diff --git a/shorewall.fc b/shorewall.fc
index ad1c483..b98201c 100644
--- a/shorewall.fc
+++ b/shorewall.fc
@@ -7,6 +7,9 @@
 /sbin/shorewall6?	--	gen_context(system_u:object_r:shorewall_exec_t,s0)
 /sbin/shorewall-lite	--	gen_context(system_u:object_r:shorewall_exec_t,s0)
 
+/usr/sbin/shorewall6?	--	gen_context(system_u:object_r:shorewall_exec_t,s0)
+/usr/sbin/shorewall-lite	--	gen_context(system_u:object_r:shorewall_exec_t,s0)
+
 /var/lib/shorewall(/.*)?	gen_context(system_u:object_r:shorewall_var_lib_t,s0)
 /var/lib/shorewall6(/.*)?	gen_context(system_u:object_r:shorewall_var_lib_t,s0)
 /var/lib/shorewall-lite(/.*)?	gen_context(system_u:object_r:shorewall_var_lib_t,s0)
diff --git a/shorewall.if b/shorewall.if
index 9574bb5..1aeef8a 100644
--- a/shorewall.if
+++ b/shorewall.if
@@ -1,4 +1,4 @@
-## <summary>Shoreline Firewall high-level tool for configuring netfilter</summary>
+## <summary>Shoreline Firewall high-level tool for configuring netfilter.</summary>
 
 ########################################
 ## <summary>
@@ -15,6 +15,7 @@ interface(`shorewall_domtrans',`
 		type shorewall_t, shorewall_exec_t;
 	')
 
+	corecmd_search_bin($1)
 	domtrans_pattern($1, shorewall_exec_t, shorewall_t)
 ')
 
@@ -33,12 +34,13 @@ interface(`shorewall_lib_domtrans',`
 		type shorewall_t, shorewall_var_lib_t;
 	')
 
+	files_search_var_lib($1)
 	domtrans_pattern($1, shorewall_var_lib_t, shorewall_t)
 ')
 
 #######################################
 ## <summary>
-##	Read shorewall etc configuration files.
+##	Read shorewall configuration files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -57,7 +59,7 @@ interface(`shorewall_read_config',`
 
 #######################################
 ## <summary>
-##	Read shorewall PID files.
+##	Read shorewall pid files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -76,7 +78,7 @@ interface(`shorewall_read_pid_files',`
 
 #######################################
 ## <summary>
-##	Read and write shorewall PID files.
+##	Read and write shorewall pid files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -95,47 +97,45 @@ interface(`shorewall_rw_pid_files',`
 
 ######################################
 ## <summary>
-##      Read shorewall /var/lib files.
+##	Read shorewall lib files.
 ## </summary>
 ## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
+##	<summary>
+##	Domain allowed access.
+##	</summary>
 ## </param>
 #
 interface(`shorewall_read_lib_files',`
-        gen_require(`
-                type shorewall_t;
-       ')
+	gen_require(`
+		type shorewall_var_lib_t;
+	')
 
-        files_search_var_lib($1)
-        search_dirs_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
-        read_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
+	files_search_var_lib($1)
+	read_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
 ')
 
 #######################################
 ## <summary>
-##      Read and write shorewall /var/lib files.
+##	Read and write shorewall lib files.
 ## </summary>
 ## <param name="domain">
-##      <summary>
-##      Domain allowed access.
-##      </summary>
+##	<summary>
+##	Domain allowed access.
+##	</summary>
 ## </param>
 #
 interface(`shorewall_rw_lib_files',`
-        gen_require(`
-                type shorewall_var_lib_t;
-       ')
+	gen_require(`
+		type shorewall_var_lib_t;
+	')
 
-        files_search_var_lib($1)
-        search_dirs_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
-        rw_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
+	files_search_var_lib($1)
+	rw_files_pattern($1, shorewall_var_lib_t, shorewall_var_lib_t)
 ')
 
 #######################################
 ## <summary>
-##	Read shorewall tmp files.
+##	Read shorewall temporary files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -154,8 +154,8 @@ interface(`shorewall_read_tmp_files',`
 
 #######################################
 ## <summary>
-##	All of the rules required to administrate
-##	an shorewall environment
+##	All of the rules required to
+##	administrate an shorewall environment.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -164,17 +164,15 @@ interface(`shorewall_read_tmp_files',`
 ## </param>
 ## <param name="role">
 ##	<summary>
-##	The role to be allowed to manage the syslog domain.
+##	Role allowed access.
 ##	</summary>
 ## </param>
 ## <rolecap/>
 #
 interface(`shorewall_admin',`
 	gen_require(`
-		type shorewall_t, shorewall_lock_t;
-		type shorewall_log_t;
-		type shorewall_exec_t;
-		type shorewall_initrc_exec_t, shorewall_var_lib_t;
+		type shorewall_t, shorewall_lock_t, shorewall_log_t;
+		type shorewall_exec_t, shorewall_initrc_exec_t, shorewall_var_lib_t;
 		type shorewall_tmp_t, shorewall_etc_t;
 	')
 
diff --git a/shorewall.te b/shorewall.te
index 1bc340d..76ac110 100644
--- a/shorewall.te
+++ b/shorewall.te
@@ -1,4 +1,4 @@
-policy_module(shorewall, 1.3.1)
+policy_module(shorewall, 1.3.2)
 
 ########################################
 #
@@ -12,21 +12,16 @@ init_daemon_domain(shorewall_t, shorewall_exec_t)
 type shorewall_initrc_exec_t;
 init_script_file(shorewall_initrc_exec_t)
 
-# etc files
 type shorewall_etc_t;
 files_config_file(shorewall_etc_t)
 
-# lock files
 type shorewall_lock_t;
 files_lock_file(shorewall_lock_t)
 
-# tmp files
 type shorewall_tmp_t;
 files_tmp_file(shorewall_tmp_t)
 
-# var/lib files
 type shorewall_var_lib_t;
-files_type(shorewall_var_lib_t)
 domain_entry_file(shorewall_t, shorewall_var_lib_t)
 
 type shorewall_log_t;
@@ -34,10 +29,10 @@ logging_log_file(shorewall_log_t)
 
 ########################################
 #
-# shorewall local policy
+# Local policy
 #
 
-allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_admin sys_nice sys_ptrace };
+allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice };
 dontaudit shorewall_t self:capability sys_tty_config;
 allow shorewall_t self:fifo_file rw_fifo_file_perms;
 
@@ -47,8 +42,10 @@ list_dirs_pattern(shorewall_t, shorewall_etc_t, shorewall_etc_t)
 manage_files_pattern(shorewall_t, shorewall_lock_t, shorewall_lock_t)
 files_lock_filetrans(shorewall_t, shorewall_lock_t, file)
 
-manage_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
 manage_dirs_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
+append_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
+create_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
+setattr_files_pattern(shorewall_t, shorewall_log_t, shorewall_log_t)
 logging_log_filetrans(shorewall_t, shorewall_log_t, { file dir })
 
 manage_dirs_pattern(shorewall_t, shorewall_tmp_t, shorewall_tmp_t)
@@ -75,14 +72,16 @@ dev_read_urand(shorewall_t)
 domain_read_all_domains_state(shorewall_t)
 
 files_getattr_kernel_modules(shorewall_t)
-files_read_etc_files(shorewall_t)
 files_read_usr_files(shorewall_t)
 files_search_kernel_modules(shorewall_t)
 
 fs_getattr_all_fs(shorewall_t)
 
+auth_use_nsswitch(shorewall_t)
+
 init_rw_utmp(shorewall_t)
 
+logging_read_generic_logs(shorewall_t)
 logging_send_syslog_msg(shorewall_t)
 
 miscfiles_read_localization(shorewall_t)
@@ -90,6 +89,11 @@ miscfiles_read_localization(shorewall_t)
 sysnet_domtrans_ifconfig(shorewall_t)
 
 userdom_dontaudit_list_user_home_dirs(shorewall_t)
+userdom_use_user_terminals(shorewall_t)
+
+optional_policy(`
+	brctl_domtrans(shorewall_t)
+')
 
 optional_policy(`
 	hostname_exec(shorewall_t)