diff --git a/sepolicy/su.te b/sepolicy/su.te
index cd78fd1..32be15a 100644
--- a/sepolicy/su.te
+++ b/sepolicy/su.te
@@ -42,6 +42,7 @@ hwbinder_use(phhsu_daemon)
 
 allow domain untrusted_app_all_devpts:chr_file { getattr read write };
 allow phhsu_daemon untrusted_app_all_devpts:chr_file { getattr read write open ioctl };
+allow phhsu_daemon untrusted_app_all:fifo_file { getattr read write open ioctl };
 allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr };
 
 allow appdomain phhsu_daemon:dir { search };
@@ -105,7 +106,7 @@ allow phhsu_daemon selinuxfs:file rwx_file_perms;
 allow domain phhsu_daemon:process { sigchld };
 allow phhsu_daemon domain:binder { call transfer };
 allow phhsu_daemon kernel:system { syslog_read syslog_mod };
-allow phhsu_daemon kernel:security { setenforce };
+allow phhsu_daemon kernel:security { setenforce compute_av };
 allow phhsu_daemon domain:unix_stream_socket { getattr };
 
 allow phhsu_daemon logdr_socket:sock_file write;
@@ -135,6 +136,7 @@ allow phhsu_daemon domain:fd { use };
 allow phhsu_daemon domain:unix_stream_socket { connectto ioctl getattr getopt read write shutdown };
 allow phhsu_daemon self:netlink_kobject_uevent_socket create_socket_perms;
 allow phhsu_daemon self:{ netlink_tcpdiag_socket } { create_socket_perms nlmsg_write nlmsg_read };
+allow phhsu_daemon self:{ netlink_selinux_socket } { create_socket_perms nlmsg_write nlmsg_read };
 
 allow phhsu_daemon file_type:file create_file_perms;
 allow phhsu_daemon file_type:dir create_dir_perms;