diff --git a/policy-20070501.patch b/policy-20070501.patch
index 79b5f40..0990cc5 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -3710,7 +3710,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +/usr/local/Brother/inf(/.*)?	gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.6.4/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cups.te	2007-06-25 06:32:44.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cups.te	2007-07-01 21:16:46.000000000 -0400
 @@ -93,8 +93,6 @@
  # generic socket here until appletalk socket is available in kernels
  allow cupsd_t self:socket create_socket_perms;
@@ -3720,7 +3720,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  allow cupsd_t cupsd_etc_t:{ dir file } setattr;
  read_files_pattern(cupsd_t,cupsd_etc_t,cupsd_etc_t)
  read_lnk_files_pattern(cupsd_t,cupsd_etc_t,cupsd_etc_t)
-@@ -151,9 +149,11 @@
+@@ -151,14 +149,16 @@
  corenet_tcp_bind_reserved_port(cupsd_t)
  corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
  corenet_tcp_connect_all_ports(cupsd_t)
@@ -3732,6 +3732,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  dev_rw_printer(cupsd_t)
  dev_read_urand(cupsd_t)
+ dev_read_sysfs(cupsd_t)
+-dev_read_usbfs(cupsd_t)
++dev_rw_usbfs(cupsd_t)
+ dev_getattr_printer_dev(cupsd_t)
+ 
+ domain_read_all_domains_state(cupsd_t)
 @@ -177,6 +177,7 @@
  term_search_ptys(cupsd_t)
  
@@ -3786,6 +3792,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  	seutil_sigchld_newrole(cupsd_t)
  ')
  
+@@ -587,7 +599,7 @@
+ dev_read_urand(hplip_t)
+ dev_read_rand(hplip_t)
+ dev_rw_generic_usb_dev(hplip_t)
+-dev_read_usbfs(hplip_t)
++dev_rw_usbfs(hplip_t)
+ 
+ fs_getattr_all_fs(hplip_t)
+ fs_search_auto_mountpoints(hplip_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.6.4/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2007-05-07 14:51:01.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/services/cvs.te	2007-06-19 09:01:50.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f9735e5..babf6f9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -360,6 +360,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif
 
 %changelog
+* Wed Jun 27 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-24
+- Allow udev to transition to fstools domain.
+
 * Tue Jun 26 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-23
 - Fix libXComp location