diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index a19739412..1339c011e 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -486,6 +486,26 @@ interface(`miscfiles_read_hwdata',`
read_lnk_files_pattern($1, hwdata_t, hwdata_t)
')
+########################################
+##
+## Allow process to get the attributes of localization info
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`miscfiles_getattr_localization',`
+ gen_require(`
+ type locale_t;
+ ')
+
+ files_search_usr($1)
+ allow $1 locale_t:dir list_dir_perms;
+ allow $1 locale_t:file getattr;
+')
+
########################################
##
## Allow process to setattr localization info
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 0d55588ed..69f6d846c 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -438,11 +438,12 @@ allow systemd_generator_t self:capability dac_override;
allow systemd_generator_t self:process setfscreate;
corecmd_exec_shell(systemd_generator_t)
-corecmd_getattr_bin_files(systemd_generator_t)
+corecmd_exec_bin(systemd_generator_t)
dev_read_sysfs(systemd_generator_t)
dev_write_kmsg(systemd_generator_t)
dev_write_sysfs_dirs(systemd_generator_t)
+dev_read_urand(systemd_generator_t)
files_read_etc_files(systemd_generator_t)
files_search_runtime(systemd_generator_t)
@@ -479,6 +480,8 @@ systemd_log_parse_environment(systemd_generator_t)
term_use_unallocated_ttys(systemd_generator_t)
+udev_search_runtime(systemd_generator_t)
+
ifdef(`distro_gentoo',`
corecmd_shell_entry_type(systemd_generator_t)
')