diff --git a/policy/modules/services/bluetooth.if b/policy/modules/services/bluetooth.if
index 328302d..303ba6c 100644
--- a/policy/modules/services/bluetooth.if
+++ b/policy/modules/services/bluetooth.if
@@ -27,7 +27,7 @@ interface(`bluetooth_role',`
 
 	# allow ps to show cdrecord and allow the user to kill it
 	ps_process_pattern($2, bluetooth_helper_t)
-	allow $2 bluetooth_helper_t:process signal;
+	allow $2 bluetooth_helper_t:process { ptrace signal_perms };
 
 	manage_dirs_pattern($2, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
 	manage_files_pattern($2, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
index 72a174a..f17a4c2 100644
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@@ -138,7 +138,7 @@ interface(`cron_role',`
 
 	# crontab shows up in user ps
 	ps_process_pattern($2, crontab_t)
-	allow $2 crontab_t:process signal;
+	allow $2 crontab_t:process { ptrace signal_perms };
 
 	# Run helper programs as the user domain
 	#corecmd_bin_domtrans(crontab_t, $2)
@@ -180,6 +180,7 @@ interface(`cron_unconfined_role',`
 
 	# cronjob shows up in user ps
 	ps_process_pattern($2, unconfined_cronjob_t)
+	allow $2 unconfined_cronjob_t:process { ptrace signal_perms };
 
 	optional_policy(`
 		gen_require(`
@@ -225,7 +226,7 @@ interface(`cron_admin_role',`
 
 	# crontab shows up in user ps
 	ps_process_pattern($2, admin_crontab_t)
-	allow $2 admin_crontab_t:process signal;
+	allow $2 admin_crontab_t:process { ptrace signal_perms };
 
 	# Run helper programs as the user domain
 	#corecmd_bin_domtrans(admin_crontab_t, $2)
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index 7852441..dc7ff5a 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -90,14 +90,15 @@ template(`dbus_role_template',`
 	files_tmp_filetrans($1_dbusd_t, session_dbusd_tmp_t, { file dir })
 
 	domtrans_pattern($3, dbusd_exec_t, $1_dbusd_t)
-	allow $3 $1_dbusd_t:process { signull sigkill signal };
+
+	ps_process_pattern($3, $1_dbusd_t)
+	allow $3 $1_dbusd_t:process { ptrace signal_perms };
 
 	# cjp: this seems very broken
 	corecmd_bin_domtrans($1_dbusd_t, $1_t)
 	allow $1_dbusd_t $3:process sigkill;
 	allow $3 $1_dbusd_t:fd use;
 	allow $3 $1_dbusd_t:fifo_file rw_fifo_file_perms;
-	allow $3 $1_dbusd_t:process sigchld;
 
 	kernel_read_system_state($1_dbusd_t)
 	kernel_read_kernel_sysctls($1_dbusd_t)