diff --git a/vdagent.fc b/vdagent.fc
index 394e9b3..45b6dde 100644
--- a/vdagent.fc
+++ b/vdagent.fc
@@ -1,7 +1,9 @@
+/etc/rc\.d/init\.d/spice-vdagentd	--	gen_context(system_u:object_r:vdagentd_initrc_exec_t,s0)
+
 /usr/sbin/spice-vdagentd	--	gen_context(system_u:object_r:vdagent_exec_t,s0)
 
 /var/log/spice-vdagentd(/.*)?	gen_context(system_u:object_r:vdagent_log_t,s0)
-/var/log/spice-vdagentd\.log	--	gen_context(system_u:object_r:vdagent_log_t,s0)
+/var/log/spice-vdagentd\.log.*	--	gen_context(system_u:object_r:vdagent_log_t,s0)
 
 /var/run/spice-vdagentd(/.*)?	gen_context(system_u:object_r:vdagent_var_run_t,s0)
 /var/run/spice-vdagentd\.pid	--	gen_context(system_u:object_r:vdagent_var_run_t,s0)
diff --git a/vdagent.if b/vdagent.if
index e59a074..31c752e 100644
--- a/vdagent.if
+++ b/vdagent.if
@@ -1,4 +1,4 @@
-## <summary>policy for vdagent</summary>
+## <summary>Spice agent for Linux.</summary>
 
 ########################################
 ## <summary>
@@ -15,12 +15,13 @@ interface(`vdagent_domtrans',`
 		type vdagent_t, vdagent_exec_t;
 	')
 
+	corecmd_search_bin($1)
 	domtrans_pattern($1, vdagent_exec_t, vdagent_t)
 ')
 
 #####################################
 ## <summary>
-##	Getattr on vdagent executable.
+##	Get attributes of vdagent executable files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -33,12 +34,12 @@ interface(`vdagent_getattr_exec_files',`
 		type vdagent_exec_t;
 	')
 
-	allow $1 vdagent_exec_t:file getattr;
+	allow $1 vdagent_exec_t:file getattr_file_perms;
 ')
 
 #######################################
 ## <summary>
-##	Get the attributes of vdagent logs.
+##	Get attributes of vdagent log files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -57,7 +58,7 @@ interface(`vdagent_getattr_log',`
 
 ########################################
 ## <summary>
-##	Read vdagent PID files.
+##	Read vdagent pid files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -76,8 +77,8 @@ interface(`vdagent_read_pid_files',`
 
 #####################################
 ## <summary>
-##	Connect to vdagent over a unix domain
-##	stream socket.
+##	Connect to vdagent with a unix
+##	domain stream socket.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -96,8 +97,8 @@ interface(`vdagent_stream_connect',`
 
 ########################################
 ## <summary>
-##	All of the rules required to administrate
-##	an vdagent environment
+##	All of the rules required to
+##	administrate an vdagent environment.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -113,12 +114,21 @@ interface(`vdagent_stream_connect',`
 #
 interface(`vdagent_admin',`
 	gen_require(`
-		type vdagent_t, vdagent_var_run_t;
+		type vdagent_t, vdagent_var_run_t, vdagentd_initrc_exec_t;
+		type vdagent_log_t;
 	')
 
 	allow $1 vdagent_t:process signal_perms;
 	ps_process_pattern($1, vdagent_t)
 
+	init_labeled_script_domtrans($1, vdagentd_initrc_exec_t)
+	domain_system_change_exemption($1)
+	role_transition $2 vdagentd_initrc_exec_t system_r;
+	allow $2 system_r;
+
+	logging_search_logs($1)
+	admin_pattern($1, vdagent_log_t)
+
 	files_search_pids($1)
 	admin_pattern($1, vdagent_var_run_t)
 ')
diff --git a/vdagent.te b/vdagent.te
index 57578ae..77be35a 100644
--- a/vdagent.te
+++ b/vdagent.te
@@ -1,4 +1,4 @@
-policy_module(vdagent, 1.0.1)
+policy_module(vdagent, 1.0.2)
 
 ########################################
 #
@@ -9,6 +9,9 @@ type vdagent_t;
 type vdagent_exec_t;
 init_daemon_domain(vdagent_t, vdagent_exec_t)
 
+type vdagentd_initrc_exec_t;
+init_script_file(vdagentd_initrc_exec_t)
+
 type vdagent_var_run_t;
 files_pid_file(vdagent_var_run_t)
 
@@ -17,13 +20,13 @@ logging_log_file(vdagent_log_t)
 
 ########################################
 #
-# vdagent local policy
+# Local policy
 #
 
 dontaudit vdagent_t self:capability sys_admin;
-
+allow vdagent_t self:process signal;
 allow vdagent_t self:fifo_file rw_fifo_file_perms;
-allow vdagent_t self:unix_stream_socket create_stream_socket_perms;
+allow vdagent_t self:unix_stream_socket { accept listen };
 
 manage_dirs_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
 manage_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
@@ -31,7 +34,9 @@ manage_sock_files_pattern(vdagent_t, vdagent_var_run_t, vdagent_var_run_t)
 files_pid_filetrans(vdagent_t, vdagent_var_run_t, { dir file sock_file })
 
 manage_dirs_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
-manage_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
+append_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
+create_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
+setattr_files_pattern(vdagent_t, vdagent_log_t, vdagent_log_t)
 logging_log_filetrans(vdagent_t, vdagent_log_t, file)
 
 dev_rw_input_dev(vdagent_t)
@@ -40,12 +45,18 @@ dev_dontaudit_write_mtrr(vdagent_t)
 
 files_read_etc_files(vdagent_t)
 
+init_read_state(vdagent_t)
+
+logging_send_syslog_msg(vdagent_t)
+
 miscfiles_read_localization(vdagent_t)
 
-optional_policy(`
-	consolekit_dbus_chat(vdagent_t)
-')
+userdom_read_all_users_state(vdagent_t)
 
 optional_policy(`
 	dbus_system_bus_client(vdagent_t)
+
+	optional_policy(`
+		consolekit_dbus_chat(vdagent_t)
+	')
 ')