missing from previous

Here are the things that weren't applied from my previous patches, I think they
are all worthy of inclusion.

policy/modules/admin/apt.if

@@ -171,7 +171,7 @@ interface(`apt_read_cache',`
 
 	files_search_var($1)
 	allow $1 apt_var_cache_t:dir list_dir_perms;
-	allow $1 apt_var_cache_t:file read_file_perms;
+	allow $1 apt_var_cache_t:file mmap_read_file_perms;
 ')
 
 ########################################
@@ -191,7 +191,7 @@ interface(`apt_manage_cache',`
 
 	files_search_var($1)
 	allow $1 apt_var_cache_t:dir manage_dir_perms;
-	allow $1 apt_var_cache_t:file manage_file_perms;
+	allow $1 apt_var_cache_t:file { manage_file_perms map };
 ')
 
 ########################################

policy/modules/services/ntp.te

@@ -152,7 +152,7 @@ ifdef(`init_systemd',`
 	init_list_var_lib_dirs(ntpd_t)
 
 	# for /run/systemd/netif/links
-	init_list_pids(ntpd_t)
+	systemd_list_netif(ntpd_t)
 
 	optional_policy(`
 		unconfined_dbus_send(ntpd_t)

policy/modules/system/systemd.if

@@ -307,6 +307,7 @@ interface(`systemd_use_passwd_agent',`
 	manage_sock_files_pattern($1, systemd_passwd_var_run_t, systemd_passwd_var_run_t)
 
 	allow systemd_passwd_agent_t $1:process signull;
+	ps_process_pattern(systemd_passwd_agent_t, $1)
 	allow systemd_passwd_agent_t $1:unix_dgram_socket sendto;
 ')
 
@@ -828,3 +829,22 @@ interface(`systemd_getattr_updated_runtime',`
 
 	getattr_files_pattern($1, systemd_update_run_t, systemd_update_run_t)
 ')
+
+#######################################
+## <summary>
+##  Allow domain to list dirs under /run/systemd/netif
+## </summary>
+## <param name="domain">
+## <summary>
+##  domain permitted the access
+## </summary>
+## </param>
+#
+interface(`systemd_list_netif',`
+	gen_require(`
+		type systemd_networkd_var_run_t;
+	')
+
+	init_list_pids($1)
+	allow $1 systemd_networkd_var_run_t:dir list_dir_perms;
+')