--- nsaserefpolicy/policy/modules/services/privoxy.fc	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/privoxy.fc	2008-08-14 13:53:54.000000000 -0400
@@ -1,6 +1,10 @@
 
 /etc/privoxy/user\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
+/etc/privoxy/default\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
 
 /usr/sbin/privoxy	--	gen_context(system_u:object_r:privoxy_exec_t,s0)
 
 /var/log/privoxy(/.*)?		gen_context(system_u:object_r:privoxy_log_t,s0)
+
+/etc/rc.d/init.d/privoxy --	gen_context(system_u:object_r:privoxy_script_exec_t,s0)
+
--- nsaserefpolicy/policy/modules/services/privoxy.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/privoxy.if	2008-08-14 13:53:54.000000000 -0400
@@ -2,6 +2,25 @@
 
 ########################################
 ## <summary>
+##	Execute privoxy server in the privoxy domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+#
+interface(`privoxy_script_domtrans',`
+	gen_require(`
+		type privoxy_script_exec_t;
+	')
+
+	init_script_domtrans_spec($1, privoxy_script_exec_t)
+')
+
+########################################
+## <summary>
 ##	All of the rules required to administrate 
 ##	an privoxy environment
 ## </summary>
@@ -16,17 +35,24 @@
 	gen_require(`
 		type privoxy_t, privoxy_log_t;
 		type privoxy_etc_rw_t, privoxy_var_run_t;
+		type privoxy_script_exec_t;
 	')
 
 	allow $1 privoxy_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, privoxy_t)
 
+	# Allow privoxy_t to restart the apache service
+	privoxy_script_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 privoxy_script_exec_t system_r;
+	allow $2 system_r;
+
 	logging_list_logs($1)
-	manage_files_pattern($1, privoxy_log_t, privoxy_log_t)
+        admin_pattern($1, privoxy_log_t)
 
 	files_list_etc($1)
-	manage_files_pattern($1, privoxy_etc_rw_t, privoxy_etc_rw_t)
+	admin_pattern($1, privoxy_etc_rw_t)
 
 	files_list_pids($1)
-	manage_files_pattern($1, privoxy_var_run_t, privoxy_var_run_t)
+        admin_pattern($1, privoxy_var_run_t)
 ')
--- nsaserefpolicy/policy/modules/services/privoxy.te	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/privoxy.te	2008-08-14 13:53:54.000000000 -0400
@@ -19,6 +19,9 @@
 type privoxy_var_run_t;
 files_pid_file(privoxy_var_run_t)
 
+type privoxy_script_exec_t;
+init_script_type(privoxy_script_exec_t)
+
 ########################################
 #
 # Local Policy
@@ -50,6 +53,7 @@
 corenet_tcp_connect_http_port(privoxy_t)
 corenet_tcp_connect_http_cache_port(privoxy_t)
 corenet_tcp_connect_ftp_port(privoxy_t)
+corenet_tcp_connect_pgpkeyserver_port(privoxy_t)
 corenet_tcp_connect_tor_port(privoxy_t)
 corenet_sendrecv_http_cache_client_packets(privoxy_t)
 corenet_sendrecv_http_cache_server_packets(privoxy_t)