diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index b257b2b..7ea3893 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -183,7 +183,7 @@ interface(`term_dontaudit_use_console',`
 		type console_device_t;
 	')
 
-	dontaudit $1 console_device_t:chr_file { read write };
+	dontaudit $1 console_device_t:chr_file rw_file_perms;
 ')
 
 ########################################
@@ -364,11 +364,10 @@ interface(`term_dontaudit_use_generic_pty',`
 interface(`term_use_controlling_term',`
 	gen_require(`
 		type devtty_t;
-		class chr_file { getattr read write ioctl };
 	')
 
 	dev_list_all_dev_nodes($1)
-	allow $1 devtty_t:chr_file { getattr read write ioctl };
+	allow $1 devtty_t:chr_file { rw_term_perms lock append };
 ')
 
 ########################################
@@ -668,11 +667,10 @@ interface(`term_write_unallocated_ttys',`
 interface(`term_use_unallocated_tty',`
 	gen_require(`
 		type tty_device_t;
-		class chr_file { getattr read write ioctl };
 	')
 
 	dev_list_all_dev_nodes($1)
-	allow $1 tty_device_t:chr_file { getattr read write ioctl };
+	allow $1 tty_device_t:chr_file { rw_term_perms lock append };
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/services/apm.te b/refpolicy/policy/modules/services/apm.te
index 75c64f0..761c12e 100644
--- a/refpolicy/policy/modules/services/apm.te
+++ b/refpolicy/policy/modules/services/apm.te
@@ -142,7 +142,7 @@ miscfiles_read_localization(apmd_t)
 modutils_domtrans_insmod(apmd_t)
 modutils_read_module_conf(apmd_t)
 
-seutil_dontaudit_search_config(apmd_t)
+seutil_dontaudit_read_config(apmd_t)
 
 userdom_dontaudit_use_unpriv_user_fd(apmd_t)
 userdom_dontaudit_search_sysadm_home_dir(apmd_t)
@@ -191,6 +191,10 @@ optional_policy(`clock.te',`
 	clock_rw_adjtime(apmd_t)
 ')
 
+optional_policy(`cron.te',`
+	cron_domtrans_anacron_system_job(apmd_t)
+')
+
 optional_policy(`logrotate.te',`
 	logrotate_use_fd(apmd_t)
 ')
@@ -221,7 +225,6 @@ ifdef(`TODO',`
 allow apmd_t proc_t:file write;
 allow apmd_t user_tty_type:chr_file { ioctl read getattr lock write append };
 optional_policy(`cron.te',`
-	domain_auto_trans(apmd_t, anacron_exec_t, system_crond_t)
 	allow apmd_t crond_t:fifo_file { getattr read write ioctl };
 ')
 
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 68478f7..5ecf6cd 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -161,9 +161,10 @@ optional_policy(`rhgb.te',`
 #
 
 allow bluetooth_helper_t self:capability sys_nice;
+allow bluetooth_helper_t self:process getsched;
 allow bluetooth_helper_t self:fifo_file rw_file_perms;
 allow bluetooth_helper_t self:shm create_shm_perms;
-allow bluetooth_helper_t self:unix_stream_socket create_stream_socket_perms;
+allow bluetooth_helper_t self:unix_stream_socket { create_stream_socket_perms connectto };
 
 allow bluetooth_helper_t bluetooth_t:socket { read write };
 
diff --git a/refpolicy/policy/modules/services/canna.te b/refpolicy/policy/modules/services/canna.te
index 62e42d2..f6e399e 100644
--- a/refpolicy/policy/modules/services/canna.te
+++ b/refpolicy/policy/modules/services/canna.te
@@ -33,7 +33,7 @@ allow canna_t self:unix_dgram_socket create_stream_socket_perms;
 allow canna_t self:tcp_socket create_stream_socket_perms;
 
 allow canna_t canna_log_t:file create_file_perms;
-allow canna_t canna_log_t:dir rw_dir_perms;
+allow canna_t canna_log_t:dir { rw_dir_perms setattr };
 logging_create_log(canna_t,canna_log_t,{ file dir })
 
 allow canna_t canna_var_lib_t:dir create_dir_perms;
@@ -54,6 +54,7 @@ corenet_tcp_sendrecv_all_if(canna_t)
 corenet_raw_sendrecv_all_if(canna_t)
 corenet_tcp_sendrecv_all_nodes(canna_t)
 corenet_raw_sendrecv_all_nodes(canna_t)
+corenet_tcp_sendrecv_all_ports(canna_t)
 corenet_tcp_bind_all_nodes(canna_t)
 corenet_tcp_connect_all_ports(canna_t)
 
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index eade946..2f1179c 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -324,7 +324,7 @@ interface(`cron_system_entry',`
 	allow $1 system_crond_t:fifo_file rw_file_perms;
 	allow $1 system_crond_t:process sigchld;
 
-	allow $1 crond_t:fifo_file { getattr read write ioctl };
+	allow $1 crond_t:fifo_file rw_file_perms;
 	allow $1 crond_t:fd use;
 	allow $1 crond_t:process sigchld;
 ')
@@ -418,6 +418,27 @@ interface(`cron_search_spool',`
 
 ########################################
 ## <summary>
+##	Execute APM in the apm domain.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`cron_domtrans_anacron_system_job',`
+	gen_require(`
+		type system_crond_t, anacron_exec_t;
+	')
+
+	domain_auto_trans($1,anacron_exec_t,system_crond_t)
+
+	allow $1 system_crond_t:fd use;
+	allow system_crond_t $1:fd use;
+	allow system_crond_t $1:fifo_file rw_file_perms;
+	allow system_crond_t $1:process sigchld;
+')
+
+########################################
+## <summary>
 ##	Inherit and use a file descriptor
 ##	from system cron jobs.
 ## </summary>
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index 78c88d1..31c7581 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -75,6 +75,7 @@ corenet_tcp_sendrecv_all_nodes(dovecot_t)
 corenet_raw_sendrecv_all_nodes(dovecot_t)
 corenet_tcp_sendrecv_all_ports(dovecot_t)
 corenet_tcp_bind_all_nodes(dovecot_t)
+corenet_tcp_connect_all_ports(dovecot_t)
 
 dev_read_sysfs(dovecot_t)
 dev_read_urand(dovecot_t)
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index d6db068..504e104 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -823,10 +823,9 @@ interface(`files_create_root',`
 interface(`files_dontaudit_read_root_file',`
 	gen_require(`
 		type root_t;
-		class file read;
 	')
 
-	dontaudit $1 root_t:file read;
+	dontaudit $1 root_t:file { getattr read };
 ')
 
 ########################################
@@ -2150,7 +2149,7 @@ interface(`files_search_var',`
 		type var_t;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 ')
 
 ########################################
@@ -2215,11 +2214,9 @@ interface(`files_manage_var_dirs',`
 interface(`files_read_var_files',`
 	gen_require(`
 		type var_t;
-		class dir search;
-		class file r_file_perms;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_t:file r_file_perms;
 ')
 
@@ -2253,11 +2250,9 @@ interface(`files_manage_var_files',`
 interface(`files_read_var_symlink',`
 	gen_require(`
 		type var_t;
-		class dir search;
-		class lnk_file { getattr read };
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_t:lnk_file { getattr read };
 ')
 
@@ -2273,8 +2268,6 @@ interface(`files_read_var_symlink',`
 interface(`files_manage_var_symlinks',`
 	gen_require(`
 		type var_t;
-		class dir rw_dir_perms;
-		class lnk_file create_lnk_perms;
 	')
 
 	allow $1 var_t:dir rw_dir_perms;
@@ -2321,10 +2314,9 @@ interface(`files_create_var',`
 interface(`files_getattr_var_lib_dir',`
 	gen_require(`
 		type var_t, var_lib_t;
-		class dir getattr;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_lib_t:dir getattr;
 ')
 
@@ -2339,10 +2331,9 @@ interface(`files_getattr_var_lib_dir',`
 interface(`files_search_var_lib',`
 	gen_require(`
 		type var_t, var_lib_t;
-		class dir search;
 	')
 
-	allow $1 { var_t var_lib_t }:dir search;
+	allow $1 { var_t var_lib_t }:dir search_dir_perms;
 ')
 
 ########################################
@@ -2356,10 +2347,9 @@ interface(`files_search_var_lib',`
 interface(`files_list_var_lib',`
 	gen_require(`
 		type var_t, var_lib_t;
-		class dir r_dir_perms;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_lib_t:dir r_dir_perms;
 ')
 
@@ -2383,7 +2373,7 @@ interface(`files_create_var_lib',`
 		class dir rw_dir_perms;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_lib_t:dir rw_dir_perms;
 
 	ifelse(`$3',`',`
@@ -2406,7 +2396,7 @@ interface(`files_read_var_lib_files',`
 		type var_t, var_lib_t;
 	')
 
-	allow $1 { var_t var_lib_t }:dir search;
+	allow $1 { var_t var_lib_t }:dir search_dir_perms;
 	allow $1 var_lib_t:file r_file_perms;
 ')
 
@@ -2423,7 +2413,7 @@ interface(`files_read_var_lib_symlinks',`
 		type var_t, var_lib_t;
 	')
 
-	allow $1 { var_t var_lib_t }:dir search;
+	allow $1 { var_t var_lib_t }:dir search_dir_perms;
 	allow $1 var_lib_t:lnk_file { getattr read };
 ')
 
@@ -2434,11 +2424,9 @@ interface(`files_read_var_lib_symlinks',`
 interface(`files_manage_urandom_seed',`
 	gen_require(`
 		type var_t, var_lib_t;
-		class dir rw_file_perms;
-		class file { getattr create read write setattr unlink };
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_lib_t:dir rw_dir_perms;
 	allow $1 var_lib_t:file { getattr create read write setattr unlink };
 ')
@@ -2449,12 +2437,10 @@ interface(`files_manage_urandom_seed',`
 #
 interface(`files_search_locks',`
 	gen_require(`
-		type var_t;
-		type var_lock_t;
-		class dir search;
+		type var_t, var_lock_t;
 	')
 
-	allow $1 { var_t var_lock_t }:dir search;
+	allow $1 { var_t var_lock_t }:dir search_dir_perms;
 ')
 
 ########################################
@@ -2488,7 +2474,7 @@ interface(`files_rw_locks_dir',`
 		type var_t, var_lock_t;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_lock_t:dir rw_dir_perms;
 ')
 
@@ -2498,13 +2484,10 @@ interface(`files_rw_locks_dir',`
 #
 interface(`files_getattr_generic_locks',`
 	gen_require(`
-		type var_t;
-		type var_lock_t;
-		class dir r_dir_perms;
-		class file getattr;
+		type var_t, var_lock_t;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_lock_t:dir r_dir_perms;
 	allow $1 var_lock_t:file getattr;
 ')
@@ -2516,8 +2499,6 @@ interface(`files_getattr_generic_locks',`
 interface(`files_manage_generic_locks',`
 	gen_require(`
 		type var_lock_t;
-		class dir { getattr search create read write setattr add_name remove_name rmdir };
-		class file { getattr create read write setattr unlink };
 	')
 
 	allow $1 var_lock_t:dir { getattr search create read write setattr add_name remove_name rmdir };
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 29fe566..c8df5f1 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -610,11 +610,10 @@ interface(`init_unix_connect_script',`
 interface(`init_use_script_pty',`
 	gen_require(`
 		type initrc_devpts_t;
-		class chr_file rw_term_perms;
 	')
 
 	term_list_ptys($1)
-	allow $1 initrc_devpts_t:chr_file rw_term_perms;
+	allow $1 initrc_devpts_t:chr_file { rw_term_perms lock append };
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/libraries.te b/refpolicy/policy/modules/system/libraries.te
index d1a0700..f226777 100644
--- a/refpolicy/policy/modules/system/libraries.te
+++ b/refpolicy/policy/modules/system/libraries.te
@@ -35,8 +35,13 @@ files_type(shlib_t)
 # texrel_shlib_t is the type of shared objects in the system lib
 # directories, which require text relocation.
 #
-type texrel_shlib_t;
-files_type(texrel_shlib_t)
+
+ifdef(`targeted_policy',`
+	typealias lib_t alias texrel_shlib_t;
+',`
+	type texrel_shlib_t;
+	files_type(texrel_shlib_t)
+')
 
 kernel_use_ld_so_from(lib_t,ld_so_t,ld_so_cache_t)
 kernel_use_shared_libs_from(lib_t,{ shlib_t texrel_shlib_t })
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 36fd3bd..77a1e1a 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -150,10 +150,6 @@ userdom_dontaudit_search_sysadm_home_dir(auditd_t)
 # cjp: this is questionable
 userdom_use_sysadm_tty(auditd_t)
 
-ifdef(`targeted_policy',`
-	unconfined_domain_template(auditd_t)
-')
-
 optional_policy(`selinuxutil.te',`
 	seutil_sigchld_newrole(auditd_t)
 ')
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index 9e919ff..b1ba783 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -32,9 +32,10 @@ domain_entry_file(cardmgr_t,cardctl_exec_t)
 # Use capabilities (net_admin for route), setuid for cardctl
 allow cardmgr_t self:capability { dac_read_search dac_override setuid net_admin sys_admin sys_nice sys_tty_config mknod };
 dontaudit cardmgr_t self:capability sys_tty_config;
+allow cardmgr_t self:process signal_perms;
+allow cardmgr_t self:fifo_file rw_file_perms;
 allow cardmgr_t self:unix_dgram_socket create_socket_perms;
 allow cardmgr_t self:unix_stream_socket create_socket_perms;
-allow cardmgr_t self:fifo_file rw_file_perms;
 
 allow cardmgr_t cardmgr_lnk_t:lnk_file create_lnk_perms;
 dev_create_dev_node(cardmgr_t,cardmgr_lnk_t,lnk_file)
@@ -124,6 +125,7 @@ ifdef(`targeted_policy', `
 ')
 
 optional_policy(`selinuxutils.te',`
+	seutil_dontaudit_read_config(cardmgr_t)
 	seutil_sigchld_newrole(cardmgr_t)
 ')
 
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index 3c5b3cc..3498ce3 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -486,8 +486,6 @@ interface(`seutil_dontaudit_search_config',`
 interface(`seutil_dontaudit_read_config',`
 	gen_require(`
 		type selinux_config_t;
-		class dir search;
-		class file { getattr read };
 	')
 
 	dontaudit $1 selinux_config_t:dir search;
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index dfe9c8b..b14131b 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -65,6 +65,7 @@ ifdef(`targeted_policy',`
 
 	# dont need to use the full role_change()
 	allow sysadm_r system_r;
+	allow sysadm_r user_r;
 	allow user_r system_r;
 	allow user_r sysadm_r;
 	allow system_r sysadm_r;
diff --git a/refpolicy/policy/support/obj_perm_sets.spt b/refpolicy/policy/support/obj_perm_sets.spt
index 03fcb24..458c17c 100644
--- a/refpolicy/policy/support/obj_perm_sets.spt
+++ b/refpolicy/policy/support/obj_perm_sets.spt
@@ -194,7 +194,7 @@ define(`create_shm_perms', `{ associate getattr setattr create destroy read writ
 #
 # Directory
 #
-define(`search_dir_perms',`{ search }')
+define(`search_dir_perms',`{ getattr search }')
 define(`getattr_dir_perms',`{ getattr }')
 define(`setattr_dir_perms',`{ setattr }')
 define(`list_dir_perms',`{ getattr search read lock ioctl }')