diff --git a/amanda.fc b/amanda.fc
index 967c1ef..7f4dfbc 100644
--- a/amanda.fc
+++ b/amanda.fc
@@ -1,26 +1,27 @@
-/etc/amanda(/.*)?			gen_context(system_u:object_r:amanda_config_t,s0)
-/etc/amanda/.*/tapelist(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
-/etc/amandates				gen_context(system_u:object_r:amanda_amandates_t,s0)
-/etc/dumpdates				gen_context(system_u:object_r:amanda_dumpdates_t,s0)
+/etc/amanda(/.*)?	gen_context(system_u:object_r:amanda_config_t,s0)
+/etc/amanda/.*/tapelist(/.*)?	gen_context(system_u:object_r:amanda_data_t,s0)
+/etc/amandates	gen_context(system_u:object_r:amanda_amandates_t,s0)
+/etc/dumpdates	gen_context(system_u:object_r:amanda_dumpdates_t,s0)
 # empty m4 string so the index macro is not invoked
-/etc/amanda/.*/index`'(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
+/etc/amanda/.*/index`'(/.*)?	gen_context(system_u:object_r:amanda_data_t,s0)
 
-/root/restore			-d	gen_context(system_u:object_r:amanda_recover_dir_t,s0)
+/root/restore	-d	gen_context(system_u:object_r:amanda_recover_dir_t,s0)
 
-/usr/lib/amanda			-d	gen_context(system_u:object_r:amanda_usr_lib_t,s0)
-/usr/lib/amanda/.+		--	gen_context(system_u:object_r:amanda_exec_t,s0)
-/usr/lib/amanda/amandad		--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
+/usr/lib/amanda	-d	gen_context(system_u:object_r:amanda_usr_lib_t,s0)
+/usr/lib/amanda/.+	--	gen_context(system_u:object_r:amanda_exec_t,s0)
+/usr/lib/amanda/amandad	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
 /usr/lib/amanda/amidxtaped	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
 /usr/lib/amanda/amindexd	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
 
-/usr/sbin/amrecover		--	gen_context(system_u:object_r:amanda_recover_exec_t,s0)
+/usr/sbin/amandad	--	gen_context(system_u:object_r:amanda_inetd_exec_t,s0)
+/usr/sbin/amrecover	--	gen_context(system_u:object_r:amanda_recover_exec_t,s0)
 
-/var/lib/amanda			-d	gen_context(system_u:object_r:amanda_var_lib_t,s0)
-/var/lib/amanda/[^/]+(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
-/var/lib/amanda/[^/]*/log(/.*)?		gen_context(system_u:object_r:amanda_log_t,s0)
+/var/lib/amanda	-d	gen_context(system_u:object_r:amanda_var_lib_t,s0)
+/var/lib/amanda/[^/]+(/.*)?	gen_context(system_u:object_r:amanda_data_t,s0)
+/var/lib/amanda/[^/]*/log(/.*)?	gen_context(system_u:object_r:amanda_log_t,s0)
 /var/lib/amanda/\.amandahosts	--	gen_context(system_u:object_r:amanda_config_t,s0)
 /var/lib/amanda/gnutar-lists(/.*)?	gen_context(system_u:object_r:amanda_gnutarlists_t,s0)
 # the null string in here because index is a m4 builtin function
 /var/lib/amanda/[^/]+/index`'(/.*)?	gen_context(system_u:object_r:amanda_var_lib_t,s0)
 
-/var/log/amanda(/.*)?			gen_context(system_u:object_r:amanda_log_t,s0)
+/var/log/amanda(/.*)?	gen_context(system_u:object_r:amanda_log_t,s0)
diff --git a/amanda.if b/amanda.if
index 8498e97..ea4cdc7 100644
--- a/amanda.if
+++ b/amanda.if
@@ -40,11 +40,11 @@ interface(`amanda_domtrans_recover',`
 #
 interface(`amanda_run_recover',`
 	gen_require(`
-		type amanda_recover_t;
+		attribute_role amanda_recover_roles;
 	')
 
 	amanda_domtrans_recover($1)
-	role $2 types amanda_recover_t;
+	roleattribute $2 amanda_recover_roles;
 ')
 
 ########################################
@@ -81,7 +81,7 @@ interface(`amanda_dontaudit_read_dumpdates',`
 		type amanda_dumpdates_t;
 	')
 
-	dontaudit $1 amanda_dumpdates_t:file { getattr read };
+	dontaudit $1 amanda_dumpdates_t:file read_file_perms;
 ')
 
 ########################################
@@ -124,7 +124,7 @@ interface(`amanda_manage_lib',`
 
 ########################################
 ## <summary>
-##	Read and append amanda logs.
+##	Read and append amanda log files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
diff --git a/amanda.te b/amanda.te
index d8b5abe..5db8308 100644
--- a/amanda.te
+++ b/amanda.te
@@ -1,14 +1,16 @@
-policy_module(amanda, 1.14.0)
+policy_module(amanda, 1.14.1)
 
 #######################################
 #
 # Declarations
 #
 
+attribute_role amanda_recover_roles;
+roleattribute system_r amanda_recover_roles;
+
 type amanda_t;
 type amanda_inetd_exec_t;
 inetd_service_domain(amanda_t, amanda_inetd_exec_t)
-role system_r types amanda_t;
 
 type amanda_exec_t;
 domain_entry_file(amanda_t, amanda_exec_t)
@@ -43,7 +45,7 @@ files_type(amanda_data_t)
 type amanda_recover_t;
 type amanda_recover_exec_t;
 application_domain(amanda_recover_t, amanda_recover_exec_t)
-role system_r types amanda_recover_t;
+role amanda_recover_roles types amanda_recover_t;
 
 type amanda_recover_dir_t;
 files_type(amanda_recover_dir_t)
@@ -54,16 +56,14 @@ optional_policy(`
 
 ########################################
 #
-# Amanda local policy
+# Local policy
 #
 
 allow amanda_t self:capability { chown dac_override setuid kill };
 allow amanda_t self:process { setpgid signal };
 allow amanda_t self:fifo_file rw_fifo_file_perms;
-allow amanda_t self:unix_stream_socket create_stream_socket_perms;
-allow amanda_t self:unix_dgram_socket create_socket_perms;
-allow amanda_t self:tcp_socket create_stream_socket_perms;
-allow amanda_t self:udp_socket create_socket_perms;
+allow amanda_t self:unix_stream_socket { accept listen };
+allow amanda_t self:tcp_socket { accept listen };
 
 allow amanda_t amanda_amandates_t:file rw_file_perms;
 
@@ -75,9 +75,6 @@ filetrans_pattern(amanda_t, amanda_config_t, amanda_data_t, { file dir })
 
 allow amanda_t amanda_dumpdates_t:file rw_file_perms;
 
-can_exec(amanda_t, amanda_exec_t)
-can_exec(amanda_t, amanda_inetd_exec_t)
-
 allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
 allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
 allow amanda_t amanda_gnutarlists_t:lnk_file manage_lnk_file_perms;
@@ -87,14 +84,16 @@ manage_files_pattern(amanda_t, amanda_var_lib_t, amanda_var_lib_t)
 
 manage_files_pattern(amanda_t, amanda_log_t, amanda_log_t)
 manage_dirs_pattern(amanda_t, amanda_log_t, amanda_log_t)
-logging_log_filetrans(amanda_t, amanda_log_t, { file dir })
+logging_log_filetrans(amanda_t, amanda_log_t, dir)
 
 manage_files_pattern(amanda_t, amanda_tmp_t, amanda_tmp_t)
 manage_dirs_pattern(amanda_t, amanda_tmp_t, amanda_tmp_t)
 files_tmp_filetrans(amanda_t, amanda_tmp_t, { file dir })
 
-kernel_read_system_state(amanda_t)
+can_exec(amanda_t, { amanda_exec_t amanda_inetd_exec_t })
+
 kernel_read_kernel_sysctls(amanda_t)
+kernel_read_system_state(amanda_t)
 kernel_dontaudit_getattr_unlabeled_files(amanda_t)
 kernel_dontaudit_read_proc_symlinks(amanda_t)
 
@@ -113,6 +112,7 @@ corenet_tcp_sendrecv_all_ports(amanda_t)
 corenet_udp_sendrecv_all_ports(amanda_t)
 corenet_tcp_bind_generic_node(amanda_t)
 corenet_udp_bind_generic_node(amanda_t)
+corenet_sendrecv_all_server_packets(amanda_t)
 corenet_tcp_bind_all_rpc_ports(amanda_t)
 corenet_tcp_bind_generic_port(amanda_t)
 corenet_dontaudit_tcp_bind_all_ports(amanda_t)
@@ -120,7 +120,6 @@ corenet_dontaudit_tcp_bind_all_ports(amanda_t)
 dev_getattr_all_blk_files(amanda_t)
 dev_getattr_all_chr_files(amanda_t)
 
-files_read_etc_files(amanda_t)
 files_read_etc_runtime_files(amanda_t)
 files_list_all(amanda_t)
 files_read_all_files(amanda_t)
@@ -144,15 +143,14 @@ logging_send_syslog_msg(amanda_t)
 
 ########################################
 #
-# Amanda recover local policy
+# Recover local policy
 #
 
 allow amanda_recover_t self:capability { fowner fsetid kill setgid setuid chown dac_override };
 allow amanda_recover_t self:process { sigkill sigstop signal };
 allow amanda_recover_t self:fifo_file rw_fifo_file_perms;
-allow amanda_recover_t self:unix_stream_socket { connect create read write };
-allow amanda_recover_t self:tcp_socket create_stream_socket_perms;
-allow amanda_recover_t self:udp_socket create_socket_perms;
+allow amanda_recover_t self:unix_stream_socket create_socket_perms;
+allow amanda_recover_t self:tcp_socket { accept listen };
 
 manage_files_pattern(amanda_recover_t, amanda_log_t, amanda_log_t)
 manage_lnk_files_pattern(amanda_recover_t, amanda_log_t, amanda_log_t)
@@ -171,8 +169,8 @@ manage_fifo_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
 manage_sock_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
 files_tmp_filetrans(amanda_recover_t, amanda_tmp_t, { dir file lnk_file sock_file fifo_file })
 
-kernel_read_system_state(amanda_recover_t)
 kernel_read_kernel_sysctls(amanda_recover_t)
+kernel_read_system_state(amanda_recover_t)
 
 corecmd_exec_shell(amanda_recover_t)
 corecmd_exec_bin(amanda_recover_t)
@@ -187,16 +185,18 @@ corenet_tcp_sendrecv_all_ports(amanda_recover_t)
 corenet_udp_sendrecv_all_ports(amanda_recover_t)
 corenet_tcp_bind_generic_node(amanda_recover_t)
 corenet_udp_bind_generic_node(amanda_recover_t)
+
+corenet_sendrecv_generic_server_packets(amanda_recover_t)
 corenet_tcp_bind_reserved_port(amanda_recover_t)
-corenet_tcp_connect_amanda_port(amanda_recover_t)
+
 corenet_sendrecv_amanda_client_packets(amanda_recover_t)
+corenet_tcp_connect_amanda_port(amanda_recover_t)
 
 domain_use_interactive_fds(amanda_recover_t)
 
-files_read_etc_files(amanda_recover_t)
 files_read_etc_runtime_files(amanda_recover_t)
-files_search_tmp(amanda_recover_t)
 files_search_pids(amanda_recover_t)
+files_search_tmp(amanda_recover_t)
 
 auth_use_nsswitch(amanda_recover_t)