diff --git a/mlogc.te b/mlogc.te
index a55a281..4c18067 100644
--- a/mlogc.te
+++ b/mlogc.te
@@ -1,5 +1,5 @@
 
-policy_module(mlogc,1.0.44)
+policy_module(mlogc,1.0.46)
 
 ########################################
 #
@@ -31,7 +31,6 @@ require {
 	type tmp_t;
         type passwd_file_t;
         type http_port_t;
-        #type init_t;
         class process { siginh signal noatsecure rlimitinh };
         class unix_stream_socket { read write };
         class chr_file { read getattr open };
@@ -56,26 +55,25 @@ require {
 # mlogc local policy
 #
 
-allow httpd_t mlogc_exec_t:file { read open execute };
 
-allow mlogc_t mlogc_log_t:dir setattr_dir_perms;
-rw_dirs_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
-create_dirs_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
-#append_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
-#read_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
-#read_lnk_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
-
-create_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
-rw_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
-rename_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
-delete_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
-logging_log_filetrans(mlogc_t, mlogc_log_t, file)
-
-append_files_pattern(mlogc_t, httpd_log_t, httpd_log_t)
-
-
-allow mlogc_t mlogc_tmp_t:file manage_file_perms;
-files_tmp_filetrans(mlogc_t,mlogc_tmp_t,file)
+#allow mlogc_t mlogc_log_t:dir setattr_dir_perms;
+#rw_dirs_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+#create_dirs_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+##append_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+##read_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+##read_lnk_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+#
+#create_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+#rw_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+#rename_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+#delete_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+#logging_log_filetrans(mlogc_t, mlogc_log_t, file)
+#
+#append_files_pattern(mlogc_t, httpd_log_t, httpd_log_t)
+#
+#
+#allow mlogc_t mlogc_tmp_t:file manage_file_perms;
+#files_tmp_filetrans(mlogc_t,mlogc_tmp_t,file)
 
 
 
@@ -98,25 +96,55 @@ files_tmp_filetrans(mlogc_t,mlogc_tmp_t,file)
 ##allow mlogc_t cert_t:file read;
 
 #============= httpd_t ==============
+
+allow httpd_t mlogc_exec_t:file { read open execute };
 allow httpd_t mlogc_t:process { siginh signal noatsecure rlimitinh };
 allow httpd_t mlogc_log_t:dir { write create add_name };
 allow httpd_t mlogc_log_t:file { write create open };
 
 #============= mlogc_t ==============
 
+# init
 allow mlogc_t self:capability dac_override;
 
+# log files
+allow mlogc_t mlogc_log_t:dir setattr_dir_perms;
+rw_dirs_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+create_dirs_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+
+create_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+rw_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+rename_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+delete_files_pattern(mlogc_t, mlogc_log_t, mlogc_log_t)
+logging_log_filetrans(mlogc_t, mlogc_log_t, file)
+
+append_files_pattern(mlogc_t, httpd_log_t, httpd_log_t)
+
+# tmp files
+allow mlogc_t mlogc_tmp_t:file manage_file_perms;
+files_tmp_filetrans(mlogc_t,mlogc_tmp_t,file)
+
+# tcp_socket
 allow mlogc_t http_port_t:tcp_socket name_connect;
 allow mlogc_t self:tcp_socket { write read };
 allow mlogc_t self:tcp_socket { connect getopt getattr create setopt };
 
-allow mlogc_t cert_t:dir getattr;
+# nss cert files
+allow mlogc_t cert_t:dir { getattr search };
 allow mlogc_t cert_t:file { read getattr open lock };
 
+dontaudit mlogc_t cert_t:dir write;
+dontaudit mlogc_t cert_t:file write;
+allow mlogc_t cert_t:file read;
+
+# urandom
 allow mlogc_t urandom_device_t:chr_file { read getattr open };
 
+# passwd
 allow mlogc_t passwd_file_t:file { getattr read open };
 
+
+
 #allow mlogc_t http_port_t:tcp_socket { create connect name_connect getopt getattr setopt };
 
 #allow mlogc_t cert_t:dir { write getattr };