diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te
index 89b9f2a..922e2fa 100644
--- a/policy/modules/admin/certwatch.te
+++ b/policy/modules/admin/certwatch.te
@@ -31,7 +31,7 @@ auth_var_filetrans_cache(certwatch_t)
 
 logging_send_syslog_msg(certwatch_t)
 
-miscfiles_read_certs(certwatch_t)
+miscfiles_read_generic_certs(certwatch_t)
 miscfiles_read_localization(certwatch_t)
 
 userdom_use_user_terminals(certwatch_t)
diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
index 5d3d45c..e690b5f 100644
--- a/policy/modules/apps/evolution.te
+++ b/policy/modules/apps/evolution.te
@@ -541,7 +541,7 @@ fs_search_auto_mountpoints(evolution_server_t)
 
 miscfiles_read_localization(evolution_server_t)
 # Look in /etc/pki
-miscfiles_read_certs(evolution_server_t)
+miscfiles_read_generic_certs(evolution_server_t)
 
 # Talk to ldap (address book)
 sysnet_read_config(evolution_server_t)
diff --git a/policy/modules/services/certmaster.te b/policy/modules/services/certmaster.te
index 1573914..500bf39 100644
--- a/policy/modules/services/certmaster.te
+++ b/policy/modules/services/certmaster.te
@@ -67,5 +67,5 @@ auth_use_nsswitch(certmaster_t)
 
 miscfiles_read_localization(certmaster_t)
 
-miscfiles_manage_cert_dirs(certmaster_t)
-miscfiles_manage_cert_files(certmaster_t)
+miscfiles_manage_generic_cert_dirs(certmaster_t)
+miscfiles_manage_generic_cert_files(certmaster_t)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index abab4cf..9ead29b 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -394,7 +394,7 @@ logging_read_audit_config(initrc_t)
 
 miscfiles_read_localization(initrc_t)
 # slapd needs to read cert files from its initscript
-miscfiles_read_certs(initrc_t)
+miscfiles_read_generic_certs(initrc_t)
 
 modutils_read_module_config(initrc_t)
 modutils_domtrans_insmod(initrc_t)
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index 0b6b31d..fe4e741 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -53,6 +53,7 @@ interface(`miscfiles_cert_type',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <rolecap/>
 #
 interface(`miscfiles_read_all_certs',`
 	gen_require(`
@@ -73,6 +74,7 @@ interface(`miscfiles_read_all_certs',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <rolecap/>
 #
 interface(`miscfiles_read_generic_certs',`
 	gen_require(`
@@ -111,6 +113,7 @@ interface(`miscfiles_manage_generic_cert_dirs',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <rolecap/>
 #
 interface(`miscfiles_manage_generic_cert_files',`
 	gen_require(`