diff --git a/policy/modules/apps/nsplugin.if b/policy/modules/apps/nsplugin.if
index 74c624e..acab1e7 100644
--- a/policy/modules/apps/nsplugin.if
+++ b/policy/modules/apps/nsplugin.if
@@ -56,21 +56,15 @@ interface(`nsplugin_manage_rw',`
 ##	by policy writers.
 ##	</p>
 ## </desc>
-## <param name="userdomain_prefix">
+## <param name="user_role">
 ##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
+##	The role associated with the user domain.
 ##	</summary>
-## </param>
 ## <param name="user_domain">
 ##	<summary>
 ##	The type of the user domain.
 ##	</summary>
 ## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
-##	</summary>
 ## </param>
 #
 interface(`nsplugin_role_notrans',`
diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te
index 8d4ac56..942bb30 100644
--- a/policy/modules/apps/sandbox.te
+++ b/policy/modules/apps/sandbox.te
@@ -232,7 +232,6 @@ userdom_dontaudit_use_user_terminals(sandbox_x_domain)
 userdom_read_user_home_content_symlinks(sandbox_x_domain)
 userdom_search_user_home_content(sandbox_x_domain)
 
-#============= sandbox_x_t ==============
 files_search_home(sandbox_x_t)
 userdom_use_user_ptys(sandbox_x_t)
 
@@ -286,7 +285,6 @@ dev_read_rand(sandbox_web_type)
 dev_write_sound(sandbox_web_type)
 dev_read_sound(sandbox_web_type)
 
-# Browse the web, connect to printer
 corenet_all_recvfrom_unlabeled(sandbox_web_type)
 corenet_all_recvfrom_netlabel(sandbox_web_type)
 corenet_tcp_sendrecv_all_if(sandbox_web_type)
@@ -316,7 +314,7 @@ corenet_sendrecv_squid_client_packets(sandbox_web_type)
 corenet_sendrecv_ftp_client_packets(sandbox_web_type)
 corenet_sendrecv_ipp_client_packets(sandbox_web_type)
 corenet_sendrecv_generic_client_packets(sandbox_web_type)
-# Should not need other ports
+
 corenet_dontaudit_tcp_sendrecv_generic_port(sandbox_web_type)
 corenet_dontaudit_tcp_bind_generic_port(sandbox_web_type)
 
@@ -400,4 +398,3 @@ optional_policy(`
 	mozilla_dontaudit_rw_user_home_files(sandbox_xserver_t)
 	mozilla_dontaudit_rw_user_home_files(sandbox_x_domain)
 ')
-
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 939877a..38a83ea 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -678,7 +678,7 @@ list_dirs_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
 rw_dirs_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
 read_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
 read_lnk_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
-allow cronjob_t user_cron_spool_t:file create_lnk_perms;
+allow cronjob_t user_cron_spool_t:file manage_lnk_file_perms;
 
 tunable_policy(`fcron_crond', `
 	allow crond_t user_cron_spool_t:file manage_file_perms;