diff --git a/policy/modules/apps/podsleuth.fc b/policy/modules/apps/podsleuth.fc
index 91397a3..6fbc01c 100644
--- a/policy/modules/apps/podsleuth.fc
+++ b/policy/modules/apps/podsleuth.fc
@@ -1,2 +1,3 @@
-
 /usr/bin/podsleuth	--	gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/usr/libexec/hal-podsleuth --	gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/var/cache/podsleuth(/.*)?	gen_context(system_u:object_r:podsleuth_cache_t,s0)
diff --git a/policy/modules/apps/podsleuth.if b/policy/modules/apps/podsleuth.if
index c35702d..60b8bc2 100644
--- a/policy/modules/apps/podsleuth.if
+++ b/policy/modules/apps/podsleuth.if
@@ -16,4 +16,30 @@ interface(`podsleuth_domtrans',`
 	')
 
 	domtrans_pattern($1, podsleuth_exec_t, podsleuth_t)
+	allow $1 podsleuth_t:process signal;
+')
+
+########################################
+## <summary>
+##	Execute podsleuth in the podsleuth domain, and
+##	allow the specified role the podsleuth domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the podsleuth domain.
+##	</summary>
+## </param>
+#
+interface(`podsleuth_run',`
+	gen_require(`
+		type podsleuth_t;
+	')
+
+	podsleuth_domtrans($1)
+	role $2 types podsleuth_t;
 ')
diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te
index cada433..0136355 100644
--- a/policy/modules/apps/podsleuth.te
+++ b/policy/modules/apps/podsleuth.te
@@ -1,5 +1,5 @@
 
-policy_module(podsleuth, 1.1.0)
+policy_module(podsleuth, 1.1.1)
 
 ########################################
 #
@@ -11,25 +11,74 @@ type podsleuth_exec_t;
 application_domain(podsleuth_t, podsleuth_exec_t)
 role system_r types podsleuth_t;
 
+type podsleuth_cache_t;
+files_type(podsleuth_cache_t)
+ubac_constrained(podsleuth_cache_t)
+
+type podsleuth_tmp_t;
+files_tmp_file(podsleuth_tmp_t)
+ubac_constrained(podsleuth_tmp_t)
+
+type podsleuth_tmpfs_t;
+files_tmpfs_file(podsleuth_tmpfs_t)
+ubac_constrained(podsleuth_tmpfs_t)
+
 ########################################
 #
 # podsleuth local policy
 #
-
-allow podsleuth_t self:process { signal getsched execheap execmem };
+allow podsleuth_t self:capability { kill dac_override sys_admin sys_rawio };
+allow podsleuth_t self:process { ptrace signal getsched execheap execmem execstack };
 allow podsleuth_t self:fifo_file rw_file_perms;
 allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;
+allow podsleuth_t self:sem create_sem_perms;
+allow podsleuth_t self:tcp_socket create_stream_socket_perms;
+allow podsleuth_t self:udp_socket create_socket_perms;
+
+manage_dirs_pattern(podsleuth_t, podsleuth_cache_t, podsleuth_cache_t)
+manage_files_pattern(podsleuth_t, podsleuth_cache_t, podsleuth_cache_t)
+files_var_filetrans(podsleuth_t, podsleuth_cache_t, { file dir })
+
+allow podsleuth_t podsleuth_tmp_t:dir mounton;
+manage_dirs_pattern(podsleuth_t, podsleuth_tmp_t, podsleuth_tmp_t)
+manage_files_pattern(podsleuth_t, podsleuth_tmp_t, podsleuth_tmp_t)
+files_tmp_filetrans(podsleuth_t, podsleuth_tmp_t, { file dir })
+
+manage_dirs_pattern(podsleuth_t, podsleuth_tmpfs_t, podsleuth_tmpfs_t)
+manage_files_pattern(podsleuth_t, podsleuth_tmpfs_t, podsleuth_tmpfs_t)
+manage_lnk_files_pattern(podsleuth_t, podsleuth_tmpfs_t, podsleuth_tmpfs_t)
+fs_tmpfs_filetrans(podsleuth_t, podsleuth_tmpfs_t, { dir file lnk_file })
 
 kernel_read_system_state(podsleuth_t)
 
+corecmd_exec_bin(podsleuth_t)
+
+corenet_tcp_connect_http_port(podsleuth_t)
+
 dev_read_urand(podsleuth_t)
 
 files_read_etc_files(podsleuth_t)
 
+fs_mount_dos_fs(podsleuth_t)
+fs_unmount_dos_fs(podsleuth_t)
+fs_getattr_dos_fs(podsleuth_t)
+fs_read_dos_files(podsleuth_t)
+fs_search_dos(podsleuth_t)
+fs_getattr_tmpfs(podsleuth_t)
+fs_list_tmpfs(podsleuth_t)
+
 miscfiles_read_localization(podsleuth_t)
 
-dbus_system_bus_client(podsleuth_t)
+sysnet_dns_name_resolve(podsleuth_t)
+
+optional_policy(`
+	dbus_system_bus_client(podsleuth_t)
 
-mono_exec(podsleuth_t)
+	optional_policy(`
+		hal_dbus_chat(podsleuth_t)
+	')
+')
 
-hal_dbus_chat(podsleuth_t)
+optional_policy(`
+	mono_exec(podsleuth_t)
+')