From Debian package 0.0.20080702-15

allow initrc_t udev_tbl_t:file unlink and device_t:dir rmdir

Index: policy/modules/system/init.te
===================================================================
--- policy/modules/system/init.te.orig
+++ policy/modules/system/init.te
@@ -303,8 +303,14 @@
 dev_delete_lvm_control_dev(initrc_t)
 dev_manage_generic_symlinks(initrc_t)
 dev_manage_generic_files(initrc_t)
-# Wants to remove udev.tbl:
-dev_delete_generic_symlinks(initrc_t)
+
+optional_policy(`
+	# Wants to remove udev.tbl:
+	dev_delete_generic_symlinks(initrc_t)
+	udev_unlink_table(initrc_t)
+	dev_delete_generic_dirs(initrc_t)
+')
+
 dev_getattr_all_blk_files(initrc_t)
 dev_getattr_all_chr_files(initrc_t)
 # Early devtmpfs
Index: policy/modules/system/udev.if
===================================================================
--- policy/modules/system/udev.if.orig
+++ policy/modules/system/udev.if
@@ -168,6 +168,24 @@
 
 ########################################
 ## <summary>
+##     Allow process to remove udev table files
+## </summary>
+## <param name="domain">
+##     <summary>
+##     The type of the process performing this action.
+##     </summary>
+## </param>
+#
+interface(`udev_unlink_table',`
+       gen_require(`
+               type udev_tbl_t;
+       ')
+
+       allow $1 udev_tbl_t:file unlink;
+')
+
+########################################
+## <summary>
 ##	Read the udev device table.
 ## </summary>
 ## <desc>