slapd_t)
 corenet_udp_sendrecv_all_ports(slapd_t)
+corenet_non_ipsec_sendrecv(slapd_t)
 corenet_tcp_bind_all_nodes(slapd_t)
 corenet_udp_bind_all_nodes(slapd_t)
 corenet_tcp_bind_ldap_port(slapd_t)
diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te
index 976f75412..5498f9e15 100644
--- a/refpolicy/policy/modules/services/lpd.te
+++ b/refpolicy/policy/modules/services/lpd.te
@@ -1,5 +1,5 @@
 
-policy_module(lpd,1.0)
+policy_module(lpd,1.0.1)
 
 ########################################
 #
@@ -70,6 +70,7 @@ corenet_udp_sendrecv_all_nodes(checkpc_t)
 corenet_raw_sendrecv_all_nodes(checkpc_t)
 corenet_tcp_sendrecv_all_ports(checkpc_t)
 corenet_udp_sendrecv_all_ports(checkpc_t)
+corenet_non_ipsec_sendrecv(checkpc_t)
 corenet_tcp_bind_all_nodes(checkpc_t)
 corenet_udp_bind_all_nodes(checkpc_t)
 corenet_tcp_connect_all_ports(checkpc_t)
@@ -164,6 +165,7 @@ corenet_udp_sendrecv_all_nodes(lpd_t)
 corenet_raw_sendrecv_all_nodes(lpd_t)
 corenet_tcp_sendrecv_all_ports(lpd_t)
 corenet_udp_sendrecv_all_ports(lpd_t)
+corenet_non_ipsec_sendrecv(lpd_t)
 corenet_tcp_bind_all_nodes(lpd_t)
 corenet_udp_bind_all_nodes(lpd_t)
 corenet_tcp_bind_printer_port(lpd_t)
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index 626e96c42..cd4e1a5cc 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -56,6 +56,7 @@ template(`mailman_domain_template', `
 	corenet_raw_sendrecv_all_nodes(mailman_$1_t)
 	corenet_tcp_sendrecv_all_ports(mailman_$1_t)
 	corenet_udp_sendrecv_all_ports(mailman_$1_t)
+	corenet_non_ipsec_sendrecv(mailman_$1_t)
 	corenet_tcp_bind_all_nodes(mailman_$1_t)
 	corenet_udp_bind_all_nodes(mailman_$1_t)
 	corenet_tcp_connect_smtp_port(mailman_$1_t)
diff --git a/refpolicy/policy/modules/services/mailman.te b/refpolicy/policy/modules/services/mailman.te
index e834acaeb..aefb7ec52 100644
--- a/refpolicy/policy/modules/services/mailman.te
+++ b/refpolicy/policy/modules/services/mailman.te
@@ -1,5 +1,5 @@
 
-policy_module(mailman,1.0)
+policy_module(mailman,1.0.1)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 29ef57824..bf2bb0f3b 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -73,6 +73,7 @@ template(`mta_base_mail_template',`
 	corenet_tcp_sendrecv_all_nodes($1_mail_t)
 	corenet_raw_sendrecv_all_nodes($1_mail_t)
 	corenet_tcp_sendrecv_all_ports($1_mail_t)
+	corenet_non_ipsec_sendrecv($1_mail_t)
 	corenet_tcp_bind_all_nodes($1_mail_t)
 	corenet_tcp_connect_all_ports($1_mail_t)
 	corenet_tcp_connect_smtp_port($1_mail_t)
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index b9ff82f97..810d71137 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
 
-policy_module(mta,1.0.3)
+policy_module(mta,1.0.4)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index 6a23c8dd7..8810a0193 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -1,5 +1,5 @@
 
-policy_module(mysql,1.0)
+policy_module(mysql,1.0.1)
 
 ########################################
 #
@@ -73,6 +73,7 @@ corenet_udp_sendrecv_all_nodes(mysqld_t)
 corenet_raw_sendrecv_all_nodes(mysqld_t)
 corenet_tcp_sendrecv_all_ports(mysqld_t)
 corenet_udp_sendrecv_all_ports(mysqld_t)
+corenet_non_ipsec_sendrecv(mysqld_t)
 corenet_tcp_bind_all_nodes(mysqld_t)
 corenet_udp_bind_all_nodes(mysqld_t)
 corenet_tcp_bind_mysqld_port(mysqld_t)
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index 68ac5a7a7..c378beec3 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
 
-policy_module(networkmanager,1.0.1)
+policy_module(networkmanager,1.0.2)
 
 ########################################
 #
@@ -48,6 +48,7 @@ corenet_udp_sendrecv_all_nodes(NetworkManager_t)
 corenet_raw_sendrecv_all_nodes(NetworkManager_t)
 corenet_tcp_sendrecv_all_ports(NetworkManager_t)
 corenet_udp_sendrecv_all_ports(NetworkManager_t)
+corenet_non_ipsec_sendrecv(NetworkManager_t)
 corenet_tcp_bind_all_nodes(NetworkManager_t)
 corenet_udp_bind_all_nodes(NetworkManager_t)
 corenet_tcp_connect_all_ports(NetworkManager_t)
diff --git a/refpolicy/policy/modules/services/nis.if b/refpolicy/policy/modules/services/nis.if
index e7b62b68b..9193fbe78 100644
--- a/refpolicy/policy/modules/services/nis.if
+++ b/refpolicy/policy/modules/services/nis.if
@@ -43,6 +43,7 @@ interface(`nis_use_ypbind_uncond',`
 	corenet_raw_sendrecv_all_nodes($1)
 	corenet_tcp_sendrecv_all_ports($1)
 	corenet_udp_sendrecv_all_ports($1)
+	corenet_non_ipsec_sendrecv($1)
 	corenet_tcp_bind_all_nodes($1)
 	corenet_udp_bind_all_nodes($1)
 	corenet_tcp_bind_generic_port($1)
@@ -90,6 +91,7 @@ interface(`nis_use_ypbind',`
 		corenet_raw_sendrecv_all_nodes($1)
 		corenet_tcp_sendrecv_all_ports($1)
 		corenet_udp_sendrecv_all_ports($1)
+		corenet_non_ipsec_sendrecv($1)
 		corenet_tcp_bind_all_nodes($1)
 		corenet_udp_bind_all_nodes($1)
 		corenet_tcp_bind_generic_port($1)
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index c73005397..9eb0bfa50 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -74,10 +74,11 @@ corenet_raw_sendrecv_all_if(ypbind_t)
 corenet_tcp_sendrecv_all_nodes(ypbind_t)
 corenet_udp_sendrecv_all_nodes(ypbind_t)
 corenet_raw_sendrecv_all_nodes(ypbind_t)
-corenet_tcp_bind_all_nodes(ypbind_t)
-corenet_udp_bind_all_nodes(ypbind_t)
 corenet_tcp_sendrecv_all_ports(ypbind_t)
 corenet_udp_sendrecv_all_ports(ypbind_t)
+corenet_non_ipsec_sendrecv(ypbind_t)
+corenet_tcp_bind_all_nodes(ypbind_t)
+corenet_udp_bind_all_nodes(ypbind_t)
 corenet_tcp_bind_generic_port(ypbind_t)
 corenet_udp_bind_generic_port(ypbind_t)
 corenet_tcp_bind_reserved_port(ypbind_t)
@@ -169,6 +170,7 @@ corenet_udp_sendrecv_all_nodes(yppasswdd_t)
 corenet_raw_sendrecv_all_nodes(yppasswdd_t)
 corenet_tcp_sendrecv_all_ports(yppasswdd_t)
 corenet_udp_sendrecv_all_ports(yppasswdd_t)
+corenet_non_ipsec_sendrecv(yppasswdd_t)
 corenet_tcp_bind_all_nodes(yppasswdd_t)
 corenet_udp_bind_all_nodes(yppasswdd_t)
 corenet_tcp_bind_reserved_port(yppasswdd_t)
@@ -272,6 +274,7 @@ corenet_udp_sendrecv_all_nodes(ypserv_t)
 corenet_raw_sendrecv_all_nodes(ypserv_t)
 corenet_tcp_sendrecv_all_ports(ypserv_t)
 corenet_udp_sendrecv_all_ports(ypserv_t)
+corenet_non_ipsec_sendrecv(ypserv_t)
 corenet_tcp_bind_all_nodes(ypserv_t)
 corenet_udp_bind_all_nodes(ypserv_t)
 corenet_tcp_bind_reserved_port(ypserv_t)
diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te
index ff3eedfae..f03d6eb51 100644
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@@ -1,5 +1,5 @@
 
-policy_module(nscd,1.0)
+policy_module(nscd,1.0.1)
 
 gen_require(`
 	class nscd all_nscd_perms;
@@ -76,6 +76,7 @@ corenet_udp_sendrecv_all_nodes(nscd_t)
 corenet_raw_sendrecv_all_nodes(nscd_t)
 corenet_tcp_sendrecv_all_ports(nscd_t)
 corenet_udp_sendrecv_all_ports(nscd_t)
+corenet_non_ipsec_sendrecv(nscd_t)
 corenet_tcp_bind_all_nodes(nscd_t)
 corenet_udp_bind_all_nodes(nscd_t)
 corenet_tcp_connect_all_ports(nscd_t)
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index 2752ca556..9d112cb3f 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -1,5 +1,5 @@
 
-policy_module(ntp,1.0)
+policy_module(ntp,1.0.1)
 
 ########################################
 #
@@ -71,6 +71,7 @@ corenet_udp_sendrecv_all_nodes(ntpd_t)
 corenet_raw_sendrecv_all_nodes(ntpd_t)
 corenet_tcp_sendrecv_all_ports(ntpd_t)
 corenet_udp_sendrecv_all_ports(ntpd_t)
+corenet_non_ipsec_sendrecv(ntpd_t)
 corenet_tcp_bind_all_nodes(ntpd_t)
 corenet_udp_bind_all_nodes(ntpd_t)
 corenet_udp_bind_ntp_port(ntpd_t)
diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te
index d55ed9937..6c16b9907 100644
--- a/refpolicy/policy/modules/services/pegasus.te
+++ b/refpolicy/policy/modules/services/pegasus.te
@@ -1,5 +1,5 @@
 
-policy_module(pegasus,1.0.2)
+policy_module(pegasus,1.0.3)
 
 ########################################
 #
@@ -71,6 +71,7 @@ corenet_raw_sendrecv_all_if(pegasus_t)
 corenet_tcp_sendrecv_all_nodes(pegasus_t)
 corenet_raw_sendrecv_all_nodes(pegasus_t)
 corenet_tcp_sendrecv_all_ports(pegasus_t)
+corenet_non_ipsec_sendrecv(pegasus_t)
 corenet_tcp_bind_all_nodes(pegasus_t)
 corenet_tcp_bind_pegasus_http_port(pegasus_t)
 corenet_tcp_bind_pegasus_https_port(pegasus_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index b3c0188fe..789ca013d 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -1,5 +1,5 @@
 
-policy_module(portmap,1.0)
+policy_module(portmap,1.0.1)
 
 ########################################
 #
@@ -56,6 +56,7 @@ corenet_udp_sendrecv_all_nodes(portmap_t)
 corenet_raw_sendrecv_all_nodes(portmap_t)
 corenet_tcp_sendrecv_all_ports(portmap_t)
 corenet_udp_sendrecv_all_ports(portmap_t)
+corenet_non_ipsec_sendrecv(portmap_t)
 corenet_tcp_bind_all_nodes(portmap_t)
 corenet_udp_bind_all_nodes(portmap_t)
 corenet_tcp_bind_portmap_port(portmap_t)
@@ -172,6 +173,7 @@ corenet_udp_sendrecv_all_nodes(portmap_helper_t)
 corenet_raw_sendrecv_all_nodes(portmap_helper_t)
 corenet_tcp_sendrecv_all_ports(portmap_helper_t)
 corenet_udp_sendrecv_all_ports(portmap_helper_t)
+corenet_non_ipsec_sendrecv(portmap_helper_t)
 corenet_tcp_bind_all_nodes(portmap_helper_t)
 corenet_udp_bind_all_nodes(portmap_helper_t)
 corenet_tcp_bind_reserved_port(portmap_helper_t)
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index d4afb6617..3c4f40347 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -120,6 +120,7 @@ template(`postfix_server_domain_template',`
 	corenet_raw_sendrecv_all_nodes(postfix_$1_t)
 	corenet_tcp_sendrecv_all_ports(postfix_$1_t)
 	corenet_udp_sendrecv_all_ports(postfix_$1_t)
+	corenet_non_ipsec_sendrecv(postfix_$1_t)
 	corenet_tcp_bind_all_nodes(postfix_$1_t)
 	corenet_udp_bind_all_nodes(postfix_$1_t)
 	corenet_tcp_connect_all_ports(postfix_$1_t)
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index 6cbbec102..3575eb50b 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -1,5 +1,5 @@
 
-policy_module(postfix,1.0.3)
+policy_module(postfix,1.0.4)
 
 ########################################
 #
@@ -142,6 +142,7 @@ corenet_udp_sendrecv_all_nodes(postfix_master_t)
 corenet_raw_sendrecv_all_nodes(postfix_master_t)
 corenet_tcp_sendrecv_all_ports(postfix_master_t)
 corenet_udp_sendrecv_all_ports(postfix_master_t)
+corenet_non_ipsec_sendrecv(postfix_master_t)
 corenet_tcp_bind_all_nodes(postfix_master_t)
 corenet_udp_bind_all_nodes(postfix_master_t)
 corenet_tcp_bind_amavisd_send_port(postfix_master_t)
@@ -309,10 +310,11 @@ corenet_raw_sendrecv_all_if(postfix_map_t)
 corenet_tcp_sendrecv_all_nodes(postfix_map_t)
 corenet_udp_sendrecv_all_nodes(postfix_map_t)
 corenet_raw_sendrecv_all_nodes(postfix_map_t)
-corenet_tcp_bind_all_nodes(postfix_map_t)
-corenet_udp_bind_all_nodes(postfix_map_t)
 corenet_tcp_sendrecv_all_ports(postfix_map_t)
 corenet_udp_sendrecv_all_ports(postfix_map_t)
+corenet_non_ipsec_sendrecv(postfix_map_t)
+corenet_tcp_bind_all_nodes(postfix_map_t)
+corenet_udp_bind_all_nodes(postfix_map_t)
 corenet_tcp_connect_all_ports(postfix_map_t)
 
 corecmd_list_bin(postfix_map_t)
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index fad6075c5..a89c5bba4 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -1,5 +1,5 @@
 
-policy_module(postgresql,1.0)
+policy_module(postgresql,1.0.1)
 
 #################################
 #
@@ -92,6 +92,7 @@ corenet_udp_sendrecv_all_nodes(postgresql_t)
 corenet_raw_sendrecv_all_nodes(postgresql_t)
 corenet_tcp_sendrecv_all_ports(postgresql_t)
 corenet_udp_sendrecv_all_ports(postgresql_t)
+corenet_non_ipsec_sendrecv(postgresql_t)
 corenet_tcp_bind_all_nodes(postgresql_t)
 corenet_udp_bind_all_nodes(postgresql_t)
 corenet_tcp_bind_postgresql_port(postgresql_t)
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index 3f55df5fd..3fdaafd7b 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
 
-policy_module(ppp,1.0)
+policy_module(ppp,1.0.1)
 
 ########################################
 #
@@ -125,6 +125,7 @@ corenet_raw_sendrecv_all_nodes(pppd_t)
 corenet_udp_sendrecv_all_nodes(pppd_t)
 corenet_tcp_sendrecv_all_ports(pppd_t)
 corenet_udp_sendrecv_all_ports(pppd_t)
+corenet_non_ipsec_sendrecv(pppd_t)
 corenet_tcp_bind_all_nodes(pppd_t)
 corenet_udp_bind_all_nodes(pppd_t)
 # Access /dev/ppp.
@@ -265,6 +266,7 @@ corenet_raw_sendrecv_all_if(pptp_t)
 corenet_tcp_sendrecv_all_nodes(pptp_t)
 corenet_raw_sendrecv_all_nodes(pptp_t)
 corenet_tcp_sendrecv_all_ports(pptp_t)
+corenet_non_ipsec_sendrecv(pptp_t)
 corenet_tcp_bind_all_nodes(pptp_t)
 corenet_tcp_connect_generic_port(pptp_t)
 corenet_tcp_connect_all_reserved_ports(pptp_t)
diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te
index 5b2780c50..e791b628c 100644
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@@ -1,5 +1,5 @@
 
-policy_module(privoxy,1.0.1)
+policy_module(privoxy,1.0.2)
 
 ########################################
 #
@@ -47,6 +47,7 @@ corenet_raw_sendrecv_all_if(privoxy_t)
 corenet_tcp_sendrecv_all_nodes(privoxy_t)
 corenet_raw_sendrecv_all_nodes(privoxy_t)
 corenet_tcp_sendrecv_all_ports(privoxy_t)
+corenet_non_ipsec_sendrecv(privoxy_t)
 corenet_tcp_bind_http_cache_port(privoxy_t)
 corenet_tcp_connect_http_port(privoxy_t)
 corenet_tcp_connect_ftp_port(privoxy_t)
diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te
index 386231656..6b1038c23 100644
--- a/refpolicy/policy/modules/services/procmail.te
+++ b/refpolicy/policy/modules/services/procmail.te
@@ -1,5 +1,5 @@
 
-policy_module(procmail,1.0.1)
+policy_module(procmail,1.0.2)
 
 ########################################
 #
@@ -36,6 +36,7 @@ corenet_udp_sendrecv_all_nodes(procmail_t)
 corenet_raw_sendrecv_all_nodes(procmail_t)
 corenet_tcp_sendrecv_all_ports(procmail_t)
 corenet_udp_sendrecv_all_ports(procmail_t)
+corenet_non_ipsec_sendrecv(procmail_t)
 corenet_tcp_bind_all_nodes(procmail_t)
 corenet_udp_bind_all_nodes(procmail_t)
 corenet_tcp_connect_spamd_port(procmail_t)
diff --git a/refpolicy/policy/modules/services/radius.te b/refpolicy/policy/modules/services/radius.te
index e115360ed..dfddca68d 100644
--- a/refpolicy/policy/modules/services/radius.te
+++ b/refpolicy/policy/modules/services/radius.te
@@ -56,10 +56,11 @@ corenet_raw_sendrecv_all_if(radiusd_t)
 corenet_tcp_sendrecv_all_nodes(radiusd_t)
 corenet_udp_sendrecv_all_nodes(radiusd_t)
 corenet_raw_sendrecv_all_nodes(radiusd_t)
-corenet_tcp_bind_all_nodes(radiusd_t)
-corenet_udp_bind_all_nodes(radiusd_t)
 corenet_tcp_sendrecv_all_ports(radiusd_t)
 corenet_udp_sendrecv_all_ports(radiusd_t)
+corenet_non_ipsec_sendrecv(radiusd_t)
+corenet_tcp_bind_all_nodes(radiusd_t)
+corenet_udp_bind_all_nodes(radiusd_t)
 corenet_udp_bind_radacct_port(radiusd_t)
 corenet_udp_bind_radius_port(radiusd_t)
 # for RADIUS proxy port
diff --git a/refpolicy/policy/modules/services/radvd.te b/refpolicy/policy/modules/services/radvd.te
index b5b07b2e0..6af803990 100644
--- a/refpolicy/policy/modules/services/radvd.te
+++ b/refpolicy/policy/modules/services/radvd.te
@@ -1,5 +1,5 @@
 
-policy_module(radvd,1.0)
+policy_module(radvd,1.0.1)
 
 ########################################
 #
@@ -47,6 +47,7 @@ corenet_udp_sendrecv_all_nodes(radvd_t)
 corenet_raw_sendrecv_all_nodes(radvd_t)
 corenet_tcp_sendrecv_all_ports(radvd_t)
 corenet_udp_sendrecv_all_ports(radvd_t)
+corenet_non_ipsec_sendrecv(radvd_t)
 corenet_tcp_bind_all_nodes(radvd_t)
 corenet_udp_bind_all_nodes(radvd_t)
 
diff --git a/refpolicy/policy/modules/services/rdisc.te b/refpolicy/policy/modules/services/rdisc.te
index 97c573bc7..873b86fc1 100644
--- a/refpolicy/policy/modules/services/rdisc.te
+++ b/refpolicy/policy/modules/services/rdisc.te
@@ -1,5 +1,5 @@
 
-policy_module(rdisc,1.0.0)
+policy_module(rdisc,1.0.1)
 
 ########################################
 #
@@ -31,6 +31,7 @@ corenet_raw_sendrecv_generic_if(rdisc_t)
 corenet_udp_sendrecv_all_nodes(rdisc_t)
 corenet_raw_sendrecv_all_nodes(rdisc_t)
 corenet_udp_sendrecv_all_ports(rdisc_t)
+corenet_non_ipsec_sendrecv(rdisc_t)
 corenet_udp_bind_all_nodes(rdisc_t)
 
 dev_read_sysfs(rdisc_t)
diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te
index 2b284e46b..bf05a199b 100644
--- a/refpolicy/policy/modules/services/rlogin.te
+++ b/refpolicy/policy/modules/services/rlogin.te
@@ -1,5 +1,5 @@
 
-policy_module(rlogin,1.0)
+policy_module(rlogin,1.0.1)
 
 ########################################
 #
@@ -59,6 +59,7 @@ corenet_udp_sendrecv_all_nodes(rlogind_t)
 corenet_raw_sendrecv_all_nodes(rlogind_t)
 corenet_tcp_sendrecv_all_ports(rlogind_t)
 corenet_udp_sendrecv_all_ports(rlogind_t)
+corenet_non_ipsec_sendrecv(rlogind_t)
 corenet_tcp_bind_all_nodes(rlogind_t)
 corenet_udp_bind_all_nodes(rlogind_t)
 
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index da50403d0..50ba3a311 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -58,6 +58,7 @@ template(`rpc_domain_template', `
 	corenet_raw_sendrecv_all_nodes($1_t)
 	corenet_tcp_sendrecv_all_ports($1_t)
 	corenet_udp_sendrecv_all_ports($1_t)
+	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_bind_all_nodes($1_t)
 	corenet_udp_bind_all_nodes($1_t)
 	corenet_tcp_bind_reserved_port($1_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index cb50dd59d..dd7df9078 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
 
-policy_module(rpc,1.0.2)
+policy_module(rpc,1.0.3)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/rshd.te b/refpolicy/policy/modules/services/rshd.te
index 2ebf6f0b7..87e8e12c2 100644
--- a/refpolicy/policy/modules/services/rshd.te
+++ b/refpolicy/policy/modules/services/rshd.te
@@ -1,5 +1,5 @@
 
-policy_module(rshd,1.0)
+policy_module(rshd,1.0.1)
 
 ########################################
 #
@@ -31,6 +31,7 @@ corenet_udp_sendrecv_all_nodes(rshd_t)
 corenet_raw_sendrecv_all_nodes(rshd_t)
 corenet_tcp_sendrecv_all_ports(rshd_t)
 corenet_udp_sendrecv_all_ports(rshd_t)
+corenet_non_ipsec_sendrecv(rshd_t)
 corenet_tcp_bind_all_nodes(rshd_t)
 corenet_tcp_bind_rsh_port(rshd_t)
 
diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te
index 57211caf8..94a560d94 100644
--- a/refpolicy/policy/modules/services/rsync.te
+++ b/refpolicy/policy/modules/services/rsync.te
@@ -1,5 +1,5 @@
 
-policy_module(rsync,1.0)
+policy_module(rsync,1.0.1)
 
 ########################################
 #
@@ -63,6 +63,7 @@ corenet_udp_sendrecv_all_nodes(rsync_t)
 corenet_raw_sendrecv_all_nodes(rsync_t)
 corenet_tcp_sendrecv_all_ports(rsync_t)
 corenet_udp_sendrecv_all_ports(rsync_t)
+corenet_non_ipsec_sendrecv(rsync_t)
 corenet_tcp_bind_all_nodes(rsync_t)
 corenet_udp_bind_all_nodes(rsync_t)
 
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index f4536be7d..06eea35f7 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -1,5 +1,5 @@
 
-policy_module(samba,1.0)
+policy_module(samba,1.0.1)
 
 #################################
 #
@@ -108,6 +108,7 @@ corenet_udp_sendrecv_all_nodes(samba_net_t)
 corenet_raw_sendrecv_all_nodes(samba_net_t)
 corenet_tcp_sendrecv_all_ports(samba_net_t)
 corenet_udp_sendrecv_all_ports(samba_net_t)
+corenet_non_ipsec_sendrecv(samba_net_t)
 corenet_tcp_bind_all_nodes(samba_net_t)
 corenet_udp_bind_all_nodes(samba_net_t)
 corenet_tcp_connect_smbd_port(samba_net_t)
@@ -145,6 +146,7 @@ optional_policy(`ldap',`
 	corenet_tcp_sendrecv_all_nodes(samba_net_t)
 	corenet_raw_sendrecv_all_nodes(samba_net_t)
 	corenet_tcp_sendrecv_ldap_port(samba_net_t)
+	corenet_non_ipsec_sendrecv(samba_net_t)
 	corenet_tcp_bind_all_nodes(samba_net_t)
 	sysnet_read_config(samba_net_t)
 ')
@@ -225,6 +227,7 @@ corenet_udp_sendrecv_all_nodes(smbd_t)
 corenet_raw_sendrecv_all_nodes(smbd_t)
 corenet_tcp_sendrecv_all_ports(smbd_t)
 corenet_udp_sendrecv_all_ports(smbd_t)
+corenet_non_ipsec_sendrecv(smbd_t)
 corenet_tcp_bind_all_nodes(smbd_t)
 corenet_udp_bind_all_nodes(smbd_t)
 corenet_tcp_bind_smbd_port(smbd_t)
@@ -370,6 +373,7 @@ corenet_udp_sendrecv_all_nodes(nmbd_t)
 corenet_raw_sendrecv_all_nodes(nmbd_t)
 corenet_tcp_sendrecv_all_ports(nmbd_t)
 corenet_udp_sendrecv_all_ports(nmbd_t)
+corenet_non_ipsec_sendrecv(nmbd_t)
 corenet_tcp_bind_all_nodes(nmbd_t)
 corenet_udp_bind_all_nodes(nmbd_t)
 corenet_udp_bind_nmbd_port(nmbd_t)
@@ -458,6 +462,7 @@ corenet_raw_sendrecv_all_nodes(smbmount_t)
 corenet_udp_sendrecv_all_nodes(smbmount_t)
 corenet_tcp_sendrecv_all_ports(smbmount_t)
 corenet_udp_sendrecv_all_ports(smbmount_t)
+corenet_non_ipsec_sendrecv(smbmount_t)
 corenet_tcp_bind_all_nodes(smbmount_t)
 corenet_udp_bind_all_nodes(smbmount_t)
 corenet_tcp_connect_all_ports(smbmount_t)
@@ -567,6 +572,7 @@ corenet_udp_sendrecv_all_nodes(winbind_t)
 corenet_raw_sendrecv_all_nodes(winbind_t)
 corenet_tcp_sendrecv_all_ports(winbind_t)
 corenet_udp_sendrecv_all_ports(winbind_t)
+corenet_non_ipsec_sendrecv(winbind_t)
 corenet_tcp_bind_all_nodes(winbind_t)
 corenet_udp_bind_all_nodes(winbind_t)
 corenet_tcp_connect_smbd_port(winbind_t)
diff --git a/refpolicy/policy/modules/services/sasl.te b/refpolicy/policy/modules/services/sasl.te
index 2baadce89..c81a934a7 100644
--- a/refpolicy/policy/modules/services/sasl.te
+++ b/refpolicy/policy/modules/services/sasl.te
@@ -1,5 +1,5 @@
 
-policy_module(sasl,1.0.1)
+policy_module(sasl,1.0.2)
 
 ########################################
 #
@@ -38,6 +38,7 @@ corenet_raw_sendrecv_all_if(saslauthd_t)
 corenet_tcp_sendrecv_all_nodes(saslauthd_t)
 corenet_raw_sendrecv_all_nodes(saslauthd_t)
 corenet_tcp_sendrecv_all_ports(saslauthd_t)
+corenet_non_ipsec_sendrecv(saslauthd_t)
 corenet_tcp_bind_all_nodes(saslauthd_t)
 corenet_tcp_connect_pop_port(saslauthd_t)
 
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index 593d14fd9..02533606a 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -1,5 +1,5 @@
 
-policy_module(sendmail,1.0)
+policy_module(sendmail,1.0.1)
 
 ########################################
 #
@@ -51,6 +51,7 @@ corenet_raw_sendrecv_all_nodes(sendmail_t)
 corenet_udp_sendrecv_all_nodes(sendmail_t)
 corenet_tcp_sendrecv_all_ports(sendmail_t)
 corenet_udp_sendrecv_all_ports(sendmail_t)
+corenet_non_ipsec_sendrecv(sendmail_t)
 corenet_tcp_bind_all_nodes(sendmail_t)
 corenet_udp_bind_all_nodes(sendmail_t)
 corenet_tcp_bind_smtp_port(sendmail_t)
diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te
index a7ed81b98..9bd0b0997 100644
--- a/refpolicy/policy/modules/services/snmp.te
+++ b/refpolicy/policy/modules/services/snmp.te
@@ -1,5 +1,5 @@
 
-policy_module(snmp,1.0.2)
+policy_module(snmp,1.0.3)
 
 ########################################
 #
@@ -68,6 +68,7 @@ corenet_udp_sendrecv_all_nodes(snmpd_t)
 corenet_raw_sendrecv_all_nodes(snmpd_t)
 corenet_tcp_sendrecv_all_ports(snmpd_t)
 corenet_udp_sendrecv_all_ports(snmpd_t)
+corenet_non_ipsec_sendrecv(snmpd_t)
 corenet_tcp_bind_all_nodes(snmpd_t)
 corenet_udp_bind_all_nodes(snmpd_t)
 corenet_tcp_bind_snmp_port(snmpd_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.if b/refpolicy/policy/modules/services/spamassassin.if
index 83179b8e3..589ae5213 100644
--- a/refpolicy/policy/modules/services/spamassassin.if
+++ b/refpolicy/policy/modules/services/spamassassin.if
@@ -100,6 +100,7 @@ template(`spamassassin_per_userdomain_template',`
 	corenet_raw_sendrecv_all_nodes($1_spamc_t)
 	corenet_tcp_sendrecv_all_ports($1_spamc_t)
 	corenet_udp_sendrecv_all_ports($1_spamc_t)
+	corenet_non_ipsec_sendrecv($1_spamc_t)
 	corenet_tcp_bind_all_nodes($1_spamc_t)
 	corenet_udp_bind_all_nodes($1_spamc_t)
 	corenet_tcp_connect_all_ports($1_spamc_t)
@@ -282,6 +283,7 @@ template(`spamassassin_per_userdomain_template',`
 		corenet_raw_sendrecv_all_nodes($1_spamassassin_t)
 		corenet_tcp_sendrecv_all_ports($1_spamassassin_t)
 		corenet_udp_sendrecv_all_ports($1_spamassassin_t)
+		corenet_non_ipsec_sendrecv($1_spamassassin_t)
 		corenet_tcp_bind_all_nodes($1_spamassassin_t)
 		corenet_udp_bind_all_nodes($1_spamassassin_t)
 		corenet_tcp_connect_all_ports($1_spamassassin_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te
index f58f94019..ba7b4673d 100644
--- a/refpolicy/policy/modules/services/spamassassin.te
+++ b/refpolicy/policy/modules/services/spamassassin.te
@@ -1,5 +1,5 @@
 
-policy_module(spamassassin,1.0.0)
+policy_module(spamassassin,1.0.1)
 
 ########################################
 #
@@ -69,6 +69,7 @@ corenet_udp_sendrecv_all_nodes(spamd_t)
 corenet_raw_sendrecv_all_nodes(spamd_t)
 corenet_tcp_sendrecv_all_ports(spamd_t)
 corenet_udp_sendrecv_all_ports(spamd_t)
+corenet_non_ipsec_sendrecv(spamd_t)
 corenet_tcp_bind_all_nodes(spamd_t)
 corenet_udp_bind_all_nodes(spamd_t)
 corenet_tcp_bind_spamd_port(spamd_t)
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index f4cc464f3..f4dfdec30 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -1,5 +1,5 @@
 
-policy_module(squid,1.0)
+policy_module(squid,1.0.1)
 
 ########################################
 #
@@ -78,6 +78,7 @@ corenet_udp_sendrecv_all_nodes(squid_t)
 corenet_raw_sendrecv_all_nodes(squid_t)
 corenet_tcp_sendrecv_all_ports(squid_t)
 corenet_udp_sendrecv_all_ports(squid_t)
+corenet_non_ipsec_sendrecv(squid_t)
 corenet_tcp_bind_all_nodes(squid_t)
 corenet_udp_bind_all_nodes(squid_t)
 corenet_tcp_bind_http_cache_port(squid_t)
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index 5ca043f37..f804d88b0 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -123,6 +123,7 @@ template(`ssh_per_userdomain_template',`
 	corenet_tcp_sendrecv_all_nodes($1_ssh_t)
 	corenet_raw_sendrecv_all_nodes($1_ssh_t)
 	corenet_tcp_sendrecv_all_ports($1_ssh_t)
+	corenet_non_ipsec_sendrecv($1_ssh_t)
 	corenet_tcp_bind_all_nodes($1_ssh_t)
 	corenet_tcp_connect_ssh_port($1_ssh_t)
 
@@ -437,6 +438,7 @@ template(`ssh_server_template', `
 	corenet_raw_sendrecv_all_nodes($1_t)
 	corenet_udp_sendrecv_all_ports($1_t)
 	corenet_tcp_sendrecv_all_ports($1_t)
+	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_bind_all_nodes($1_t)
 	corenet_udp_bind_all_nodes($1_t)
 	corenet_tcp_connect_all_ports($1_t)
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index d7b84d794..391a98951 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -1,5 +1,5 @@
 
-policy_module(ssh,1.0)
+policy_module(ssh,1.0.1)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/stunnel.te b/refpolicy/policy/modules/services/stunnel.te
index f274d294b..b2c0c5553 100644
--- a/refpolicy/policy/modules/services/stunnel.te
+++ b/refpolicy/policy/modules/services/stunnel.te
@@ -1,5 +1,5 @@
 
-policy_module(stunnel,1.0)
+policy_module(stunnel,1.0.1)
 
 ########################################
 #
@@ -63,6 +63,7 @@ corenet_udp_sendrecv_all_nodes(stunnel_t)
 corenet_raw_sendrecv_all_nodes(stunnel_t)
 corenet_tcp_sendrecv_all_ports(stunnel_t)
 corenet_udp_sendrecv_all_ports(stunnel_t)
+corenet_non_ipsec_sendrecv(stunnel_t)
 corenet_tcp_bind_all_nodes(stunnel_t)
 corenet_udp_bind_all_nodes(stunnel_t)
 #corenet_tcp_bind_stunnel_port(stunnel_t)
diff --git a/refpolicy/policy/modules/services/tcpd.te b/refpolicy/policy/modules/services/tcpd.te
index fea27843d..e8d843ec6 100644
--- a/refpolicy/policy/modules/services/tcpd.te
+++ b/refpolicy/policy/modules/services/tcpd.te
@@ -28,6 +28,7 @@ corenet_tcp_sendrecv_all_if(tcpd_t)
 corenet_raw_sendrecv_all_nodes(tcpd_t)
 corenet_tcp_sendrecv_all_nodes(tcpd_t)
 corenet_tcp_sendrecv_all_ports(tcpd_t)
+corenet_non_ipsec_sendrecv(tcpd_t)
 corenet_tcp_bind_all_nodes(tcpd_t)
 
 fs_getattr_xattr_fs(tcpd_t)
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index 85a20c466..814832a13 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -1,5 +1,5 @@
 
-policy_module(telnet,1.0)
+policy_module(telnet,1.0.1)
 
 ########################################
 #
@@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(telnetd_t)
 corenet_raw_sendrecv_all_nodes(telnetd_t)
 corenet_tcp_sendrecv_all_ports(telnetd_t)
 corenet_udp_sendrecv_all_ports(telnetd_t)
+corenet_non_ipsec_sendrecv(telnetd_t)
 corenet_tcp_bind_all_nodes(telnetd_t)
 corenet_udp_bind_all_nodes(telnetd_t)
 
diff --git a/refpolicy/policy/modules/services/tftp.te b/refpolicy/policy/modules/services/tftp.te
index af3268fdc..fddd1666b 100644
--- a/refpolicy/policy/modules/services/tftp.te
+++ b/refpolicy/policy/modules/services/tftp.te
@@ -1,5 +1,5 @@
 
-policy_module(tftp,1.0)
+policy_module(tftp,1.0.1)
 
 ########################################
 #
@@ -49,6 +49,7 @@ corenet_udp_sendrecv_all_nodes(tftpd_t)
 corenet_raw_sendrecv_all_nodes(tftpd_t)
 corenet_tcp_sendrecv_all_ports(tftpd_t)
 corenet_udp_sendrecv_all_ports(tftpd_t)
+corenet_non_ipsec_sendrecv(tftpd_t)
 corenet_tcp_bind_all_nodes(tftpd_t)
 corenet_udp_bind_all_nodes(tftpd_t)
 corenet_udp_bind_tftp_port(tftpd_t)
diff --git a/refpolicy/policy/modules/services/timidity.te b/refpolicy/policy/modules/services/timidity.te
index 214c69dfd..70905d54c 100644
--- a/refpolicy/policy/modules/services/timidity.te
+++ b/refpolicy/policy/modules/services/timidity.te
@@ -1,5 +1,5 @@
 
-policy_module(timidity,1.0.0)
+policy_module(timidity,1.0.1)
 
 # Note: You only need this policy if you want to run timidity as a server
 
@@ -47,6 +47,7 @@ corenet_udp_sendrecv_all_nodes(timidity_t)
 corenet_raw_sendrecv_all_nodes(timidity_t)
 corenet_tcp_sendrecv_all_ports(timidity_t)
 corenet_udp_sendrecv_all_ports(timidity_t)
+corenet_non_ipsec_sendrecv(timidity_t)
 corenet_tcp_bind_all_nodes(timidity_t)
 corenet_udp_bind_all_nodes(timidity_t)
 
diff --git a/refpolicy/policy/modules/services/uucp.te b/refpolicy/policy/modules/services/uucp.te
index 27b822a42..262307e4e 100644
--- a/refpolicy/policy/modules/services/uucp.te
+++ b/refpolicy/policy/modules/services/uucp.te
@@ -1,5 +1,5 @@
 
-policy_module(uucp,1.0)
+policy_module(uucp,1.0.1)
 
 ########################################
 #
@@ -75,6 +75,7 @@ corenet_udp_sendrecv_all_nodes(uucpd_t)
 corenet_raw_sendrecv_all_nodes(uucpd_t)
 corenet_tcp_sendrecv_all_ports(uucpd_t)
 corenet_udp_sendrecv_all_ports(uucpd_t)
+corenet_non_ipsec_sendrecv(uucpd_t)
 corenet_tcp_bind_all_nodes(uucpd_t)
 corenet_udp_bind_all_nodes(uucpd_t)
 
diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te
index f08ecdf4a..0ef18e6a2 100644
--- a/refpolicy/policy/modules/services/zebra.te
+++ b/refpolicy/policy/modules/services/zebra.te
@@ -1,5 +1,5 @@
 
-policy_module(zebra,1.0.1)
+policy_module(zebra,1.0.2)
 
 ########################################
 #
@@ -69,6 +69,7 @@ corenet_udp_sendrecv_all_nodes(zebra_t)
 corenet_raw_sendrecv_all_nodes(zebra_t)
 corenet_tcp_sendrecv_all_ports(zebra_t)
 corenet_udp_sendrecv_all_ports(zebra_t)
+corenet_non_ipsec_sendrecv(zebra_t)
 corenet_tcp_bind_all_nodes(zebra_t)
 corenet_udp_bind_all_nodes(zebra_t)
 corenet_tcp_bind_zebra_port(zebra_t)
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 675d03917..22b0fe518 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -1,5 +1,5 @@
 
-policy_module(hotplug,1.0.1)
+policy_module(hotplug,1.0.2)
 
 ########################################
 #
@@ -61,6 +61,7 @@ corenet_udp_sendrecv_all_nodes(hotplug_t)
 corenet_raw_sendrecv_all_nodes(hotplug_t)
 corenet_tcp_sendrecv_all_ports(hotplug_t)
 corenet_udp_sendrecv_all_ports(hotplug_t)
+corenet_non_ipsec_sendrecv(hotplug_t)
 corenet_tcp_bind_all_nodes(hotplug_t)
 corenet_udp_bind_all_nodes(hotplug_t)
 
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 72b8312b5..f5b856dae 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init,1.0.3)
+policy_module(init,1.0.4)
 
 gen_require(`
 	class passwd rootok;
@@ -257,6 +257,7 @@ corenet_raw_sendrecv_all_nodes(initrc_t)
 corenet_udp_sendrecv_all_nodes(initrc_t)
 corenet_tcp_sendrecv_all_ports(initrc_t)
 corenet_udp_sendrecv_all_ports(initrc_t)
+corenet_non_ipsec_sendrecv(initrc_t)
 corenet_tcp_bind_all_nodes(initrc_t)
 corenet_udp_bind_all_nodes(initrc_t)
 corenet_tcp_connect_all_ports(initrc_t)
diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te
index cc6d402b5..331dda55e 100644
--- a/refpolicy/policy/modules/system/ipsec.te
+++ b/refpolicy/policy/modules/system/ipsec.te
@@ -1,5 +1,5 @@
 
-policy_module(ipsec,1.0)
+policy_module(ipsec,1.0.1)
 
 ########################################
 #
@@ -87,6 +87,7 @@ corenet_raw_sendrecv_all_if(ipsec_t)
 corenet_tcp_sendrecv_all_nodes(ipsec_t)
 corenet_raw_sendrecv_all_nodes(ipsec_t)
 corenet_tcp_sendrecv_all_ports(ipsec_t)
+corenet_non_ipsec_sendrecv(ipsec_t)
 corenet_tcp_bind_all_nodes(ipsec_t)
 corenet_udp_bind_reserved_port(ipsec_t)
 corenet_udp_bind_isakmp_port(ipsec_t)
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 295199582..aac062559 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
 
-policy_module(logging,1.0.2)
+policy_module(logging,1.0.3)
 
 ########################################
 #
@@ -313,6 +313,7 @@ corenet_udp_sendrecv_all_if(syslogd_t)
 corenet_raw_sendrecv_all_nodes(syslogd_t)
 corenet_udp_sendrecv_all_nodes(syslogd_t)
 corenet_udp_sendrecv_all_ports(syslogd_t)
+corenet_non_ipsec_sendrecv(syslogd_t)
 corenet_udp_bind_all_nodes(syslogd_t)
 corenet_tcp_bind_syslogd_port(syslogd_t)
 #cjp: why?
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index 6fadbbcb4..ed7c016fc 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -1,5 +1,5 @@
 
-policy_module(lvm,1.0)
+policy_module(lvm,1.0.1)
 
 ########################################
 #
@@ -65,6 +65,7 @@ corenet_udp_sendrecv_all_nodes(clvmd_t)
 corenet_raw_sendrecv_all_nodes(clvmd_t)
 corenet_tcp_sendrecv_all_ports(clvmd_t)
 corenet_udp_sendrecv_all_ports(clvmd_t)
+corenet_non_ipsec_sendrecv(clvmd_t)
 corenet_tcp_bind_all_nodes(clvmd_t)
 corenet_udp_bind_all_nodes(clvmd_t)
 corenet_tcp_bind_reserved_port(clvmd_t)
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index 82ae9be62..9c724baaa 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -1,5 +1,5 @@
 
-policy_module(mount,1.0)
+policy_module(mount,1.0.1)
 
 ########################################
 #
@@ -106,6 +106,7 @@ optional_policy(`portmap',`
 	corenet_udp_sendrecv_all_nodes(mount_t)
 	corenet_tcp_sendrecv_all_ports(mount_t)
 	corenet_udp_sendrecv_all_ports(mount_t)
+	corenet_non_ipsec_sendrecv(mount_t)
 	corenet_tcp_bind_all_nodes(mount_t)
 	corenet_udp_bind_all_nodes(mount_t)
 	corenet_tcp_bind_generic_port(mount_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 6ecf59d7c..9b0a23499 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -440,6 +440,7 @@ interface(`sysnet_dns_name_resolve',`
 	corenet_raw_sendrecv_all_nodes($1)
 	corenet_tcp_sendrecv_dns_port($1)
 	corenet_udp_sendrecv_dns_port($1)
+	corenet_non_ipsec_sendrecv($1)
 	corenet_tcp_bind_all_nodes($1)
 	corenet_udp_bind_all_nodes($1)
 	corenet_tcp_connect_dns_port($1)
@@ -468,6 +469,7 @@ interface(`sysnet_use_ldap',`
 	corenet_tcp_sendrecv_all_nodes($1)
 	corenet_raw_sendrecv_all_nodes($1)
 	corenet_tcp_sendrecv_ldap_port($1)
+	corenet_non_ipsec_sendrecv($1)
 	corenet_tcp_bind_all_nodes($1)
 	corenet_tcp_connect_ldap_port($1)
 
@@ -499,6 +501,7 @@ interface(`sysnet_use_portmap',`
 	corenet_raw_sendrecv_all_nodes($1)
 	corenet_tcp_sendrecv_portmap_port($1)
 	corenet_udp_sendrecv_portmap_port($1)
+	corenet_non_ipsec_sendrecv($1)
 	corenet_tcp_bind_all_nodes($1)
 	corenet_udp_bind_all_nodes($1)
 	corenet_tcp_connect_portmap_port($1)
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 302ae6d86..175bb3bb6 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -1,5 +1,5 @@
 
-policy_module(sysnetwork,1.0.3)
+policy_module(sysnetwork,1.0.4)
 
 ########################################
 #
@@ -99,6 +99,7 @@ corenet_raw_sendrecv_all_nodes(dhcpc_t)
 corenet_udp_sendrecv_all_nodes(dhcpc_t)
 corenet_tcp_sendrecv_all_ports(dhcpc_t)
 corenet_udp_sendrecv_all_ports(dhcpc_t)
+corenet_non_ipsec_sendrecv(dhcpc_t)
 corenet_tcp_bind_all_nodes(dhcpc_t)
 corenet_udp_bind_all_nodes(dhcpc_t)
 corenet_udp_bind_dhcpc_port(dhcpc_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 9167d6953..53d45a34b 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -173,6 +173,7 @@ template(`base_user_template',`
 	corenet_udp_sendrecv_all_nodes($1_t)
 	corenet_tcp_sendrecv_all_ports($1_t)
 	corenet_udp_sendrecv_all_ports($1_t)
+	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_bind_all_nodes($1_t)
 	corenet_udp_bind_all_nodes($1_t)
 	corenet_udp_bind_generic_port($1_t)
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 6c228fa8f..7c66a13b7 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
 
-policy_module(userdomain,1.0.6)
+policy_module(userdomain,1.0.7)
 
 gen_require(`
 	role sysadm_r, staff_r, user_r;