diff --git a/ossec.fc b/ossec.fc
index d4eb450..ad573c3 100644
--- a/ossec.fc
+++ b/ossec.fc
@@ -13,6 +13,9 @@
 /var/ossec/agentless(/.*)?                gen_context(system_u:object_r:ossec_var_t,s0)
 
 /var/ossec/var/run(/.*)?                  gen_context(system_u:object_r:ossec_var_run_t,s0)
+/var/ossec/var/execd\.sqlite           -- gen_context(system_u:object_r:ossec_execd_file_t,s0)
+/var/ossec/var/execd\.sqlite-journal   -- gen_context(system_u:object_r:ossec_execd_journal_t,s0)
+#/var/ossec/var/execd\.sqlite(-.*)?     -- gen_context(system_u:object_r:ossec_execd_file_t,s0)
 /var/ossec/var(/.*)?                      gen_context(system_u:object_r:ossec_var_t,s0)
 
 /var/ossec/tmp(/.*)?                      gen_context(system_u:object_r:ossec_tmp_t,s0)
diff --git a/ossec.te b/ossec.te
index 5d035a4..8e79580 100644
--- a/ossec.te
+++ b/ossec.te
@@ -1,5 +1,5 @@
 
-policy_module(ossec,1.0.176)
+policy_module(ossec,1.0.186)
 
 ########################################
 #
@@ -20,6 +20,12 @@ type ossec_execd_t;
 type ossec_execd_exec_t;
 init_daemon_domain(ossec_execd_t, ossec_execd_exec_t)
 
+type ossec_execd_file_t;
+files_type(ossec_execd_file_t)
+
+type ossec_execd_journal_t;
+files_type(ossec_execd_journal_t)
+
 # ossec-analysisd daemon
 type ossec_analysisd_t;
 type ossec_analysisd_exec_t;
@@ -122,48 +128,48 @@ unconfined_domain(ossec_ar_t)
 ###
 
 require {
-	type ossec_bin_t;
+	#type ossec_bin_t;
 
-	type ossec_maild_t;
-	type ossec_maild_exec_t;
-	type ossec_execd_t;
-	type ossec_execd_exec_t;
-	type ossec_analysisd_t;
-	type ossec_analysisd_exec_t;
-	type ossec_logcollector_t;
-	type ossec_logcollector_exec_t;
-	type ossec_remoted_t;
-	type ossec_remoted_exec_t;
-	type ossec_syscheckd_t;
-	type ossec_syscheckd_exec_t;
-	type ossec_monitord_t;
-	type ossec_monitord_exec_t;
-	type ossec_dbd_t;
-	type ossec_dbd_exec_t;
-	type ossec_csyslogd_t;
-	type ossec_csyslogd_exec_t;
-	type ossec_agentlessd_t;
-	type ossec_agentlessd_exec_t;
+	#type ossec_maild_t;
+	#type ossec_maild_exec_t;
+	#type ossec_execd_t;
+	#type ossec_execd_exec_t;
+	#type ossec_analysisd_t;
+	#type ossec_analysisd_exec_t;
+	#type ossec_logcollector_t;
+	#type ossec_logcollector_exec_t;
+	#type ossec_remoted_t;
+	#type ossec_remoted_exec_t;
+	#type ossec_syscheckd_t;
+	#type ossec_syscheckd_exec_t;
+	#type ossec_monitord_t;
+	#type ossec_monitord_exec_t;
+	#type ossec_dbd_t;
+	#type ossec_dbd_exec_t;
+	#type ossec_csyslogd_t;
+	#type ossec_csyslogd_exec_t;
+	#type ossec_agentlessd_t;
+	#type ossec_agentlessd_exec_t;
 	
-	type ossec_var_t;
-	type ossec_tmp_t;
-	type ossec_log_t;
-	type ossec_etc_t;
-	type ossec_rule_t;
-	type ossec_stats_t;
-	type ossec_queue_t;
+	#type ossec_var_t;
+	#type ossec_tmp_t;
+	#type ossec_log_t;
+	#type ossec_etc_t;
+	#type ossec_rule_t;
+	#type ossec_stats_t;
+	#type ossec_queue_t;
 
-	type ossec_ar_t;
-	type ossec_ar_bin_t;
-	type ossec_ar_exec_t;
+	#type ossec_ar_t;
+	#type ossec_ar_bin_t;
+	#type ossec_ar_exec_t;
 
-	type var_log_t;
+	#type var_log_t;
 	type httpd_t;
-	type httpd_log_t;
-	type unreserved_port_t;
-	type smtp_port_t;
-	type node_t;
-	type shell_exec_t;
+	#type httpd_log_t;
+	#type unreserved_port_t;
+	#type smtp_port_t;
+	#type node_t;
+	#type shell_exec_t;
 	class file { rename read lock create write getattr unlink open append entrypoint };
 	class dir { write getattr read remove_name create add_name };
 	class process { setsched transition rlimitinh siginh noatsecure };
@@ -197,8 +203,10 @@ allow ossec_maild_t ossec_log_t:file { create_file_perms append_file_perms read
 ossec_log_filetrans(ossec_maild_t, ossec_log_t, file)
 
 # Sockets
-allow ossec_maild_t self:tcp_socket { create connect read write };
-allow ossec_maild_t smtp_port_t:tcp_socket { name_connect };
+allow ossec_maild_t self:tcp_socket create_socket_perms;
+corenet_tcp_connect_smtp_port(ossec_maild_t)
+#allow ossec_maild_t self:tcp_socket { create connect read write };
+#allow ossec_maild_t smtp_port_t:tcp_socket { name_connect };
 
 
 #============= ossec_execd_t ==============
@@ -214,8 +222,14 @@ ossec_read_config(ossec_execd_t)
 search_dirs_pattern(ossec_execd_t, ossec_etc_share_t, ossec_etc_share_t)
 read_files_pattern(ossec_execd_t, ossec_etc_share_t, ossec_etc_share_t)
 
+#allow ossec_execd_t ossec_var_t:dir { write add_name };
+allow ossec_execd_t ossec_execd_file_t:file { create_file_perms rw_file_perms };
+allow ossec_execd_t ossec_execd_journal_t:file manage_file_perms;
+filetrans_pattern(ossec_execd_t, ossec_var_t, ossec_execd_journal_t, file, "execd.sqlite-journal");
+
 # var run dir
-allow ossec_execd_t ossec_var_run_t:file { create_file_perms write_file_perms setattr read unlink };
+#allow ossec_execd_t ossec_var_run_t:file { create_file_perms write_file_perms setattr read unlink };
+allow ossec_execd_t ossec_var_run_t:file manage_file_perms;
 ossec_pid_filetrans(ossec_execd_t, ossec_var_run_t, file)
 
 # queue dir
@@ -228,7 +242,8 @@ ossec_log_filetrans(ossec_execd_t, ossec_log_t, file)
 
 # active-response scripts
 search_dirs_pattern(ossec_execd_t, ossec_ar_bin_t, ossec_ar_bin_t)
-exec_files_pattern(ossec_execd_t, shell_exec_t, shell_exec_t)
+#exec_files_pattern(ossec_execd_t, shell_exec_t, shell_exec_t)
+corecmd_exec_shell(ossec_execd_t)
 
 # dgram socket
 allow ossec_execd_t self:unix_dgram_socket { create bind getopt read write };
@@ -269,7 +284,7 @@ create_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
 append_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
 
 # logs
-allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms read };
+allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms read link unlink };
 ossec_log_filetrans(ossec_analysisd_t, ossec_log_t, file)
 
 # rules dir
@@ -302,9 +317,11 @@ manage_sock_files_pattern(ossec_logcollector_t, ossec_queue_t, ossec_queue_t)
 allow ossec_logcollector_t ossec_log_t:file { create_file_perms append_file_perms read };
 ossec_log_filetrans(ossec_logcollector_t, ossec_log_t, file)
 
-search_dirs_pattern(ossec_logcollector_t, httpd_log_t, httpd_log_t)
-read_files_pattern(ossec_logcollector_t, httpd_log_t, httpd_log_t)
-read_files_pattern(ossec_logcollector_t, var_log_t, var_log_t)
+# Access all system logs:
+logging_read_all_logs(ossec_logcollector_t)
+#search_dirs_pattern(ossec_logcollector_t, httpd_log_t, httpd_log_t)
+#read_files_pattern(ossec_logcollector_t, httpd_log_t, httpd_log_t)
+#read_files_pattern(ossec_logcollector_t, var_log_t, var_log_t)
 
 # dgram socket
 allow ossec_logcollector_t self:unix_dgram_socket { create bind getopt connect write }; 
@@ -339,11 +356,14 @@ allow ossec_remoted_t ossec_log_t:file { create_file_perms append_file_perms rea
 ossec_log_filetrans(ossec_remoted_t, ossec_log_t, file)
 
 # Sockets
-allow ossec_remoted_t self:udp_socket { create bind read write };
-allow ossec_remoted_t unreserved_port_t:udp_socket { name_bind };
-allow ossec_remoted_t node_t:udp_socket { node_bind };
+allow ossec_remoted_t self:udp_socket create_stream_socket_perms;
+corenet_udp_bind_all_unreserved_ports(ossec_remoted_t)
+corenet_udp_bind_generic_node(ossec_remoted_t)
+#allow ossec_remoted_t self:udp_socket { create bind read write };
+#allow ossec_remoted_t unreserved_port_t:udp_socket { name_bind };
+#allow ossec_remoted_t node_t:udp_socket { node_bind };
 
-allow ossec_remoted_t self:tcp_socket { create bind };
+#allow ossec_remoted_t self:tcp_socket { create bind };
 
 # dgram socket
 allow ossec_remoted_t self:unix_dgram_socket { create bind getopt connect read write };