--- nsaserefpolicy/policy/modules/services/bitlbee.fc	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/bitlbee.fc	2008-08-14 13:53:54.000000000 -0400
@@ -1,3 +1,6 @@
 /usr/sbin/bitlbee	--	gen_context(system_u:object_r:bitlbee_exec_t,s0)
 /etc/bitlbee(/.*)?		gen_context(system_u:object_r:bitlbee_conf_t,s0)
 /var/lib/bitlbee(/.*)?		gen_context(system_u:object_r:bitlbee_var_t,s0)
+
+
+/etc/rc.d/init.d/bitlbee	--	gen_context(system_u:object_r:bitlbee_script_exec_t,s0)
--- nsaserefpolicy/policy/modules/services/bitlbee.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/bitlbee.if	2008-08-14 13:53:54.000000000 -0400
@@ -20,3 +20,70 @@
 	allow $1 bitlbee_conf_t:file { read getattr };
 ')
 
+
+########################################
+## <summary>
+##	Execute bitlbee server in the bitlbee domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+#
+interface(`bitlbee_script_domtrans',`
+	gen_require(`
+		type bitlbee_script_exec_t;
+	')
+
+	init_script_domtrans_spec($1, bitlbee_script_exec_t)
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate 
+##	an bitlbee environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed to manage the bitlbee domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the user terminal.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`bitlbee_admin',`
+	gen_require(`
+		type bitlbee_t;
+		type bitlbee_script_exec_t;
+		type bitlbee_conf_t;
+		type bitlbee_var_t;
+	')
+
+	allow $1 bitlbee_t:process { ptrace signal_perms getattr };
+	read_files_pattern($1, bitlbee_t, bitlbee_t)
+	        
+	# Allow bitlbee_t to restart the apache service
+	bitlbee_script_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 bitlbee_script_exec_t system_r;
+	allow $2 system_r;
+
+	files_list_etc($1)
+        admin_pattern($1, bitlbee_conf_t)
+
+	files_list_var($1)
+        admin_pattern($1, bitlbee_var_t)
+
+')
+
--- nsaserefpolicy/policy/modules/services/bitlbee.te	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/bitlbee.te	2008-08-14 13:53:54.000000000 -0400
@@ -17,6 +17,12 @@
 type bitlbee_var_t;
 files_type(bitlbee_var_t)
 
+type bitlbee_tmp_t;
+files_tmp_file(bitlbee_tmp_t)
+
+type bitlbee_script_exec_t;
+init_script_type(bitlbee_script_exec_t)
+
 ########################################
 #
 # Local policy
@@ -26,9 +32,15 @@
 allow bitlbee_t self:udp_socket create_socket_perms;
 allow bitlbee_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
 allow bitlbee_t self:unix_stream_socket create_stream_socket_perms;
+allow bitlbee_t self:fifo_file rw_fifo_file_perms;
+allow bitlbee_t self:process signal;
 
 bitlbee_read_config(bitlbee_t)
 
+# tmp files
+manage_files_pattern(bitlbee_t, bitlbee_tmp_t, bitlbee_tmp_t)
+files_tmp_filetrans(bitlbee_t, bitlbee_tmp_t, file)
+
 # user account information is read and edited at runtime; give the usual
 # r/w access to bitlbee_var_t
 manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t)
@@ -54,6 +66,12 @@
 corenet_tcp_connect_msnp_port(bitlbee_t)
 corenet_tcp_sendrecv_msnp_port(bitlbee_t)
 
+corenet_tcp_connect_http_port(bitlbee_t)
+corenet_tcp_sendrecv_http_port(bitlbee_t)
+
+dev_read_rand(bitlbee_t)
+dev_read_urand(bitlbee_t)
+
 files_read_etc_files(bitlbee_t)
 files_search_pids(bitlbee_t)
 # grant read-only access to the user help files
@@ -62,6 +80,8 @@
 libs_legacy_use_shared_libs(bitlbee_t)
 libs_use_ld_so(bitlbee_t)
 
+miscfiles_read_localization(bitlbee_t)
+
 sysnet_dns_name_resolve(bitlbee_t)
 
 optional_policy(`