diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.6.9/policy/modules/services/lircd.fc
--- nsaserefpolicy/policy/modules/services/lircd.fc 1970-01-01 01:00:00.000000000 +0100
+++ serefpolicy-3.6.9/policy/modules/services/lircd.fc 2009-03-20 14:57:12.000000000 +0100
@@ -0,0 +1,9 @@
+
+/dev/lircd -s gen_context(system_u:object_r:lircd_sock_t,s0)
+
+/etc/rc\.d/init\.d/lirc -- gen_context(system_u:object_r:lircd_initrc_exec_t,s0)
+/etc/lircd\.conf -- gen_context(system_u:object_r:lircd_etc_t,s0)
+
+/usr/sbin/lircd -- gen_context(system_u:object_r:lircd_exec_t,s0)
+
+/var/run/lircd\.pid gen_context(system_u:object_r:lircd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.6.9/policy/modules/services/lircd.if
--- nsaserefpolicy/policy/modules/services/lircd.if 1970-01-01 01:00:00.000000000 +0100
+++ serefpolicy-3.6.9/policy/modules/services/lircd.if 2009-03-20 14:56:55.000000000 +0100
@@ -0,0 +1,100 @@
+## Lirc daemon
+
+########################################
+##
+## Execute a domain transition to run lircd.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`lircd_domtrans',`
+ gen_require(`
+ type lircd_t, lircd_exec_t;
+ ')
+
+ domain_auto_trans($1,lircd_exec_t,lircd_t)
+
+')
+
+#######################################
+##
+## Read lircd etc file
+##
+##
+##
+## The type of the process performing this action.
+##
+##
+#
+interface(`lircd_read_etc',`
+ gen_require(`
+ type lircd_etc_t;
+ ')
+
+ read_files_pattern($1, lircd_etc_t, lircd_etc_t)
+')
+
+######################################
+##
+## Connect to lircd over a unix domain
+## stream socket.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`lircd_stream_connect',`
+ gen_require(`
+ type lircd_sock_t, lircd_t;
+ ')
+
+ allow $1 lircd_t:unix_stream_socket connectto;
+ allow $1 lircd_sock_t:sock_file { getattr write };
+ files_search_pids($1)
+')
+
+########################################
+##
+## All of the rules required to administrate
+## an lircd environment
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+##
+## The role to be allowed to manage the syslog domain.
+##
+##
+##
+#
+interface(`lircd_admin',`
+ gen_require(`
+ type lircd_t, lircd_var_run_t, lircd_sock_t;
+ type lircd_initrc_exec_t, lircd_etc_t;
+ ')
+
+ allow $1 lircd_t:process { ptrace signal_perms };
+ ps_process_pattern($1, lircd_t)
+
+ init_labeled_script_domtrans($1, lircd_initrc_exec_t)
+ domain_system_change_exemption($1)
+ role_transition $2 lircd_initrc_exec_t system_r;
+ allow $2 system_r;
+
+ files_search_etc($1)
+ admin_pattern($1, lircd_etc_t)
+
+ files_search_pids($1)
+ admin_pattern($1, lircd_var_run_t)
+
+ admin_pattern($1, lircd_sock_t)
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.9/policy/modules/services/lircd.te
--- nsaserefpolicy/policy/modules/services/lircd.te 1970-01-01 01:00:00.000000000 +0100
+++ serefpolicy-3.6.9/policy/modules/services/lircd.te 2009-03-20 14:57:07.000000000 +0100
@@ -0,0 +1,53 @@
+policy_module(lircd,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type lircd_t;
+type lircd_exec_t;
+init_daemon_domain(lircd_t, lircd_exec_t)
+
+type lircd_initrc_exec_t;
+init_script_file(lircd_initrc_exec_t)
+
+# pid files
+type lircd_var_run_t;
+files_pid_file(lircd_var_run_t)
+
+# etc file
+type lircd_etc_t;
+files_config_file(lircd_etc_t)
+
+# type for lircd /dev/ sock file
+type lircd_sock_t;
+files_type(lircd_sock_t)
+
+########################################
+#
+# lircd local policy
+#
+
+allow lircd_t self:process signal;
+allow lircd_t self:unix_dgram_socket create_socket_perms;
+
+# etc file
+read_files_pattern(lircd_t, lircd_etc_t, lircd_etc_t)
+
+# pid file
+manage_dirs_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
+manage_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
+files_pid_filetrans(lircd_t,lircd_var_run_t, { dir file })
+
+# /dev/lircd socket
+manage_sock_files_pattern(lircd_t, lircd_sock_t, lircd_sock_t)
+dev_filetrans(lircd_t, lircd_sock_t, sock_file )
+
+logging_send_syslog_msg(lircd_t)
+
+libs_use_ld_so(lircd_t)
+libs_use_shared_libs(lircd_t)
+miscfiles_read_localization(lircd_t)
+
+