diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index d2deefe..100ca4a 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -66,6 +66,7 @@ template(`sudo_role_template',`
 	allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
 	allow $1_sudo_t self:unix_dgram_socket sendto;
 	allow $1_sudo_t self:unix_stream_socket connectto;
+	allow $1_sudo_t self:key manage_key_perms;
 
 	allow $1_sudo_t $3:key search;
 
@@ -84,7 +85,7 @@ template(`sudo_role_template',`
 	kernel_link_key($1_sudo_t)
 
 	corecmd_read_bin_symlinks($1_sudo_t)
-	corecmd_getattr_all_executables($1_sudo_t)
+	corecmd_exec_all_executables($1_sudo_t)
 
 	dev_read_urand($1_sudo_t)
 	dev_rw_generic_usb_dev($1_sudo_t)
@@ -132,7 +133,6 @@ template(`sudo_role_template',`
 	userdom_manage_user_tmp_files($1_sudo_t)
 	userdom_manage_user_tmp_symlinks($1_sudo_t)
 	userdom_use_user_terminals($1_sudo_t)
-	userdom_use_user_terminals($1_sudo_t)
 	# for some PAM modules and for cwd
 	userdom_dontaudit_search_user_home_content($1_sudo_t)
 
@@ -147,6 +147,11 @@ template(`sudo_role_template',`
 	optional_policy(`
 		dbus_system_bus_client($1_sudo_t)
 	')
+
+	optional_policy(`
+		fprintd_dbus_chat($1_sudo_t)
+	')
+
 ')
 
 ########################################
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
index e7fa8ad..beb99e3 100644
--- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te
@@ -1,5 +1,5 @@
 
-policy_module(sudo, 1.5.0)
+policy_module(sudo, 1.5.1)
 
 ########################################
 #