diff --git a/ossec.fc b/ossec.fc
index a06e327..9881169 100644
--- a/ossec.fc
+++ b/ossec.fc
@@ -16,10 +16,24 @@
 /var/ossec/tmp(/.*)?                      gen_context(system_u:object_r:ossec_tmp_t,s0)
 
 /var/ossec/etc(/.*)?                      gen_context(system_u:object_r:ossec_etc_t,s0)
+/var/ossec/etc/shared(/.*)?               gen_context(system_u:object_r:ossec_etc_share_t,s0)
 /var/ossec/rules(/.*)?                    gen_context(system_u:object_r:ossec_rule_t,s0)
 
-/var/ossec/bin(/.*)?                      gen_context(system_u:object_r:bin_t,s0)
 /var/ossec/active-response(/.*)?          gen_context(system_u:object_r:ossec_script_t,s0)
 
+/etc/init.d/ossec-hids           --       gen_context(system_u:object_r:ossec_initrc_exec_t,s0)
 /var/ossec/bin/ossec-control     --       gen_context(system_u:object_r:ossec_exec_t,s0)
+#/var/ossec/bin/ossec-server.sh   --       gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-server.sh   --       gen_context(system_u:object_r:ossec_initrc_exec_t,s0)
+/var/ossec/bin/ossec-maild                gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-execd                gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-analysisd            gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-logcollector         gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-remoted              gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-syscheckd            gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-monitord             gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-dbd                  gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-csyslogd             gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin/ossec-agentlessd           gen_context(system_u:object_r:ossec_exec_t,s0)
+/var/ossec/bin(/.*)?                      gen_context(system_u:object_r:bin_t,s0)
 
diff --git a/ossec.if b/ossec.if
index 3c830ee..320016b 100644
--- a/ossec.if
+++ b/ossec.if
@@ -79,3 +79,14 @@ interface(`ossec_write_log',`
         allow $1 ossec_log_t:file write;
 ')
 
+
+
+interface(`ossec_log_filetrans',`
+        gen_require(`
+                type ossec_log_t;
+        ')
+
+	allow $1 var_t:dir search_dir_perms;
+        filetrans_pattern($1, ossec_log_t, $2, $3, $4)
+')
+
diff --git a/ossec.te b/ossec.te
index 86cca2b..95bd851 100644
--- a/ossec.te
+++ b/ossec.te
@@ -1,5 +1,5 @@
 
-policy_module(ossec,1.0.12)
+policy_module(ossec,1.0.45)
 
 ########################################
 #
@@ -9,17 +9,24 @@ policy_module(ossec,1.0.12)
 type ossec_t;
 type ossec_bin_t;
 type ossec_exec_t;
-role system_r types ossec_t;
-domain_type(ossec_t)
-domain_entry_file(ossec_t, ossec_exec_t)
+#role system_r types ossec_t;
+#domain_type(ossec_t)
+#domain_entry_file(ossec_t, ossec_exec_t)
+init_daemon_domain(ossec_t, ossec_exec_t)
 
 optional_policy(`
         ossec_domtrans(httpd_t)
 ')
 
+type ossec_initrc_exec_t;
+init_script_file(ossec_initrc_exec_t)
+
 type ossec_var_t;
 files_type(ossec_var_t)
 
+type ossec_var_run_t;
+files_pid_file(ossec_var_run_t)
+
 type ossec_tmp_t;
 files_tmp_file(ossec_tmp_t)
 
@@ -29,6 +36,9 @@ logging_log_file(ossec_log_t)
 type ossec_etc_t;
 files_config_file(ossec_etc_t)
 
+type ossec_etc_share_t;
+files_config_file(ossec_etc_share_t)
+
 type ossec_rule_t;
 files_config_file(ossec_rule_t)
 
@@ -41,21 +51,41 @@ files_type(ossec_queue_t)
 type ossec_script_t;
 files_type(ossec_script_t)
 
+type ossec_port_t;
+corenet_port(ossec_port_t)
+#create_port_type_interfaces(ossec_port_t, tcp,1514,s0, udp,1514,s0)
+#create_packet_interfaces($1_client)
+#create_packet_interfaces($1_server)
+#network_port(ossec_port_t, tcp,1514,s0)
+#network_port(ossec, tcp,1514,s0, udp,1514,s0)
+
 require {
 	type ossec_t;
+	type ossec_initrc_exec_t;
+	type ossec_var_run_t;
 	type ossec_bin_t;
 	type ossec_exec_t;
 	type ossec_var_t;
 	type ossec_tmp_t;
 	type ossec_log_t;
 	type ossec_etc_t;
+	type ossec_etc_share_t;
 	type ossec_rule_t;
 	type ossec_stats_t;
 	type ossec_queue_t;
 	type ossec_script_t;
+	type ossec_port_t;
 	type httpd_t;
+	type initrc_t;
+	type node_t;
 	class file { rename read lock create write getattr unlink open append };
 	class dir { write getattr read remove_name create add_name };
+	class capability { dac_override dac_read_search setuid setgid fsetid sys_chroot sys_nice };
+	class tcp_socket { create name_bind name_connect };
+	class udp_socket { create bind name_bind node_bind };
+	class unix_dgram_socket { create bind getopt connect sendto };
+	class sock_file { unlink };
+	class process { setsched };
 }
 
 
@@ -66,7 +96,71 @@ require {
 
 
 #============= ossec_t ==============
+auth_read_passwd(ossec_t)
 
+# Read /proc/meminfo
+kernel_read_system_state(ossec_t)
+
+# Read urandom
+dev_read_urand(ossec_t)
+
+# init
+allow ossec_t self:capability { dac_override dac_read_search setuid setgid fsetid sys_chroot sys_nice };
+allow ossec_t self:process { setsched };
+
+# etc dir
+#files_read_etc_files(ossec_t)
+sysnet_read_config(ossec_t)
+
+# var dir
+rw_dirs_pattern(ossec_t, ossec_var_t, ossec_var_t)
+#rw_files_pattern(ossec_t, ossec_var_t, ossec_var_t)
+#create_files_pattern(ossec_t, ossec_var_t, ossec_var_t)
+manage_files_pattern(ossec_t, ossec_var_t, ossec_var_t)
+manage_sock_files_pattern(ossec_t, ossec_var_t, ossec_var_t)
+
+# queue dir
+rw_dirs_pattern(ossec_t, ossec_queue_t, ossec_queue_t)
+rw_files_pattern(ossec_t, ossec_queue_t, ossec_queue_t)
+manage_sock_files_pattern(ossec_t, ossec_queue_t, ossec_queue_t)
+
+# stats dir
+rw_dirs_pattern(ossec_t, ossec_stats_t, ossec_stats_t)
+rw_files_pattern(ossec_t, ossec_stats_t, ossec_stats_t)
+
+# rules dir
+read_files_pattern(ossec_t, ossec_rule_t, ossec_rule_t)
+
+# logs
+#logging_log_filetrans(ossec_t, ossec_log_t, file)
+#create_files_pattern(ossec_t, ossec_log_t, ossec_log_t)
+#read_files_pattern(ossec_t, ossec_log_t, ossec_log_t)
+#append_files_pattern(ossec_t, ossec_log_t, ossec_log_t)
+#delete_files_pattern(ossec_t, ossec_log_t, ossec_log_t)
+manage_files_pattern(ossec_t, ossec_log_t, ossec_log_t)
+ossec_log_filetrans(ossec_t, ossec_log_t, file)
+
+# system logs
+logging_read_all_logs(ossec_t)
+
+
+# Allow reading ossec config
+allow ossec_t ossec_etc_t:dir list_dir_perms;
+read_files_pattern(ossec_t, ossec_etc_t, ossec_etc_t)
+read_lnk_files_pattern(ossec_t, ossec_etc_t, ossec_etc_t)
+
+# Allow rw etc/shared
+rw_dirs_pattern(ossec_t, ossec_etc_share_t, ossec_etc_share_t);
+manage_files_pattern(ossec_t, ossec_etc_share_t, ossec_etc_share_t);
+
+# Sockets
+allow ossec_t self:udp_socket { create bind node_bind };
+allow ossec_t node_t:udp_socket { node_bind };
+allow ossec_t ossec_port_t:udp_socket { create_socket_perms create name_bind };
+#allow ossec_t self:udp_socket { create_socket_perms name_bind };
+#allow ossec_t self:udp_socket name_bind;
+
+allow ossec_t self:unix_dgram_socket { create bind getopt connect sendto };
 
 #============= httpd_t ==============
 allow httpd_t ossec_log_t:dir { read };