diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index b780d13cf..cd34cd9dd 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -164,6 +164,7 @@ template(`su_role_template',`
 	kernel_read_kernel_sysctls($1_su_t)
 	kernel_search_key($1_su_t)
 	kernel_link_key($1_su_t)
+	kernel_dontaudit_getattr_proc($1_su_t)
 
 	# for SSP
 	dev_read_urand($1_su_t)
@@ -172,6 +173,7 @@ template(`su_role_template',`
 
 	# needed for pam_rootok
 	selinux_compute_access_vector($1_su_t)
+	selinux_use_status_page($1_su_t)
 
 	auth_domtrans_chk_passwd($1_su_t)
 	auth_dontaudit_read_shadow($1_su_t)
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
index 3f3d94e60..db9f1ae7c 100644
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@@ -61,6 +61,7 @@ allow bluetooth_t self:unix_stream_socket { accept connectto listen };
 allow bluetooth_t self:tcp_socket { accept listen };
 allow bluetooth_t self:netlink_kobject_uevent_socket create_socket_perms;
 allow bluetooth_t self:bluetooth_socket create_stream_socket_perms;
+allow bluetooth_t self:alg_socket create_stream_socket_perms;
 
 read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
 
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 744cbc605..91e3df73f 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -512,6 +512,9 @@ sysnet_manage_config(systemd_hostnamed_t)
 
 systemd_log_parse_environment(systemd_hostnamed_t)
 
+# Allow reading /run/udev/data/+dmi:id
+udev_read_runtime_files(systemd_hostnamed_t)
+
 optional_policy(`
 	dbus_connect_system_bus(systemd_hostnamed_t)
 	dbus_system_bus_client(systemd_hostnamed_t)