Description of problem:
After running "rpm --rebuilddb", The SELinux type of files replaced in /var/lib/rpm are set to "var_lib_t" rather than "rpm_var_lib_t" as defined by the policy.

Version-Release number of selected component (if applicable):
rpm-4.13.0.1-7.fc26.x86_64
selinux-policy-targeted-3.13.1-260.6.fc26.noarch

How reproducible:
Rebuild the indexes of the rpm database.

Steps to Reproduce:
1. Run "restorecon" to ensure file contexts are set as defined by the installed policy.
# restorecon -rv /var/lib/rpm
#

2. Rebuild the RPM database.
# rpm --rebuilddb
#

3. Re-run "restorecon"
# restorecon -rv /var/lib/rpm
Relabeled /var/lib/rpm/Packages from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Conflictname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Name from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Basenames from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Group from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Requirename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Providename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Obsoletename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Triggername from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Dirnames from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Installtid from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Sigmd5 from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Sha1header from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Filetriggername from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Transfiletriggername from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Recommendname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Suggestname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Supplementname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
Relabeled /var/lib/rpm/Enhancename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
#

Actual results:
The "restorecon" command has to relabel the files updated by "rpm --rebuilddb".

Expected results:
Files should not need relabelling.

Additional info:
This problem is reported in the systemd journal:
> Aug 31 09:26:02 localhost.localdomain audit[3405]: AVC avc:  denied  { lock } for  pid=3405 comm="setroubleshootd" path="/var/lib/rpm/Packages" dev="dm-1" ino=50391935 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1
> Aug 31 09:26:05 localhost.localdomain sedispatch[1018]: AVC Message for setroubleshoot, dropping message