diff --git a/ossec.te b/ossec.te
index ca499d6..3ddce79 100644
--- a/ossec.te
+++ b/ossec.te
@@ -1,5 +1,5 @@
 
-policy_module(ossec,1.0.139)
+policy_module(ossec,1.0.157)
 
 ########################################
 #
@@ -84,14 +84,25 @@ type ossec_queue_t;
 files_type(ossec_queue_t)
 
 type ossec_script_t;
-files_type(ossec_script_t)
-
 type ossec_script_exec_t;
-files_type(ossec_script_exec_t)
-domain_type(ossec_script_exec_t)
-domain_entry_file(ossec_script_exec_t, ossec_execd_t)
-#domtrans_pattern(unconfined_t, ossec_script_exec_t, uossec_execd_t)
-unconfined_domain(ossec_script_exec_t)
+files_type(ossec_script_t)
+role system_r types ossec_script_t;
+domain_type(ossec_script_t)
+domain_entry_file(ossec_script_t, ossec_script_exec_t)
+unconfined_domain(ossec_script_t)
+#unconfined_run(ossec_script_exec_t, ossec_script_t)
+
+type_transition ossec_execd_t ossec_script_exec_t:process unconfined_t;
+
+#files_type(ossec_script_exec_t)
+#domain_type(ossec_script_exec_t)
+#domain_entry_file(ossec_script_exec_t, ossec_execd_t)
+##domtrans_pattern(unconfined_t, ossec_script_exec_t, ossec_execd_t)
+#unconfined_domain(ossec_script_exec_t)
+#unconfined_shell_domtrans(ossec_script_exec_t)
+#unconfined_run(ossec_execd_t, system_r)
+#unconfined_run(ossec_script_exec_t, ossec_script_t)
+
 
 require {
 	type ossec_t;
@@ -132,9 +143,11 @@ require {
 	type unreserved_port_t;
 	type smtp_port_t;
 	type node_t;
-	class file { rename read lock create write getattr unlink open append };
+	type shell_exec_t;
+	type unconfined_t;
+	class file { rename read lock create write getattr unlink open append entrypoint };
 	class dir { write getattr read remove_name create add_name };
-	class process { setsched };
+	class process { setsched transition rlimitinh siginh noatsecure };
 	class capability { dac_override dac_read_search setuid setgid fsetid sys_chroot sys_nice };
 	class tcp_socket { create name_bind name_connect };
 	class udp_socket { create bind name_bind node_bind };
@@ -213,13 +226,28 @@ read_lnk_files_pattern(ossec_execd_t, ossec_etc_t, ossec_etc_t)
 read_files_pattern(ossec_execd_t, ossec_etc_t, ossec_etc_t)
 #sysnet_read_config(ossec_execd_t)
 
+# etc share dir
+search_dirs_pattern(ossec_execd_t, ossec_etc_share_t, ossec_etc_share_t)
+read_files_pattern(ossec_execd_t, ossec_etc_share_t, ossec_etc_share_t)
+#manage_files_pattern(ossec_execd_t, ossec_etc_share_t, ossec_etc_share_t)
+
+# script dir
+search_dirs_pattern(ossec_execd_t, ossec_script_t, ossec_script_t)
+read_files_pattern(ossec_execd_t, ossec_script_exec_t, ossec_script_exec_t)
+exec_files_pattern(ossec_execd_t, ossec_script_exec_t, ossec_script_exec_t)
+exec_files_pattern(ossec_execd_t, shell_exec_t, shell_exec_t)
+
+
 # dgram socket
-allow ossec_execd_t self:unix_dgram_socket { create bind getopt }; # connect sendto
+allow ossec_execd_t self:unix_dgram_socket { create bind getopt read write };
 
 # Read urandom
 dev_read_urand(ossec_execd_t)
 
 # Run autoresponce unconstrained
+allow ossec_execd_t unconfined_t:process { transition rlimitinh siginh noatsecure };
+allow unconfined_t ossec_script_exec_t:file { entrypoint };
+
 #unconfined_domtrans(ossec_script_t)
 #unconfined_run(ossec_execd_t, ossec_script_t)
 
@@ -249,6 +277,7 @@ manage_sock_files_pattern(ossec_analysisd_t, ossec_queue_t, ossec_queue_t)
 # stats dir
 rw_dirs_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
 rw_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
+create_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
 append_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
 
 # etc dir
@@ -413,7 +442,7 @@ allow ossec_syscheckd_t self:unix_dgram_socket { create bind getopt connect writ
 allow ossec_syscheckd_t ossec_analysisd_t:unix_dgram_socket { sendto };
 
 # Sockets
-#allow ossec_t self:udp_socket { create };
+allow ossec_syscheckd_t self:udp_socket { create connect read write };
 allow ossec_syscheckd_t self:tcp_socket { create connect read write };
 #allow ossec_d_t smtp_port_t:tcp_socket { name_connect };