diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index 89bf643..acba23a 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -204,6 +204,7 @@ template(`su_per_userdomain_template',`
 	seutil_read_default_contexts($1_su_t)
 
 	userdom_use_user_terminals($1,$1_su_t)
+	userdom_search_user_home($1,$1_su_t)
 
 	if(secure_mode) {
 		# Only allow transitions to unprivileged user domains.
@@ -215,6 +216,8 @@ template(`su_per_userdomain_template',`
 
 	ifdef(`targeted_policy',`
 		corecmd_exec_bin($1_su_t)
+		userdom_manage_user_home_subdir_files($1_su_t)
+		userdom_manage_user_home_subdir_symlink($1_su_t)
 	')
 
 	tunable_policy(`use_nfs_home_dirs',`
@@ -261,7 +264,6 @@ template(`su_per_userdomain_template',`
 	# Inherit and use descriptors from gnome-pty-helper.
 	ifdef(`gnome-pty-helper.te', `allow $1_su_t $1_gph_t:fd use;')
 
-	allow $1_su_t { home_root_t $1_home_dir_t }:dir search;
 	allow $1_su_t $1_home_t:file create_file_perms;
 
 	ifdef(`user_canbe_sysadm', `