diff --git a/permissivedomains.pp b/permissivedomains.pp
index 532ac37..3f674fe 100644
Binary files a/permissivedomains.pp and b/permissivedomains.pp differ
diff --git a/permissivedomains.te b/permissivedomains.te
index 0952837..a7286b7 100644
--- a/permissivedomains.te
+++ b/permissivedomains.te
@@ -192,3 +192,10 @@ optional_policy(`
     ')
     permissive gear_t;
 ')
+
+optional_policy(`
+    gen_require(`
+                type geoclue_t;
+    ')
+    permissive geoclue_t;
+')
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index f6fedab..a02ab88 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -11360,10 +11360,10 @@ index fdee107..a4c2efb 100644
 +logging_send_syslog_msg(cgred_t)
 diff --git a/chrome.fc b/chrome.fc
 new file mode 100644
-index 0000000..57866f6
+index 0000000..d020d89
 --- /dev/null
 +++ b/chrome.fc
-@@ -0,0 +1,9 @@
+@@ -0,0 +1,10 @@
 +/opt/google/chrome/chrome-sandbox	--	gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
 +
 +/usr/lib/chromium-browser/chrome-sandbox	--	gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
@@ -11372,6 +11372,7 @@ index 0000000..57866f6
 +/usr/lib/chromium-browser/nacl_helper_bootstrap	--	gen_context(system_u:object_r:chrome_sandbox_nacl_exec_t,s0)
 +
 +HOME_DIR/\.cache/google-chrome(/.*)?	gen_context(system_u:object_r:chrome_sandbox_home_t,s0)
++HOME_DIR/\.cache/google-chrome-unstable(/.*)?	gen_context(system_u:object_r:chrome_sandbox_home_t,s0)
 +HOME_DIR/\.cache/chromium(/.*)?		gen_context(system_u:object_r:chrome_sandbox_home_t,s0)
 diff --git a/chrome.if b/chrome.if
 new file mode 100644
@@ -11518,10 +11519,10 @@ index 0000000..23407b8
 +')
 diff --git a/chrome.te b/chrome.te
 new file mode 100644
-index 0000000..fb60ffc
+index 0000000..b4f29e9
 --- /dev/null
 +++ b/chrome.te
-@@ -0,0 +1,248 @@
+@@ -0,0 +1,249 @@
 +policy_module(chrome,1.0.0)
 +
 +########################################
@@ -11656,7 +11657,8 @@ index 0000000..fb60ffc
 +	gnome_read_home_config(chrome_sandbox_t)
 +	gnome_cache_filetrans(chrome_sandbox_t, chrome_sandbox_home_t, dir, "chromium")
 +	gnome_cache_filetrans(chrome_sandbox_t, chrome_sandbox_home_t, dir, "chrome")
-+
++	gnome_cache_filetrans(chrome_sandbox_t, chrome_sandbox_home_t, dir, "google-chrome")
++	gnome_cache_filetrans(chrome_sandbox_t, chrome_sandbox_home_t, dir, "google-chrome-unstable")
 +')
 +
 +optional_policy(`
@@ -28357,6 +28359,240 @@ index 0000000..cb68ca9
 +	openshift_manage_lib_files(gear_t)
 +	openshift_relabelfrom_lib(gear_t)
 +')
+diff --git a/geoclue.fc b/geoclue.fc
+new file mode 100644
+index 0000000..a97f14f
+--- /dev/null
++++ b/geoclue.fc
+@@ -0,0 +1,4 @@
++
++/usr/libexec/geoclue		--	gen_context(system_u:object_r:geoclue_exec_t,s0)
++
++/var/lib/geoclue(/.*)?		gen_context(system_u:object_r:geoclue_var_lib_t,s0)
+diff --git a/geoclue.if b/geoclue.if
+new file mode 100644
+index 0000000..9e17d3e
+--- /dev/null
++++ b/geoclue.if
+@@ -0,0 +1,158 @@
++
++## <summary>Geoclue is a D-Bus service that provides location information</summary>
++
++########################################
++## <summary>
++##	Execute geoclue in the geoclue domin.
++## </summary>
++## <param name="domain">
++## <summary>
++##	Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`geoclue_domtrans',`
++	gen_require(`
++		type geoclue_t, geoclue_exec_t;
++	')
++
++	corecmd_search_bin($1)
++	domtrans_pattern($1, geoclue_exec_t, geoclue_t)
++')
++
++########################################
++## <summary>
++##	Search geoclue lib directories.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`geoclue_search_lib',`
++	gen_require(`
++		type geoclue_var_lib_t;
++	')
++
++	allow $1 geoclue_var_lib_t:dir search_dir_perms;
++	files_search_var_lib($1)
++')
++
++########################################
++## <summary>
++##	Read geoclue lib files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`geoclue_read_lib_files',`
++	gen_require(`
++		type geoclue_var_lib_t;
++	')
++
++	files_search_var_lib($1)
++	read_files_pattern($1, geoclue_var_lib_t, geoclue_var_lib_t)
++')
++
++########################################
++## <summary>
++##	Manage geoclue lib files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`geoclue_manage_lib_files',`
++	gen_require(`
++		type geoclue_var_lib_t;
++	')
++
++	files_search_var_lib($1)
++	manage_files_pattern($1, geoclue_var_lib_t, geoclue_var_lib_t)
++')
++
++########################################
++## <summary>
++##	Manage geoclue lib directories.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`geoclue_manage_lib_dirs',`
++	gen_require(`
++		type geoclue_var_lib_t;
++	')
++
++	files_search_var_lib($1)
++	manage_dirs_pattern($1, geoclue_var_lib_t, geoclue_var_lib_t)
++')
++
++########################################
++## <summary>
++##  Send and receive messages from
++##  geoclue over dbus.
++## </summary>
++## <param name="domain">
++##  <summary>
++##      Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`geoclue_dbus_chat',`
++        gen_require(`
++                type geoclue_t;
++                class dbus send_msg;
++        ')
++
++        allow $1 geoclue_t:dbus send_msg;
++        allow geoclue_t $1:dbus send_msg;
++	    ps_process_pattern(geoclue_t, $1)
++')
++
++########################################
++## <summary>
++##	All of the rules required to administrate
++##	an geoclue environment
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <param name="role">
++##	<summary>
++##	Role allowed access.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`geoclue_admin',`
++	gen_require(`
++		type geoclue_t;
++		type geoclue_var_lib_t;
++	')
++
++	allow $1 geoclue_t:process { signal_perms };
++	ps_process_pattern($1, geoclue_t)
++
++    tunable_policy(`deny_ptrace',`',`
++        allow $1 geoclue_t:process ptrace;
++    ')
++
++	files_search_var_lib($1)
++	admin_pattern($1, geoclue_var_lib_t)
++
++	optional_policy(`
++		systemd_passwd_agent_exec($1)
++		systemd_read_fifo_file_passwd_run($1)
++	')
++')
+diff --git a/geoclue.te b/geoclue.te
+new file mode 100644
+index 0000000..d809c15
+--- /dev/null
++++ b/geoclue.te
+@@ -0,0 +1,54 @@
++policy_module(geoclue, 1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type geoclue_t;
++type geoclue_exec_t;
++application_domain(geoclue_t, geoclue_exec_t)
++role system_r types geoclue_t;
++
++type geoclue_var_lib_t;
++files_type(geoclue_var_lib_t)
++
++type geoclue_tmp_t;
++files_tmp_file(geoclue_tmp_t)
++
++########################################
++#
++# geoclue local policy
++#
++allow geoclue_t self:unix_dgram_socket create_socket_perms;
++
++manage_dirs_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t)
++manage_files_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t)
++manage_lnk_files_pattern(geoclue_t, geoclue_var_lib_t, geoclue_var_lib_t)
++files_var_lib_filetrans(geoclue_t, geoclue_var_lib_t, { dir })
++
++manage_files_pattern(geoclue_t, geoclue_tmp_t, geoclue_tmp_t)
++manage_dirs_pattern(geoclue_t, geoclue_tmp_t, geoclue_tmp_t)
++files_tmp_filetrans(geoclue_t, geoclue_tmp_t, { dir file })
++
++kernel_read_network_state(geoclue_t)
++
++auth_read_passwd(geoclue_t)
++
++corenet_tcp_connect_http_port(geoclue_t)
++
++corecmd_exec_bin(geoclue_t)
++
++dev_read_urand(geoclue_t)
++
++miscfiles_read_generic_certs(geoclue_t)
++
++sysnet_dns_name_resolve(geoclue_t)
++
++optional_policy(`
++	dbus_system_domain(geoclue_t, geoclue_exec_t)
++
++	optional_policy(`
++		networkmanager_dbus_chat(geoclue_t)
++	')
++')
 diff --git a/gift.te b/gift.te
 index 395238e..af76abb 100644
 --- a/gift.te
@@ -52936,10 +53172,10 @@ index 0000000..28936b4
 +')
 diff --git a/nova.te b/nova.te
 new file mode 100644
-index 0000000..e571f9a
+index 0000000..4d6335e
 --- /dev/null
 +++ b/nova.te
-@@ -0,0 +1,324 @@
+@@ -0,0 +1,328 @@
 +policy_module(nova, 1.0.0)
 +
 +########################################
@@ -53011,11 +53247,15 @@ index 0000000..e571f9a
 +corecmd_exec_shell(nova_domain)
 +corenet_tcp_connect_mysqld_port(nova_domain)
 +
++auth_read_passwd(nova_domain)
++
 +dev_read_sysfs(nova_domain)
 +dev_read_urand(nova_domain)
 +
 +fs_getattr_xattr_fs(nova_domain)
 +
++init_read_utmp(nova_domain)
++
 +libs_exec_ldconfig(nova_domain)
 +
 +optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8b33711..f199f12 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 167%{?dist}
+Release: 168%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -579,6 +579,11 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Thu Jun 12 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-168
+- Google chrome has a new directory in homedir
+- Allow nova domains to read passwd/utmp files
+- Added policy for geoclue
+
 * Mon Jun 09 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-167
 - Allow keystone to connect to additional ports to make OpenStack working
 - Allow thumb_t to connect to the xserver port when you are runnin it via an ssh tunnel