diff --git a/policy/constraints b/policy/constraints
index 47ada8d0f..3245d4493 100644
--- a/policy/constraints
+++ b/policy/constraints
@@ -98,10 +98,10 @@ constrain process { transition noatsecure siginh rlimitinh }
 
 constrain process { transition noatsecure siginh rlimitinh }
 (
-	r1 == r2
-	or ( t1 == can_change_process_identity and t2 == process_user_target )
-	or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
-	or ( t1 == can_system_change and u2 == system_u )
+	r1 == r2 
+	or ( t1 == can_change_process_role and t2 == process_user_target )
+   	or ( t1 == cron_source_domain and t2 == cron_job_domain )
+	or ( t1 == can_system_change and r2 == system_r )
 	or ( t1 == process_uncond_exempt )
 );