diff --git a/policy/modules/services/ajaxterm.te b/policy/modules/services/ajaxterm.te
index 3441758..6382604 100644
--- a/policy/modules/services/ajaxterm.te
+++ b/policy/modules/services/ajaxterm.te
@@ -30,7 +30,7 @@ allow ajaxterm_t self:fifo_file rw_fifo_file_perms;
 allow ajaxterm_t self:unix_stream_socket create_stream_socket_perms;
 allow ajaxterm_t self:tcp_socket create_stream_socket_perms;
 
-allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
+allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms getattr_chr_file_perms relabelfrom };
 term_create_pty(ajaxterm_t, ajaxterm_devpts_t)
 
 manage_dirs_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
index c3a1903..ec40291 100644
--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@@ -76,7 +76,7 @@ files_search_spool(amavis_t)
 
 # tmp files
 manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
-allow amavis_t amavis_tmp_t:dir setattr;
+allow amavis_t amavis_tmp_t:dir setattr_dir_perms;
 files_tmp_filetrans(amavis_t, amavis_tmp_t, file)
 
 # var/lib files for amavis
@@ -86,7 +86,7 @@ manage_sock_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
 files_search_var_lib(amavis_t)
 
 # log files
-allow amavis_t amavis_var_log_t:dir setattr;
+allow amavis_t amavis_var_log_t:dir setattr_dir_perms;
 manage_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
 manage_sock_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
 logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index 803adbf..52dcf09 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -40,7 +40,7 @@ files_var_lib_filetrans(avahi_t, avahi_var_lib_t, { dir file })
 manage_dirs_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
 manage_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
 manage_sock_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
-allow avahi_t avahi_var_run_t:dir setattr;
+allow avahi_t avahi_var_run_t:dir setattr_dir_perms;
 files_pid_filetrans(avahi_t, avahi_var_run_t, { dir file })
 
 kernel_read_system_state(avahi_t)
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index ece1f1f..0535cb5 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -202,12 +202,12 @@ allow ndc_t self:tcp_socket create_socket_perms;
 allow ndc_t self:netlink_route_socket r_netlink_socket_perms;
 
 allow ndc_t dnssec_t:file read_file_perms;
-allow ndc_t dnssec_t:lnk_file { getattr read };
+allow ndc_t dnssec_t:lnk_file read_lnk_file_perms;
 
 stream_connect_pattern(ndc_t, named_var_run_t, named_var_run_t, named_t)
 
 allow ndc_t named_conf_t:file read_file_perms;
-allow ndc_t named_conf_t:lnk_file { getattr read };
+allow ndc_t named_conf_t:lnk_file read_lnk_file_perms;
 
 allow ndc_t named_zone_t:dir search_dir_perms;
 
@@ -245,7 +245,7 @@ term_dontaudit_use_console(ndc_t)
 
 # for /etc/rndc.key
 ifdef(`distro_redhat',`
-	allow ndc_t named_conf_t:dir search;
+	allow ndc_t named_conf_t:dir search_dir_perms;
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
index 25475f5..077aa01 100644
--- a/policy/modules/services/boinc.te
+++ b/policy/modules/services/boinc.te
@@ -136,7 +136,7 @@ files_var_lib_filetrans(boinc_project_t, boinc_project_var_lib_t, { file dir })
 allow boinc_project_t boinc_project_var_lib_t:file execmod;
 
 allow boinc_project_t boinc_t:shm rw_shm_perms;
-allow boinc_project_t boinc_tmpfs_t:file { read write };
+allow boinc_project_t boinc_tmpfs_t:file rw_inherited_file_perms;
 
 list_dirs_pattern(boinc_project_t, boinc_var_lib_t, boinc_var_lib_t)
 rw_files_pattern(boinc_project_t, boinc_var_lib_t, boinc_var_lib_t)
diff --git a/policy/modules/services/gatekeeper.te b/policy/modules/services/gatekeeper.te
index 99a94de..6dbc203 100644
--- a/policy/modules/services/gatekeeper.te
+++ b/policy/modules/services/gatekeeper.te
@@ -33,7 +33,7 @@ allow gatekeeper_t self:fifo_file rw_fifo_file_perms;
 allow gatekeeper_t self:tcp_socket create_stream_socket_perms;
 allow gatekeeper_t self:udp_socket create_socket_perms;
 
-allow gatekeeper_t gatekeeper_etc_t:lnk_file { getattr read };
+allow gatekeeper_t gatekeeper_etc_t:lnk_file read_lnk_file_perms;
 allow gatekeeper_t gatekeeper_etc_t:file read_file_perms;
 files_search_etc(gatekeeper_t)