--- nsaserefpolicy/policy/modules/services/tor.fc	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/tor.fc	2008-08-14 13:53:54.000000000 -0400
@@ -6,3 +6,5 @@
 /var/lib/tor(/.*)?		gen_context(system_u:object_r:tor_var_lib_t,s0)
 /var/log/tor(/.*)?		gen_context(system_u:object_r:tor_var_log_t,s0)
 /var/run/tor(/.*)?		gen_context(system_u:object_r:tor_var_run_t,s0)
+
+/etc/rc.d/init.d/tor	--	gen_context(system_u:object_r:tor_script_exec_t,s0)
--- nsaserefpolicy/policy/modules/services/tor.if	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/tor.if	2008-08-14 13:53:54.000000000 -0400
@@ -20,6 +20,25 @@
 
 ########################################
 ## <summary>
+##	Execute tor server in the tor domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+#
+interface(`tor_script_domtrans',`
+	gen_require(`
+		type tor_script_exec_t;
+	')
+
+	init_script_domtrans_spec($1, tor_script_exec_t)
+')
+
+########################################
+## <summary>
 ##	All of the rules required to administrate 
 ##	an tor environment
 ## </summary>
@@ -34,20 +53,28 @@
 	gen_require(`
 		type tor_t, tor_var_log_t, tor_etc_t;
 		type tor_var_lib_t, tor_var_run_t;
+		type tor_script_exec_t;
 	')
 
 	allow $1 tor_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, tor_t)
 	        
+	# Allow tor_t to restart the apache service
+	tor_script_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 tor_script_exec_t system_r;
+	allow $2 system_r;
+
 	logging_list_logs($1)
-	manage_files_pattern($1, tor_var_log_t, tor_var_log_t)
+        admin_pattern($1, tor_var_log_t)
 
 	files_list_etc($1)
-	manage_files_pattern($1, tor_etc_t, tor_etc_t)
+	admin_pattern($1, tor_etc_t)
 
 	files_list_var_lib($1)
-	manage_files_pattern($1, tor_var_lib_t, tor_var_lib_t)
+        admin_pattern($1, tor_var_lib_t)
 
 	files_list_pids($1)
-	manage_files_pattern($1, tor_var_run_t, tor_var_run_t)
+        admin_pattern($1, tor_var_run_t)
 ')
+
--- nsaserefpolicy/policy/modules/services/tor.te	2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/tor.te	2008-08-14 13:53:54.000000000 -0400
@@ -26,11 +26,15 @@
 type tor_var_run_t;
 files_pid_file(tor_var_run_t)
 
+type tor_script_exec_t;
+init_script_type(tor_script_exec_t)
+
 ########################################
 #
 # tor local policy
 #
 
+allow tor_t self:capability { setgid setuid };
 allow tor_t self:fifo_file { read write };
 allow tor_t self:unix_stream_socket create_stream_socket_perms;
 allow tor_t self:netlink_route_socket r_netlink_socket_perms;
@@ -86,13 +90,13 @@
 files_read_etc_files(tor_t)
 files_read_etc_runtime_files(tor_t)
 
+auth_use_nsswitch(tor_t)
+
 libs_use_ld_so(tor_t)
 libs_use_shared_libs(tor_t)
 
 miscfiles_read_localization(tor_t)
 
-sysnet_dns_name_resolve(tor_t)
-
 optional_policy(`
 	seutil_sigchld_newrole(tor_t)
 ')