diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc
index 92cb788..f91c9a5 100644
--- a/policy/modules/apps/java.fc
+++ b/policy/modules/apps/java.fc
@@ -2,15 +2,15 @@
 # /opt
 #
 /opt/(.*/)?bin/java[^/]* --	gen_context(system_u:object_r:java_exec_t,s0)
-/opt/ibm/java2-ppc64-50/jre/(bin|javaws)(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
-/opt/local/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
-/opt/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
+/opt/ibm/java.*/(bin|javaws)(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+/opt/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
+/opt/matlab.*/bin.*/MATLAB.* --	gen_context(system_u:object_r:java_exec_t,s0)
 
 #
 # /usr
 #
 /usr/(.*/)?bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/lib(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/bin/fastjar	--	gen_context(system_u:object_r:java_exec_t,s0)
 /usr/bin/frysk		--	gen_context(system_u:object_r:java_exec_t,s0)
 /usr/bin/gappletviewer	--	gen_context(system_u:object_r:java_exec_t,s0)
 /usr/bin/gcj-dbtool	--	gen_context(system_u:object_r:java_exec_t,s0)
@@ -20,5 +20,15 @@
 /usr/bin/grmic		--	gen_context(system_u:object_r:java_exec_t,s0)
 /usr/bin/grmiregistry	--	gen_context(system_u:object_r:java_exec_t,s0)
 /usr/bin/jv-convert	--	gen_context(system_u:object_r:java_exec_t,s0)
-/usr/local/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
-/usr/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/bin/octave-[^/]*	--	gen_context(system_u:object_r:java_exec_t,s0)
+
+/usr/lib(.*/)?bin/java[^/]* --	gen_context(system_u:object_r:java_exec_t,s0)
+/usr/lib/eclipse/eclipse --	gen_context(system_u:object_r:java_exec_t,s0)
+/usr/lib/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/lib/opera(/.*)?/opera --	gen_context(system_u:object_r:java_exec_t,s0)
+/usr/lib/opera(/.*)?/works --	gen_context(system_u:object_r:java_exec_t,s0)
+/usr/lib64/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+
+/usr/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
+
+/usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --git a/policy/modules/apps/java.if b/policy/modules/apps/java.if
index ec61413..8695c7e 100644
--- a/policy/modules/apps/java.if
+++ b/policy/modules/apps/java.if
@@ -30,6 +30,69 @@ interface(`java_role',`
 
 	allow java_t $2:unix_stream_socket connectto;
 	allow java_t $2:unix_stream_socket { read write };
+	allow java_t $2:tcp_socket { read write };
+')
+
+#######################################
+## <summary>
+##	The role template for the java module.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a derived domains which are used
+##	for java applications.
+##	</p>
+## </desc>
+## <param name="role_prefix">
+##	<summary>
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+##	</summary>
+## </param>
+## <param name="user_role">
+##	<summary>
+##	The role associated with the user domain.
+##	</summary>
+## </param>
+## <param name="user_domain">
+##	<summary>
+##	The type of the user domain.
+##	</summary>
+## </param>
+#
+template(`java_role_template',`
+	gen_require(`
+		type java_exec_t;
+	')
+
+	type $1_java_t;
+	domain_type($1_java_t)
+	domain_entry_file($1_java_t, java_exec_t)
+	role $2 types $1_java_t;
+
+	domain_interactive_fd($1_java_t)
+
+	userdom_manage_tmpfs_role($2, $1_java_t)
+
+	allow $1_java_t self:process { ptrace signal getsched execmem execstack };
+
+	dontaudit $1_java_t $3:tcp_socket { read write };
+
+	allow $3 $1_java_t:process { getattr ptrace noatsecure signal_perms };
+
+	domtrans_pattern($3, java_exec_t, $1_java_t)
+
+	corecmd_bin_domtrans($1_java_t, $3)
+
+	dev_dontaudit_append_rand($1_java_t)
+
+	files_execmod_all_files($1_java_t)
+
+	fs_dontaudit_rw_tmpfs_files($1_java_t)
+
+	optional_policy(`
+		xserver_role($2, $1_java_t)
+	')
 ')
 
 ########################################
@@ -52,6 +115,31 @@ template(`java_domtrans',`
 
 ########################################
 ## <summary>
+##	Execute java in the java domain, and
+##	allow the specified role the java domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the java domain.
+##	</summary>
+## </param>
+#
+interface(`java_run',`
+	gen_require(`
+		type java_t;
+	')
+
+	java_domtrans($1)
+	role $2 types java_t;
+')
+
+########################################
+## <summary>
 ##	Execute the java program in the unconfined java domain.
 ## </summary>
 ## <param name="domain">
@@ -92,3 +180,21 @@ interface(`java_run_unconfined',`
 	java_domtrans_unconfined($1)
 	role $2 types unconfined_java_t;
 ')
+
+########################################
+## <summary>
+##	Execute the java program in the java domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`java_exec',`
+	gen_require(`
+		type java_exec_t;
+	')
+
+	can_exec($1, java_exec_t)
+')
diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
index 8285ec9..21f1665 100644
--- a/policy/modules/apps/java.te
+++ b/policy/modules/apps/java.te
@@ -1,5 +1,5 @@
 
-policy_module(java, 2.2.0)
+policy_module(java, 2.2.1)
 
 ########################################
 #
@@ -19,6 +19,7 @@ application_domain(java_t, java_exec_t)
 ubac_constrained(java_t)
 typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
 typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
+role system_r types java_t;
 
 type java_tmp_t;
 files_tmp_file(java_tmp_t)
@@ -47,7 +48,7 @@ allow java_t self:udp_socket create_socket_perms;
 
 manage_dirs_pattern(java_t, java_tmp_t, java_tmp_t)
 manage_files_pattern(java_t, java_tmp_t, java_tmp_t)
-files_tmp_filetrans(java_t, java_tmp_t,{ file dir })
+files_tmp_filetrans(java_t, java_tmp_t, { file dir })
 
 manage_files_pattern(java_t, java_tmpfs_t, java_tmpfs_t)
 manage_lnk_files_pattern(java_t, java_tmpfs_t, java_tmpfs_t)
@@ -80,6 +81,7 @@ dev_read_sound(java_t)
 dev_write_sound(java_t)
 dev_read_urand(java_t)
 dev_read_rand(java_t)
+dev_dontaudit_append_rand(java_t)
 
 files_read_etc_files(java_t)
 files_read_usr_files(java_t)