--- nsaserefpolicy/policy/modules/services/apcupsd.fc	2007-05-07 11:11:55.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.fc	2007-05-07 11:45:20.000000000 -0400
@@ -3,3 +3,8 @@
 /var/log/apcupsd\.events.*	--	gen_context(system_u:object_r:apcupsd_log_t,s0)
 
 /var/run/apcupsd\.pid		--	gen_context(system_u:object_r:apcupsd_var_run_t,s0)
+
+/var/www/apcupsd/multimon.cgi		--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
+/var/www/apcupsd/upsfstats.cgi		--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
+/var/www/apcupsd/upsimage.cgi		--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
+/var/www/apcupsd/upsstats.cgi		--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
--- nsaserefpolicy/policy/modules/services/apcupsd.if	2007-05-07 11:11:55.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.if	2007-05-07 11:45:44.000000000 -0400
@@ -79,3 +79,25 @@
 	allow $1 apcupsd_log_t:dir list_dir_perms;
 	allow $1 apcupsd_log_t:file { getattr append };
 ')
+
+########################################
+## <summary>
+##	Execute a domain transition to run httpd_apcupsd_cgi_script.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`httpd_apcupsd_cgi_script_domtrans',`
+	gen_require(`
+		type httpd_apcupsd_cgi_script_t, httpd_apcupsd_cgi_script_exec_t;
+	')
+
+	domain_auto_trans($1,httpd_apcupsd_cgi_script_exec_t,httpd_apcupsd_cgi_script_t)
+
+	allow httpd_apcupsd_cgi_script_t $1:fd use;
+	allow httpd_apcupsd_cgi_script_t $1:fifo_file rw_file_perms;
+	allow httpd_apcupsd_cgi_script_t $1:process sigchld;
+')
--- nsaserefpolicy/policy/modules/services/apcupsd.te	2007-05-07 11:11:55.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te	2007-05-07 11:56:18.000000000 -0400
@@ -24,6 +24,7 @@
 # apcupsd local policy
 #
 
+allow apcupsd_t self:process signal;
 allow apcupsd_t self:fifo_file rw_file_perms;
 allow apcupsd_t self:unix_stream_socket create_stream_socket_perms;
 allow apcupsd_t self:tcp_socket create_stream_socket_perms;
@@ -43,8 +44,8 @@
 corenet_tcp_sendrecv_all_nodes(apcupsd_t)
 corenet_tcp_sendrecv_all_ports(apcupsd_t)
 corenet_tcp_bind_all_nodes(apcupsd_t)
-#corenet_tcp_bind_apcupsd_port(apcupsd_t)
-#corenet_sendrecv_apcupsd_server_packets(apcupsd_t)
+corenet_tcp_bind_apcupsd_port(apcupsd_t)
+corenet_sendrecv_apcupsd_server_packets(apcupsd_t)
 
 dev_rw_generic_usb_dev(apcupsd_t)
 
@@ -65,3 +66,26 @@
 	term_dontaudit_use_unallocated_ttys(apcupsd_t)
 	term_dontaudit_use_generic_ptys(apcupsd_t)
 ')
+
+########################################
+#
+# apcupsd_cgi Declarations
+#
+
+apache_content_template(apcupsd_cgi)
+
+# Default Networking
+sysnet_dns_name_resolve(httpd_apcupsd_cgi_script_t)
+corenet_non_ipsec_sendrecv(httpd_apcupsd_cgi_script_t)
+
+allow httpd_apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_all_if(httpd_apcupsd_cgi_script_t)
+corenet_tcp_sendrecv_all_nodes(httpd_apcupsd_cgi_script_t)
+corenet_tcp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)
+corenet_tcp_connect_apcupsd_port(httpd_apcupsd_cgi_script_t)
+
+allow httpd_apcupsd_cgi_script_t self:udp_socket create_socket_perms;
+corenet_udp_sendrecv_all_if(httpd_apcupsd_cgi_script_t)
+corenet_udp_sendrecv_all_nodes(httpd_apcupsd_cgi_script_t)
+corenet_udp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)
+
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2007-05-07 10:32:44.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in	2007-05-07 11:27:37.000000000 -0400
@@ -60,6 +65,7 @@
 network_port(amanda, udp,10080,s0, tcp,10080,s0, udp,10081,s0, tcp,10081,s0, tcp,10082,s0, tcp,10083,s0)
 network_port(amavisd_recv, tcp,10024,s0)
 network_port(amavisd_send, tcp,10025,s0)
+network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
 network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0, udp,5060,s0)
 network_port(auth, tcp,113,s0)
 network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)