diff --git a/abrt.if b/abrt.if
index e380368..058d908 100644
--- a/abrt.if
+++ b/abrt.if
@@ -173,12 +173,30 @@ interface(`abrt_run_helper',`
 ## </param>
 #
 interface(`abrt_cache_manage',`
+	refpolicywarn(`$0($*) has been deprecated, use abrt_manage_cache() instead.')
+	abrt_manage_cache($1)
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	abrt cache content.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`abrt_manage_cache',`
 	gen_require(`
 		type abrt_var_cache_t;
 	')
 
 	files_search_var($1)
 	manage_files_pattern($1, abrt_var_cache_t, abrt_var_cache_t)
+	manage_lnk_files_pattern($1, abrt_var_cache_t, abrt_var_cache_t)
+	manage_dirs_pattern($1, abrt_var_cache_t, abrt_var_cache_t)
 ')
 
 ####################################
diff --git a/abrt.te b/abrt.te
index 8490e9b..a6f1aec 100644
--- a/abrt.te
+++ b/abrt.te
@@ -1,4 +1,4 @@
-policy_module(abrt, 1.3.1)
+policy_module(abrt, 1.3.2)
 
 ########################################
 #
diff --git a/logrotate.te b/logrotate.te
index c88af3c..ffb4127 100644
--- a/logrotate.te
+++ b/logrotate.te
@@ -1,4 +1,4 @@
-policy_module(logrotate, 1.14.3)
+policy_module(logrotate, 1.14.4)
 
 ########################################
 #
@@ -124,7 +124,7 @@ ifdef(`distro_debian',`
 ')
 
 optional_policy(`
-	abrt_cache_manage(logrotate_t)
+	abrt_manage_cache(logrotate_t)
 ')
 
 optional_policy(`
diff --git a/sosreport.fc b/sosreport.fc
index a40478e..704e2da 100644
--- a/sosreport.fc
+++ b/sosreport.fc
@@ -1 +1,3 @@
 /usr/sbin/sosreport	--	gen_context(system_u:object_r:sosreport_exec_t,s0)
+
+/\.ismount-test-file	--	gen_context(system_u:object_r:sosreport_tmp_t,s0)
diff --git a/sosreport.if b/sosreport.if
index 94c01b5..634c6b4 100644
--- a/sosreport.if
+++ b/sosreport.if
@@ -1,4 +1,4 @@
-## <summary>sosreport - Generate debugging information for system</summary>
+## <summary>Generate debugging information for system.</summary>
 
 ########################################
 ## <summary>
@@ -15,13 +15,15 @@ interface(`sosreport_domtrans',`
 		type sosreport_t, sosreport_exec_t;
 	')
 
+	corecmd_search_bin($1)
 	domtrans_pattern($1, sosreport_exec_t, sosreport_t)
 ')
 
 ########################################
 ## <summary>
-##	Execute sosreport in the sosreport domain, and
-##	allow the specified role the sosreport domain.
+##	Execute sosreport in the sosreport
+##	domain, and allow the specified
+##	role the sosreport domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -36,25 +38,25 @@ interface(`sosreport_domtrans',`
 #
 interface(`sosreport_run',`
 	gen_require(`
-		type sosreport_t;
+		attribute_role sosreport_roles;
 	')
 
 	sosreport_domtrans($1)
-	role $2 types sosreport_t;
+	roleattribute $2 sospreport_roles;
 ')
 
 ########################################
 ## <summary>
-##	Role access for sosreport
+##	Role access for sosreport.
 ## </summary>
 ## <param name="role">
 ##	<summary>
-##	Role allowed access
+##	Role allowed access.
 ##	</summary>
 ## </param>
 ## <param name="domain">
 ##	<summary>
-##	User domain for the role
+##	User domain for the role.
 ##	</summary>
 ## </param>
 #
@@ -63,18 +65,15 @@ interface(`sosreport_role',`
 		type sosreport_t;
 	')
 
-	role $1 types sosreport_t;
-
-	sosreport_domtrans($2)
+	sosreport_run($2, $1)
 
+	allow $2 sosreport_t:process { ptrace signal_perms };
 	ps_process_pattern($2, sosreport_t)
-	allow $2 sosreport_t:process signal;
 ')
 
 ########################################
 ## <summary>
-##	Allow the specified domain to read
-##	sosreport tmp files.
+##	Read sosreport temporary files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -93,7 +92,7 @@ interface(`sosreport_read_tmp_files',`
 
 ########################################
 ## <summary>
-##	Append sosreport tmp files.
+##	Append sosreport temporary files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -106,12 +105,13 @@ interface(`sosreport_append_tmp_files',`
 		type sosreport_tmp_t;
 	')
 
+	files_search_tmp($1)
 	append_files_pattern($1, sosreport_tmp_t, sosreport_tmp_t)
 ')
 
 ########################################
 ## <summary>
-##	Delete sosreport tmp files.
+##	Delete sosreport temporary files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
diff --git a/sosreport.te b/sosreport.te
index c6079a5..e832424 100644
--- a/sosreport.te
+++ b/sosreport.te
@@ -1,14 +1,17 @@
-policy_module(sosreport, 1.2.0)
+policy_module(sosreport, 1.2.1)
 
 ########################################
 #
 # Declarations
 #
 
+attribute_role sosreport_roles;
+roleattribute system_r sosreport_roles;
+
 type sosreport_t;
 type sosreport_exec_t;
 application_domain(sosreport_t, sosreport_exec_t)
-role system_r types sosreport_t;
+role sosreport_roles types sosreport_t;
 
 type sosreport_tmp_t;
 files_tmp_file(sosreport_tmp_t)
@@ -18,21 +21,19 @@ files_tmpfs_file(sosreport_tmpfs_t)
 
 ########################################
 #
-# sosreport local policy
+# Local policy
 #
 
-allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice sys_ptrace dac_override };
+allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice dac_override };
 allow sosreport_t self:process { setsched signull };
 allow sosreport_t self:fifo_file rw_fifo_file_perms;
-allow sosreport_t self:tcp_socket create_stream_socket_perms;
-allow sosreport_t self:udp_socket create_socket_perms;
-allow sosreport_t self:unix_dgram_socket create_socket_perms;
-allow sosreport_t self:netlink_route_socket r_netlink_socket_perms;
-allow sosreport_t self:unix_stream_socket create_stream_socket_perms;
+allow sosreport_t self:tcp_socket { accept listen };
+allow sosreport_t self:unix_stream_socket { accept listen };
 
 manage_dirs_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
 manage_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
 manage_lnk_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
+files_root_filetrans(sosreport_t, sosreport_tmp_t, file, ".ismount-test-file")
 files_tmp_filetrans(sosreport_t, sosreport_tmp_t, { file dir })
 
 manage_files_pattern(sosreport_t, sosreport_tmpfs_t, sosreport_tmpfs_t)
@@ -64,23 +65,22 @@ files_getattr_all_sockets(sosreport_t)
 files_exec_etc_files(sosreport_t)
 files_list_all(sosreport_t)
 files_read_config_files(sosreport_t)
-files_read_etc_files(sosreport_t)
 files_read_generic_tmp_files(sosreport_t)
+files_read_non_auth_files(sosreport_t)
 files_read_usr_files(sosreport_t)
 files_read_var_lib_files(sosreport_t)
 files_read_var_symlinks(sosreport_t)
 files_read_kernel_modules(sosreport_t)
 files_read_all_symlinks(sosreport_t)
-# for blkid.tab
 files_manage_etc_runtime_files(sosreport_t)
 files_etc_filetrans_etc_runtime(sosreport_t, file)
 
 fs_getattr_all_fs(sosreport_t)
 fs_list_inotifyfs(sosreport_t)
 
-# some config files do not have configfile attribute
-# sosreport needs to read various files on system
-files_read_non_auth_files(sosreport_t)
+storage_dontaudit_read_fixed_disk(sosreport_t)
+storage_dontaudit_read_removable_device(sosreport_t)
+
 auth_use_nsswitch(sosreport_t)
 
 init_domtrans_script(sosreport_t)
@@ -92,13 +92,11 @@ logging_send_syslog_msg(sosreport_t)
 
 miscfiles_read_localization(sosreport_t)
 
-# needed by modinfo
 modutils_read_module_deps(sosreport_t)
 
-sysnet_read_config(sosreport_t)
-
 optional_policy(`
 	abrt_manage_pid_files(sosreport_t)
+	abrt_manage_cache(sosreport_t)
 ')
 
 optional_policy(`
@@ -142,7 +140,3 @@ optional_policy(`
 optional_policy(`
 	xserver_stream_connect(sosreport_t)
 ')
-
-optional_policy(`
-	unconfined_domain(sosreport_t)
-')