diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index 4e2f51bb0..1c59671ad 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -706,7 +706,6 @@ interface(`seutil_search_default_contexts',`
 	allow $1 { selinux_config_t default_context_t }:dir search;
 ')
 
-
 ########################################
 ## <summary>
 ##	Read the default_contexts files.
@@ -723,10 +722,30 @@ interface(`seutil_read_default_contexts',`
 	')
 
 	files_search_etc($1)
-	allow $1 selinux_config_t:dir search;
-	allow $1 default_context_t:dir r_dir_perms;
+	allow $1 selinux_config_t:dir search_dir_perms;
+	allow $1 default_context_t:dir list_dir_perms;
 	allow $1 default_context_t:file r_file_perms;
-	allow $1 default_context_t:lnk_file { getattr read };
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete the default_contexts files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`seutil_manage_default_contexts',`
+	gen_require(`
+		type selinux_config_t, default_context_t;
+	')
+
+	files_search_etc($1)
+	allow $1 selinux_config_t:dir search_dir_perms;
+	allow $1 default_context_t:dir rw_dir_perms;
+	allow $1 default_context_t:file manage_file_perms;
 ')
 
 ########################################
@@ -789,7 +808,7 @@ interface(`seutil_manage_file_contexts',`
 	')
 
 	files_search_etc($1)
-	allow $1 selinux_config_t:dir search_dir_perms;
+	allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
 	allow $1 file_context_t:dir rw_dir_perms;
 	allow $1 file_context_t:file manage_file_perms;
 ')
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 94889002e..19bc01f8c 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -1,5 +1,5 @@
 
-policy_module(selinuxutil,1.2.10)
+policy_module(selinuxutil,1.2.11)
 
 ifdef(`strict_policy',`
 	gen_require(`
@@ -593,7 +593,6 @@ logging_send_syslog_msg(semanage_t)
 
 miscfiles_read_localization(semanage_t)
 
-seutil_search_default_contexts(semanage_t)
 seutil_manage_file_contexts(semanage_t)
 seutil_manage_selinux_config(semanage_t)
 seutil_domtrans_setfiles(semanage_t)
@@ -604,6 +603,8 @@ seutil_use_newrole_fds(semanage_t)
 seutil_manage_module_store(semanage_t)
 seutil_get_semanage_trans_lock(semanage_t)
 seutil_get_semanage_read_lock(semanage_t)
+# netfilter_contexts:
+seutil_manage_default_contexts(semanage_t)
 
 userdom_search_sysadm_home_dirs(semanage_t)