diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index e4ed93700..96fae3375 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -71,6 +71,9 @@ template(`su_restricted_domain_template', `
 	files_search_var_lib($1_su_t)
 	files_dontaudit_getattr_tmp_dirs($1_su_t)
 
+	# for the rootok check
+	selinux_compute_access_vector($1_su_t)
+
 	auth_domtrans_chk_passwd($1_su_t)
 	auth_dontaudit_read_shadow($1_su_t)
 	auth_use_nsswitch($1_su_t)
diff --git a/refpolicy/policy/modules/admin/su.te b/refpolicy/policy/modules/admin/su.te
index 75b8d72b7..d9ef86aa4 100644
--- a/refpolicy/policy/modules/admin/su.te
+++ b/refpolicy/policy/modules/admin/su.te
@@ -1,5 +1,5 @@
 
-policy_module(su,1.3.2)
+policy_module(su,1.3.3)
 
 ########################################
 #