policycoreutils/policycoreutils-sepolgen.patch

diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py
index 1a9a3e5..d56dd92 100644
--- a/sepolgen/src/sepolgen/matching.py
+++ b/sepolgen/src/sepolgen/matching.py
@@ -50,7 +50,7 @@ class Match:
                 return 1
 
 class MatchList:
-    DEFAULT_THRESHOLD = 120
+    DEFAULT_THRESHOLD = 150
     def __init__(self):
         # Match objects that pass the threshold
         self.children = []
@@ -63,14 +63,15 @@ class MatchList:
     def best(self):
         if len(self.children):
             return self.children[0]
-        else:
-            return None
+        if len(self.bastards):
+            return self.bastards[0]
+        return None
 
     def __len__(self):
         # Only return the length of the matches so
         # that this can be used to test if there is
         # a match.
-        return len(self.children)
+        return len(self.children) + len(self.bastards)
 
     def __iter__(self):
         return iter(self.children)
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
index 4882999..9dc2d32 100644
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@@ -30,7 +30,11 @@ import access
 import interfaces
 import matching
 import selinux.audit2why as audit2why
-from setools import *
+try:
+    from setools import *
+    alldomains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
+except:
+    pass
 
 # Constants for the level of explanation from the generation
 # routines
@@ -79,7 +83,6 @@ class PolicyGenerator:
 
         self.dontaudit = False
 
-        self.domains = None
     def set_gen_refpol(self, if_set=None, perm_maps=None):
         """Set whether reference policy interfaces are generated.
 
@@ -175,13 +178,11 @@ class PolicyGenerator:
             if av.type == audit2why.TERULE:
                 if "write" in av.perms:
                     if "dir" in av.obj_class or "open" in av.perms:
-                        if not self.domains:
-                            self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
                         types=[]
 
                         try:
                             for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
-                                if i not in self.domains:
+                                if i not in alldomains:
                                     types.append(i)
                             if len(types) == 1:
                                 rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
index 9a79340..a4adbd8 100644
--- a/sepolgen/src/sepolgen/refparser.py
+++ b/sepolgen/src/sepolgen/refparser.py
@@ -245,7 +245,7 @@ def t_refpolicywarn(t):
     t.lexer.lineno += 1
 
 def t_IDENTIFIER(t):
-    r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"~]*'
+    r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\+\.\$\*\"~]*'
     # Handle any keywords
     t.type = reserved.get(t.value,'IDENTIFIER')
     return t