diff --git a/policy-F12.patch b/policy-F12.patch
index da8334c..b97f90e 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -1944,7 +1944,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.32/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/apps/java.te	2009-09-16 10:03:08.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/apps/java.te	2009-09-18 17:16:51.000000000 -0400
 @@ -20,6 +20,8 @@
  typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
  typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
@@ -1970,17 +1970,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	xserver_user_x_domain_template(java, java_t, java_tmpfs_t)
  ')
  
-@@ -147,4 +151,12 @@
+@@ -143,8 +147,18 @@
+ 	# execheap is needed for itanium/BEA jrocket
+ 	allow unconfined_java_t self:process { execstack execmem execheap };
+ 
++	files_execmod_all_files(unconfined_java_t)
++
+ 	init_dbus_chat_script(unconfined_java_t)
  
  	unconfined_domain_noaudit(unconfined_java_t)
  	unconfined_dbus_chat(unconfined_java_t)
 +	optional_policy(`
 +		hal_dbus_chat(unconfined_java_t)
- ')
++')
 +
 +	optional_policy(`
 +		rpm_domtrans(unconfined_java_t)
-+	')
+ ')
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.6.32/policy/modules/apps/kdumpgui.fc
@@ -5313,7 +5319,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/nfs/rpc_pipefs(/.*)?	<<none>>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.32/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/kernel/files.if	2009-09-18 11:28:35.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/kernel/files.if	2009-09-18 17:16:00.000000000 -0400
 @@ -110,6 +110,11 @@
  ## </param>
  #
@@ -13566,15 +13572,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.6.32/policy/modules/services/policykit.te
 --- nsaserefpolicy/policy/modules/services/policykit.te	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/policykit.te	2009-09-16 10:03:09.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/policykit.te	2009-09-18 17:05:02.000000000 -0400
 @@ -36,11 +36,12 @@
  # policykit local policy
  #
  
 -allow policykit_t self:capability { setgid setuid };
-+allow policykit_t self:capability { setgid setuid sys_ptrace };
- allow policykit_t self:process getattr;
+-allow policykit_t self:process getattr;
 -allow policykit_t self:fifo_file rw_file_perms;
++allow policykit_t self:capability { setgid setuid sys_ptrace };
++allow policykit_t self:process { getsched getattr };
 +allow policykit_t self:fifo_file rw_fifo_file_perms;
 +
  allow policykit_t self:unix_dgram_socket create_socket_perms;
@@ -17793,7 +17800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.32/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/ssh.te	2009-09-16 10:03:09.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/ssh.te	2009-09-18 17:38:09.000000000 -0400
 @@ -41,6 +41,9 @@
  files_tmp_file(sshd_tmp_t)
  files_poly_parent(sshd_tmp_t)
@@ -17831,8 +17838,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Allow the ssh program to communicate with ssh-agent.
  stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
-@@ -131,6 +134,7 @@
- read_lnk_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
+@@ -126,11 +129,12 @@
+ read_lnk_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
+ 
+ # ssh servers can read the user keys and config
+-allow ssh_server home_ssh_t:dir list_dir_perms;
+-read_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
+-read_lnk_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
++manage_dirs_pattern(ssh_server, home_ssh_t, home_ssh_t)
++manage_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
++userdom_user_home_dir_filetrans(ssh_server, home_ssh_t, dir)
  
  kernel_read_kernel_sysctls(ssh_t)
 +kernel_read_system_state(ssh_t)