diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 7209a09..d5c32a9 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -2361,5 +2361,5 @@ interface(`fs_unconfined',`
 	# Create/access other files.  fs_type is to pick up various
 	# pseudo filesystem types that are applied to both the filesystem
 	# and its files.
-	allow $1 filesystem_type:{ dir lnk_file sock_file fifo_file blk_file } *;
+	allow $1 filesystem_type:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
 ')
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index b870ccf..3f581a7 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -130,11 +130,10 @@ interface(`storage_raw_write_fixed_disk',`
 	gen_require(`
 		attribute fixed_disk_raw_write;
 		type fixed_disk_device_t;
-		class blk_file { getattr write ioctl };
 	')
 
 	dev_list_all_dev_nodes($1)
-	allow $1 fixed_disk_device_t:blk_file { getattr write ioctl };
+	allow $1 fixed_disk_device_t:blk_file { getattr write append ioctl };
 	typeattribute $1 fixed_disk_raw_write;
 ')
 
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index 7ea3893..b9f496d 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -326,11 +326,10 @@ interface(`term_ioctl_generic_pty',`
 interface(`term_use_generic_pty',`
 	gen_require(`
 		type devpts_t;
-		class chr_file { read write };
 	')
 
 	dev_list_all_dev_nodes($1)
-	allow $1 devpts_t:chr_file { read write };
+	allow $1 devpts_t:chr_file { rw_term_perms lock append };
 ')
 
 ########################################
@@ -500,7 +499,7 @@ interface(`term_use_all_user_ptys',`
 
 	dev_list_all_dev_nodes($1)
 	allow $1 devpts_t:dir r_dir_perms;
-	allow $1 ptynode:chr_file { getattr read write ioctl };
+	allow $1 ptynode:chr_file { rw_term_perms lock append };
 ')
 
 ########################################
@@ -797,11 +796,10 @@ interface(`term_write_all_user_ttys',`
 interface(`term_use_all_user_ttys',`
 	gen_require(`
 		attribute ttynode;
-		class chr_file { getattr read write ioctl };
 	')
 
 	dev_list_all_dev_nodes($1)
-	allow $1 ttynode:chr_file { getattr read write ioctl };
+	allow $1 ttynode:chr_file { rw_term_perms lock append };
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/services/apm.te b/refpolicy/policy/modules/services/apm.te
index 761c12e..134a1c0 100644
--- a/refpolicy/policy/modules/services/apm.te
+++ b/refpolicy/policy/modules/services/apm.te
@@ -148,13 +148,6 @@ userdom_dontaudit_use_unpriv_user_fd(apmd_t)
 userdom_dontaudit_search_sysadm_home_dir(apmd_t)
 userdom_dontaudit_search_all_users_home(apmd_t) # Excessive?
 
-ifdef(`targeted_policy',`
-	term_dontaudit_use_unallocated_tty(apmd_t)
-	term_dontaudit_use_generic_pty(apmd_t)
-	files_dontaudit_read_root_file(apmd_t)
-	unconfined_domain_template(apmd_t)
-')
-
 ifdef(`distro_redhat',`
 	allow apmd_t apmd_lock_t:file create_file_perms;
 	files_create_lock(apmd_t,apmd_lock_t)
@@ -162,7 +155,7 @@ ifdef(`distro_redhat',`
 	can_exec(apmd_t, apmd_var_run_t)
 
 	# ifconfig_exec_t needs to be run in its own domain for Red Hat
-	optional_policy(`ifconfig.te',`
+	optional_policy(`sysnetwork.te',`
 		sysnet_domtrans_ifconfig(apmd_t)
 	')
 
@@ -186,6 +179,13 @@ ifdef(`distro_suse',`
 	files_create_var_lib(apmd_t,apmd_var_lib_t)
 ')
 
+ifdef(`targeted_policy',`
+	term_dontaudit_use_unallocated_tty(apmd_t)
+	term_dontaudit_use_generic_pty(apmd_t)
+	files_dontaudit_read_root_file(apmd_t)
+	unconfined_domain_template(apmd_t)
+')
+
 optional_policy(`clock.te',`
 	clock_domtrans(apmd_t)
 	clock_rw_adjtime(apmd_t)
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index 31c7581..d0c236f 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -75,6 +75,7 @@ corenet_tcp_sendrecv_all_nodes(dovecot_t)
 corenet_raw_sendrecv_all_nodes(dovecot_t)
 corenet_tcp_sendrecv_all_ports(dovecot_t)
 corenet_tcp_bind_all_nodes(dovecot_t)
+corenet_tcp_bind_pop_port(dovecot_t)
 corenet_tcp_connect_all_ports(dovecot_t)
 
 dev_read_sysfs(dovecot_t)
diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te
index 33213fe..94e85c2 100644
--- a/refpolicy/policy/modules/services/finger.te
+++ b/refpolicy/policy/modules/services/finger.te
@@ -77,7 +77,7 @@ corecmd_exec_shell(fingerd_t)
 
 domain_use_wide_inherit_fd(fingerd_t)
 
-files_getattr_home_dir(fingerd_t)
+files_search_home(fingerd_t)
 files_read_etc_files(fingerd_t)
 files_read_etc_runtime_files(fingerd_t)
 
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index fb89452..bd0e210 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -44,19 +44,23 @@ allow ftpd_t self:unix_stream_socket create_socket_perms;
 allow ftpd_t self:tcp_socket create_stream_socket_perms;
 allow ftpd_t self:udp_socket create_socket_perms;
 
-allow ftpd_t ftpd_etc_t:file { getattr read };
+allow ftpd_t ftpd_etc_t:file r_file_perms;
 
 allow ftpd_t ftpd_tmp_t:dir create_dir_perms;
 allow ftpd_t ftpd_tmp_t:file create_file_perms;
 files_create_tmp_files(ftpd_t, ftpd_tmp_t, { file dir })
 
-allow ftpd_t ftpd_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-allow ftpd_t ftpd_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
-allow ftpd_t ftpd_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
-allow ftpd_t ftpd_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
-allow ftpd_t ftpd_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
+allow ftpd_t ftpd_tmpfs_t:fifo_file create_file_perms;
+allow ftpd_t ftpd_tmpfs_t:dir create_dir_perms;
+allow ftpd_t ftpd_tmpfs_t:file create_file_perms;
+allow ftpd_t ftpd_tmpfs_t:lnk_file create_lnk_perms;
+allow ftpd_t ftpd_tmpfs_t:sock_file create_file_perms;
 fs_create_tmpfs_data(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
 
+allow ftpd_t ftpd_var_run_t:file create_file_perms;
+allow ftpd_t ftpd_var_run_t:dir rw_dir_perms;
+files_create_pid(ftpd_t,ftpd_var_run_t)
+
 # Create and modify /var/log/xferlog.
 allow ftpd_t xferlog_t:file create_file_perms;
 logging_create_log(ftpd_t,xferlog_t)
@@ -86,6 +90,7 @@ corenet_tcp_connect_all_ports(ftpd_t)
 
 term_dontaudit_use_console(ftpd_t)
 
+auth_domtrans_chk_passwd(ftpd_t)
 # Append to /var/log/wtmp.
 auth_append_login_records(ftpd_t)
 #kerberized ftp requires the following
@@ -190,6 +195,10 @@ optional_policy(`mount.te',`
 	mount_send_nfs_client_request(ftpd_t)
 ')
 
+optional_policy(`nscd.te',`
+	nscd_use_socket(ftpd_t)
+')
+
 optional_policy(`selinuxutil.te',`
 	seutil_sigchld_newrole(ftpd_t)
 ')
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index edbd64b..6d12e3f 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -23,6 +23,7 @@ files_pid_file(hald_var_run_t)
 
 allow hald_t self:capability { net_admin sys_admin dac_override dac_read_search mknod sys_rawio };
 dontaudit hald_t self:capability sys_tty_config;
+allow hald_t self:process signal_perms;
 allow hald_t self:fifo_file rw_file_perms;
 allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow hald_t self:unix_dgram_socket create_socket_perms;
@@ -45,8 +46,10 @@ kernel_read_kernel_sysctl(hald_t)
 kernel_write_proc_file(hald_t)
 
 corenet_tcp_sendrecv_all_if(hald_t)
+corenet_udp_sendrecv_all_if(hald_t)
 corenet_raw_sendrecv_all_if(hald_t)
 corenet_tcp_sendrecv_all_nodes(hald_t)
+corenet_udp_sendrecv_all_nodes(hald_t)
 corenet_raw_sendrecv_all_nodes(hald_t)
 corenet_tcp_sendrecv_all_ports(hald_t)
 corenet_tcp_bind_all_nodes(hald_t)
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 7b439f4..6ec899b 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -144,9 +144,7 @@ optional_policy(`unconfined.te', `
 	unconfined_domtrans(inetd_t)
 ')
 
-# This should be tunable_policy, but leaving
-# ifdef until typeattribute works in conditionals
-ifdef(`unlimitedInetd', `
+ifdef(`targeted_policy',`
 	unconfined_domain_template(inetd_t) 
 ')
 
@@ -184,8 +182,10 @@ kernel_read_system_state(inetd_child_t)
 kernel_read_network_state(inetd_child_t)
 
 corenet_tcp_sendrecv_all_if(inetd_child_t)
+corenet_udp_sendrecv_all_if(inetd_child_t)
 corenet_raw_sendrecv_all_if(inetd_child_t)
 corenet_tcp_sendrecv_all_nodes(inetd_child_t)
+corenet_udp_sendrecv_all_nodes(inetd_child_t)
 corenet_raw_sendrecv_all_nodes(inetd_child_t)
 corenet_tcp_bind_all_nodes(inetd_child_t)
 corenet_tcp_sendrecv_all_ports(inetd_child_t)
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index a3f1d8c..364faf3 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -248,7 +248,7 @@ interface(`mailman_read_archive',`
 		type mailman_archive_t;
 	')
 
-	allow $1 mailman_archive_t:dir { getattr read search };
-	allow $1 mailman_archive_t:file { read getattr };
+	allow $1 mailman_archive_t:dir list_dir_perms;
+	allow $1 mailman_archive_t:file r_file_perms;
 	allow $1 mailman_archive_t:lnk_file { getattr read };
 ')
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index a18741a..45b79d6 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -121,6 +121,7 @@ libs_exec_lib_files(squid_t)
 
 logging_send_syslog_msg(squid_t)
 
+miscfiles_read_certs(squid_t)
 miscfiles_read_localization(squid_t)
 
 userdom_use_unpriv_users_fd(squid_t)
@@ -172,7 +173,7 @@ optional_policy(`rhgb.te',`
 ifdef(`apache.te',`
 can_tcp_connect(squid_t, httpd_t)
 ')
-r_dir_file(squid_t, cert_t)
+
 ifdef(`winbind.te', `
 domain_auto_trans(squid_t, winbind_helper_exec_t, winbind_helper_t)
 allow winbind_helper_t squid_t:tcp_socket rw_socket_perms;
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 504e104..5098412 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -1322,10 +1322,9 @@ interface(`files_create_etc_config',`
 interface(`files_dontaudit_search_isid_type_dir',`
 	gen_require(`
 		type file_t;
-		class dir search;
 	')
 
-	dontaudit $1 file_t:dir search;
+	dontaudit $1 file_t:dir search_dir_perms;
 ')
 
 ########################################
@@ -1566,10 +1565,9 @@ interface(`files_dontaudit_getattr_home_dir',`
 interface(`files_search_home',`
 	gen_require(`
 		type home_root_t;
-		class dir search;
 	')
 
-	allow $1 home_root_t:dir search;
+	allow $1 home_root_t:dir search_dir_perms;
 ')
 
 ########################################
@@ -1584,10 +1582,9 @@ interface(`files_search_home',`
 interface(`files_dontaudit_search_home',`
 	gen_require(`
 		type home_root_t;
-		class dir search;
 	')
 
-	dontaudit $1 home_root_t:dir search;
+	dontaudit $1 home_root_t:dir search_dir_perms;
 ')
 
 ########################################
@@ -2565,10 +2562,9 @@ interface(`files_dontaudit_getattr_pid_dir',`
 interface(`files_search_pids',`
 	gen_require(`
 		type var_t, var_run_t;
-		class dir search;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_run_t:dir search;
 ')
 
@@ -2599,7 +2595,7 @@ interface(`files_list_pids',`
 		class dir r_dir_perms;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_run_t:dir r_dir_perms;
 ')
 
@@ -2613,7 +2609,7 @@ interface(`files_create_pid',`
 		class dir rw_dir_perms;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 var_run_t:dir rw_dir_perms;
 
 	ifelse(`$3',`',`
@@ -2650,7 +2646,6 @@ interface(`files_rw_generic_pids',`
 interface(`files_dontaudit_write_all_pids',`
 	gen_require(`
 		attribute pidfile;
-		class file write;
 	')
 
 	dontaudit $1 pidfile:file write;
@@ -2667,7 +2662,6 @@ interface(`files_dontaudit_write_all_pids',`
 interface(`files_dontaudit_ioctl_all_pids',`
 	gen_require(`
 		attribute pidfile;
-		class file ioctl;
 	')
 
 	dontaudit $1 pidfile:file ioctl;
@@ -2681,11 +2675,9 @@ interface(`files_read_all_pids',`
 	gen_require(`
 		attribute pidfile;
 		type var_t;
-		class dir r_dir_perms;
-		class file r_file_perms;
 	')
 
-	allow $1 var_t:dir search;
+	allow $1 var_t:dir search_dir_perms;
 	allow $1 pidfile:dir r_dir_perms;
 	allow $1 pidfile:file r_file_perms;
 ')
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index 00586cd..8e5f692 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -38,7 +38,7 @@ files_pid_file(getty_var_run_t)
 
 # Use capabilities.
 allow getty_t self:capability { dac_override chown sys_resource sys_tty_config fowner fsetid };
-allow getty_t self:process { getpgid getsession };
+allow getty_t self:process { getpgid getsession signal_perms };
 
 allow getty_t getty_etc_t:dir r_dir_perms;
 allow getty_t getty_etc_t:file r_file_perms;
@@ -47,14 +47,15 @@ files_create_etc_config(getty_t,getty_etc_t,{ file dir })
 allow getty_t getty_lock_t:file create_file_perms;
 files_create_lock(getty_t,getty_lock_t)
 
-allow getty_t getty_log_t:file { getattr append setattr };
+allow getty_t getty_log_t:file create_file_perms;
+logging_create_log(getty_t,getty_log_t)
 
-allow getty_t getty_tmp_t:file { getattr create read setattr write setattr unlink };
-allow getty_t getty_tmp_t:dir { getattr search create read setattr write setattr unlink rmdir };
+allow getty_t getty_tmp_t:file create_file_perms;
+allow getty_t getty_tmp_t:dir create_dir_perms;
 files_create_tmp_files(getty_t,getty_tmp_t,{ file dir })
 
 allow getty_t getty_var_run_t:file create_file_perms;
-allow getty_t getty_var_run_t:dir create_dir_perms;
+allow getty_t getty_var_run_t:dir rw_dir_perms;
 files_create_pid(getty_t,getty_var_run_t)
 
 dev_read_sysfs(getty_t)
@@ -90,11 +91,6 @@ logging_send_syslog_msg(getty_t)
 
 miscfiles_read_localization(getty_t)
 
-ifdef(`TODO',`
-#
-# getty needs to be able to run pppd
-#
-ifdef(`pppd.te', `
-domain_auto_trans(getty_t, pppd_exec_t, pppd_t)
+optional_policy(`ppp.te',`
+	ppp_domtrans(getty_t)
 ')
-') dnl end TODO
diff --git a/refpolicy/policy/modules/system/hostname.te b/refpolicy/policy/modules/system/hostname.te
index e298a69..4ea3d19 100644
--- a/refpolicy/policy/modules/system/hostname.te
+++ b/refpolicy/policy/modules/system/hostname.te
@@ -19,6 +19,7 @@ role system_r types hostname_t;
 # for setting the hostname
 allow hostname_t self:process { sigchld sigkill sigstop signull signal };
 allow hostname_t self:capability sys_admin;
+allow hostname_t self:unix_stream_socket create_stream_socket_perms;
 dontaudit hostname_t self:capability sys_tty_config;
 
 kernel_dontaudit_use_fd(hostname_t)
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 6e268c6..9309e8a 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -14,6 +14,7 @@ init_daemon_domain(hotplug_t,hotplug_exec_t)
 type hotplug_etc_t; #, usercanread;
 files_type(hotplug_etc_t)
 kernel_search_from(hotplug_etc_t)
+domain_entry_file(hotplug_t,hotplug_etc_t)
 
 type hotplug_var_run_t;
 files_pid_file(hotplug_var_run_t)
@@ -27,7 +28,7 @@ allow hotplug_t self:capability { net_admin sys_tty_config mknod sys_rawio };
 dontaudit hotplug_t self:capability { sys_module sys_admin sys_tty_config };
 # for access("/etc/bashrc", X_OK) on Red Hat
 dontaudit hotplug_t self:capability { dac_override dac_read_search };
-allow hotplug_t self:process { getsession getattr };
+allow hotplug_t self:process { getsession getattr signal_perms };
 allow hotplug_t self:fifo_file rw_file_perms;
 allow hotplug_t self:netlink_route_socket r_netlink_socket_perms;
 allow hotplug_t self:udp_socket create_socket_perms;
@@ -36,11 +37,11 @@ allow hotplug_t self:tcp_socket connected_stream_socket_perms;
 allow hotplug_t hotplug_etc_t:file r_file_perms;
 allow hotplug_t hotplug_etc_t:dir r_dir_perms;
 allow hotplug_t hotplug_etc_t:lnk_file r_file_perms;
+can_exec(hotplug_t,hotplug_etc_t)
 
-allow hotplug_t hotplug_exec_t:file { getattr read ioctl execute execute_no_trans };
-allow hotplug_t hotplug_etc_t:file { getattr read execute execute_no_trans };
+can_exec(hotplug_t,hotplug_exec_t)
 
-allow hotplug_t hotplug_var_run_t:file { getattr create read write append setattr unlink };
+allow hotplug_t hotplug_var_run_t:file manage_file_perms;
 files_create_pid(hotplug_t,hotplug_var_run_t)
 
 kernel_sigchld(hotplug_t)
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index c8df5f1..9c27dae 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -618,33 +618,37 @@ interface(`init_use_script_pty',`
 
 ########################################
 ## <summary>
-##	Read init scripts.
+##	Do not audit attempts to read and
+##	write the init script pty.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain to not audit.
 ## </param>
 #
-interface(`init_read_script_file',`
+interface(`init_dontaudit_use_script_pty',`
 	gen_require(`
-		type initrc_exec_t;
-		class file r_file_perms;
+		type initrc_devpts_t;
 	')
 
-	files_search_etc($1)
-	allow $1 initrc_exec_t:file r_file_perms;
+	dontaudit $1 initrc_devpts_t:chr_file { rw_term_perms lock append };
 ')
 
 ########################################
+## <summary>
+##	Read init scripts.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
 #
-# init_dontaudit_use_script_pty(domain)
-#
-interface(`init_dontaudit_use_script_pty',`
+interface(`init_read_script_file',`
 	gen_require(`
-		type initrc_devpts_t;
-		class chr_file { read write ioctl };
+		type initrc_exec_t;
+		class file r_file_perms;
 	')
 
-	dontaudit $1 initrc_devpts_t:chr_file { read write ioctl };
+	files_search_etc($1)
+	allow $1 initrc_exec_t:file r_file_perms;
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index b1ba783..f724db3 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -49,8 +49,6 @@ files_create_pid(cardmgr_t,cardmgr_var_run_t)
 
 kernel_read_system_state(cardmgr_t)
 kernel_read_kernel_sysctl(cardmgr_t)
-kernel_list_proc(cardmgr_t)
-kernel_read_proc_symlinks(cardmgr_t)
 kernel_dontaudit_getattr_message_if(cardmgr_t)
 
 bootloader_search_kernel_modules(cardmgr_t)
@@ -118,13 +116,13 @@ sysnet_manage_config(cardmgr_t)
 userdom_dontaudit_use_unpriv_user_fd(cardmgr_t)
 userdom_dontaudit_search_sysadm_home_dir(cardmgr_t)
 
-ifdef(`targeted_policy', `
+ifdef(`targeted_policy',`
 	term_dontaudit_use_unallocated_tty(cardmgr_t)
 	term_dontaudit_use_generic_pty(cardmgr_t)
 	files_dontaudit_read_root_file(cardmgr_t)
 ')
 
-optional_policy(`selinuxutils.te',`
+optional_policy(`selinuxutil.te',`
 	seutil_dontaudit_read_config(cardmgr_t)
 	seutil_sigchld_newrole(cardmgr_t)
 ')
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 656a0aa..cf55822 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -141,7 +141,7 @@ interface(`sysnet_rw_dhcp_config',`
 	')
 
 	files_search_etc($1)
-	allow $1 dhcp_etc_t:file { getattr read };
+	allow $1 dhcp_etc_t:file rw_file_perms;
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 5a6217d..b998b18 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -244,7 +244,7 @@ rhgb_domain(dhcpc_t)
 #
 
 allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
-allow ifconfig_t self:capability { net_admin sys_tty_config };
+allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
 dontaudit ifconfig_t self:capability sys_module;
 
 allow ifconfig_t self:fd use;
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 0183c29..1b2cbc1 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1781,7 +1781,7 @@ interface(`userdom_dontaudit_search_sysadm_home_dir',`
 		type sysadm_home_dir_t;
 	')
 
-	dontaudit $1 sysadm_home_dir_t:dir search;
+	dontaudit $1 sysadm_home_dir_t:dir { getattr search };
 ')
 
 ########################################
@@ -1849,7 +1849,7 @@ interface(`userdom_dontaudit_search_all_users_home',`
 		attribute home_dir_type, home_type;
 	')
 
-	dontaudit $1 { home_dir_type home_type }:dir search;
+	dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
 ')
 
 ########################################