Can you elaborate a bit on what is happening on the system reporting denials? In particular, I'd like to know:

- Is it the initiator or the target system?
- Is rsync running as a client or a server?
- Is there some new setup on the system in question or a new feature? This permission was never allowed in selinux-policy so the scenario was never expected to work.

We would also like to have audit logs or journal to see details.

Is adding the one reported permission sufficient?

# cat local_rsync.cil
(allow rsync_t shell_exec_t (file (execute)))

# semodule -i local_rsync.cil
<reproduce the scenario>

I am not aware of any related change in selinux-policy which would effect in removing permissions for the rsync_t domain during RHEL 8 development cycle.
Additional information is required to assess the issue, preferably with full auditing enabled:
https://fedoraproject.org/wiki/SELinux/Debugging#Enable_full_auditing

Also note there is the rsync_client boolean set to off by default, but can turned on on a system where rsync runs as a client:

  # setsebool -P rsync_client on