--- nsaserefpolicy/policy/modules/services/ppp.fc	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/ppp.fc	2008-08-14 13:53:54.000000000 -0400
@@ -33,3 +33,5 @@
 
 /var/log/ppp-connect-errors.*	--	gen_context(system_u:object_r:pppd_log_t,s0)
 /var/log/ppp/.*			--	gen_context(system_u:object_r:pppd_log_t,s0)
+
+/etc/rc.d/init.d/ppp	--	gen_context(system_u:object_r:pppd_script_exec_t,s0)
--- nsaserefpolicy/policy/modules/services/ppp.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/ppp.if	2008-08-14 13:53:54.000000000 -0400
@@ -76,6 +76,24 @@
 
 ########################################
 ## <summary>
+##	Send a generic signull to PPP.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`ppp_signull',`
+	gen_require(`
+		type pppd_t;
+	')
+
+	allow $1 pppd_t:process signull;
+')
+
+########################################
+## <summary>
 ##	 Execute domain in the ppp domain.
 ## </summary>
 ## <param name="domain">
@@ -309,33 +327,36 @@
 		type pppd_etc_rw_t, pppd_var_run_t;
 
 		type pptp_t, pptp_log_t, pptp_var_run_t;
+ 		type pppd_script_exec_t;
 	')
 
 	allow $1 pppd_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, pppd_t)
 	        
 	files_list_tmp($1)
-	manage_files_pattern($1, pppd_tmp_t, pppd_tmp_t)
+	admin_pattern($1, pppd_tmp_t, pppd_tmp_t)
 
 	logging_list_logs($1)
-	manage_files_pattern($1, pppd_log_t, pppd_log_t)
+	admin_pattern($1, pppd_log_t, pppd_log_t)
 
-	manage_files_pattern($1, pppd_lock_t, pppd_lock_t)
+	admin_pattern($1, pppd_lock_t, pppd_lock_t)
 
 	files_list_etc($1)
-	manage_files_pattern($1, pppd_etc_t, pppd_etc_t)
+	admin_pattern($1, pppd_etc_t, pppd_etc_t)
+
+	admin_pattern($1, pppd_etc_rw_t, pppd_etc_rw_t)
 
-	manage_files_pattern($1, pppd_etc_rw_t, pppd_etc_rw_t)
+	admin_pattern($1, pppd_secret_t, pppd_secret_t)
 
-	manage_files_pattern($1, pppd_secret_t, pppd_secret_t)
+ 	admin_pattern($1, pppd_script_exec_t)
 
 	files_list_pids($1)
-	manage_files_pattern($1, pppd_var_run_t, pppd_var_run_t)
+	admin_pattern($1, pppd_var_run_t, pppd_var_run_t)
 
 	allow $1 pptp_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, pptp_t)
 
-	manage_files_pattern($1, pptp_log_t, pptp_log_t)
+	admin_pattern($1, pptp_log_t, pptp_log_t)
 
-	manage_files_pattern($1, pptp_var_run_t, pptp_var_run_t)
+	admin_pattern($1, pptp_var_run_t, pptp_var_run_t)
 ')
--- nsaserefpolicy/policy/modules/services/ppp.te	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/ppp.te	2008-08-14 13:53:54.000000000 -0400
@@ -71,7 +71,7 @@
 # PPPD Local policy
 #
 
-allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
+allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
 dontaudit pppd_t self:capability sys_tty_config;
 allow pppd_t self:process signal;
 allow pppd_t self:fifo_file rw_fifo_file_perms;
@@ -116,7 +116,7 @@
 
 kernel_read_kernel_sysctls(pppd_t)
 kernel_read_system_state(pppd_t)
-kernel_read_net_sysctls(pppd_t)
+kernel_rw_net_sysctls(pppd_t)
 kernel_read_network_state(pppd_t)
 kernel_load_module(pppd_t)
 
@@ -197,6 +197,12 @@
 
 optional_policy(`
 	mta_send_mail(pppd_t)
+	mta_mailcontent(pppd_etc_t)
+	mta_mailcontent(pppd_etc_rw_t)
+')
+
+optional_policy(`
+	networkmanager_signal(pppd_t)
 ')
 
 optional_policy(`
@@ -289,6 +295,14 @@
 ')
 
 optional_policy(`
+	dbus_system_domain(pppd_t, pppd_exec_t)
+
+	optional_policy(`
+		networkmanager_dbus_chat(pppd_t)
+	')
+')
+
+optional_policy(`
 	hostname_exec(pptp_t)
 ')