--- /usr/share/selinux/policy/default/macros/program/screen_macros.te	Sat May 24 22:07:24 2003
+++ screen_macros.te	Sat Jun 28 03:48:45 2003
@@ -22,6 +22,7 @@
 define(`screen_domain',`
 # Derived domain based on the calling user domain and the program.
 type $1_screen_t, domain, privlog, auth, privfd;
+type $1_home_screen_t, file_type, sysadmfile;
 
 allow $1_screen_t shadow_t:file { read getattr };
 
@@ -39,6 +40,10 @@
 # Inherit and use descriptors from gnome-pty-helper.
 ifdef(`gnome-pty-helper.te', `allow $1_screen_t $1_gph_t:fd use;')
 
+allow $1_screen_t $1_home_screen_t:{file lnk_file} r_file_perms;
+allow $1_t $1_home_screen_t:{file lnk_file} create_file_perms;
+allow $1_t $1_home_screen_t:{file lnk_file} { relabelfrom relabelto };
+
 allow $1_screen_t privfd:fd use;
 
 # Write to utmp.
@@ -63,15 +68,22 @@
 allow $1_screen_t proc_t:dir search;
 allow $1_screen_t proc_t:lnk_file read;
 dontaudit $1_screen_t device_t:chr_file { getattr };
-allow $1_screen_t etc_t:file { read getattr };
+allow $1_screen_t etc_t:{file lnk_file} { read getattr };
 allow $1_screen_t self:dir { search read };
 allow $1_screen_t self:lnk_file { read };
 allow $1_screen_t device_t:dir search;
 allow $1_screen_t { home_root_t $1_home_dir_t }:dir search;
 
+# Internal screen networking
+allow $1_screen_t self:fd *;
 allow $1_screen_t self:unix_stream_socket create_socket_perms;
+allow $1_screen_t self:unix_dgram_socket create_socket_perms;
+
 can_exec($1_screen_t, shell_exec_t)
 allow $1_screen_t bin_t:dir search;
+allow $1_screen_t bin_t:lnk_file { read };
+allow $1_screen_t locale_t:dir r_dir_perms;
+allow $1_screen_t locale_t:{file lnk_file} r_file_perms;
 
 dontaudit $1_screen_t file_type:{ chr_file blk_file } getattr;
 ')