From Debian package 0.2.20100524-5
0071-fetchmail-policy-adjustements-Label-var-lib-fetchmai.patch (part of)

  * Allow fetchmail_t to read usr_t for certificates and to create /tmp files

Index: policy/modules/contrib/fetchmail.te
===================================================================
--- policy/modules/contrib/fetchmail.te.orig
+++ policy/modules/contrib/fetchmail.te
@@ -19,6 +19,11 @@
 type fetchmail_uidl_cache_t;
 files_type(fetchmail_uidl_cache_t)
 
+type fetchmail_tmp_t;
+files_tmp_file(fetchmail_tmp_t)
+ubac_constrained(fetchmail_tmp_t)
+files_tmp_filetrans(fetchmail_t, fetchmail_tmp_t, file)
+
 ########################################
 #
 # Local policy
@@ -33,6 +38,7 @@
 allow fetchmail_t self:udp_socket create_socket_perms;
 
 allow fetchmail_t fetchmail_etc_t:file read_file_perms;
+files_read_usr_files(fetchmail_t)
 
 allow fetchmail_t fetchmail_uidl_cache_t:file manage_file_perms;
 mta_spool_filetrans(fetchmail_t, fetchmail_uidl_cache_t, file)