diff --git a/policy/modules/admin/apt.if b/policy/modules/admin/apt.if
index 568aa97dd..5330b0a05 100644
--- a/policy/modules/admin/apt.if
+++ b/policy/modules/admin/apt.if
@@ -171,7 +171,7 @@ interface(`apt_read_cache',`
 
 	files_search_var($1)
 	allow $1 apt_var_cache_t:dir list_dir_perms;
-	allow $1 apt_var_cache_t:file read_file_perms;
+	allow $1 apt_var_cache_t:file mmap_read_file_perms;
 ')
 
 ########################################
@@ -191,7 +191,7 @@ interface(`apt_manage_cache',`
 
 	files_search_var($1)
 	allow $1 apt_var_cache_t:dir manage_dir_perms;
-	allow $1 apt_var_cache_t:file manage_file_perms;
+	allow $1 apt_var_cache_t:file { manage_file_perms map };
 ')
 
 ########################################
diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
index d3072fc51..36de1e4ed 100644
--- a/policy/modules/services/ntp.te
+++ b/policy/modules/services/ntp.te
@@ -152,7 +152,7 @@ ifdef(`init_systemd',`
 	init_list_var_lib_dirs(ntpd_t)
 
 	# for /run/systemd/netif/links
-	init_list_pids(ntpd_t)
+	systemd_list_netif(ntpd_t)
 
 	optional_policy(`
 		unconfined_dbus_send(ntpd_t)
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index 74f0b2158..db1f68b6c 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -307,6 +307,7 @@ interface(`systemd_use_passwd_agent',`
 	manage_sock_files_pattern($1, systemd_passwd_var_run_t, systemd_passwd_var_run_t)
 
 	allow systemd_passwd_agent_t $1:process signull;
+	ps_process_pattern(systemd_passwd_agent_t, $1)
 	allow systemd_passwd_agent_t $1:unix_dgram_socket sendto;
 ')
 
@@ -828,3 +829,22 @@ interface(`systemd_getattr_updated_runtime',`
 
 	getattr_files_pattern($1, systemd_update_run_t, systemd_update_run_t)
 ')
+
+#######################################
+## <summary>
+##  Allow domain to list dirs under /run/systemd/netif
+## </summary>
+## <param name="domain">
+## <summary>
+##  domain permitted the access
+## </summary>
+## </param>
+#
+interface(`systemd_list_netif',`
+	gen_require(`
+		type systemd_networkd_var_run_t;
+	')
+
+	init_list_pids($1)
+	allow $1 systemd_networkd_var_run_t:dir list_dir_perms;
+')