Index: refpolicy-2.20190201/policy/modules/system/init.if
===================================================================
--- refpolicy-2.20190201.orig/policy/modules/system/init.if
+++ refpolicy-2.20190201/policy/modules/system/init.if
@@ -127,7 +127,11 @@ interface(`init_domain',`
 
 	role system_r types $1;
 
-	domtrans_pattern(init_t, $2, $1)
+	ifdef(`init_systemd', `
+		domtrans_pattern(init_t, $2, $1)
+		allow init_t $1:unix_stream_socket create_stream_socket_perms;
+		allow $1 init_t:unix_dgram_socket sendto;
+	')
 
 	allow init_t $1:process rlimitinh;
 
Index: refpolicy-2.20190201/policy/support/obj_perm_sets.spt
===================================================================
--- refpolicy-2.20190201.orig/policy/support/obj_perm_sets.spt
+++ refpolicy-2.20190201/policy/support/obj_perm_sets.spt
@@ -154,11 +154,6 @@ define(`relabel_dir_perms',`{ getattr re
 define(`getattr_file_perms',`{ getattr }')
 define(`setattr_file_perms',`{ setattr }')
 define(`read_file_perms',`{ getattr open read lock ioctl }')
-# deprecated 20171213
-define(`mmap_file_perms',`
-	{ getattr open map read execute ioctl }
-	refpolicywarn(`mmap_file_perms is deprecated, please use mmap_exec_file_perms instead')
-')
 define(`mmap_read_inherited_file_perms',`{ getattr map read ioctl }')
 define(`mmap_read_file_perms',`{ getattr open map read ioctl }')
 define(`mmap_exec_inherited_file_perms',`{ getattr map read execute ioctl }')
Index: refpolicy-2.20190201/policy/modules/system/systemd.te
===================================================================
--- refpolicy-2.20190201.orig/policy/modules/system/systemd.te
+++ refpolicy-2.20190201/policy/modules/system/systemd.te
@@ -349,6 +349,10 @@ optional_policy(`
 	networkmanager_dbus_chat(systemd_hostnamed_t)
 ')
 
+optional_policy(`
+	unconfined_dbus_send(systemd_hostnamed_t)
+')
+
 #########################################
 #
 # hw local policy
Index: refpolicy-2.20190201/policy/modules/system/fstools.te
===================================================================
--- refpolicy-2.20190201.orig/policy/modules/system/fstools.te
+++ refpolicy-2.20190201/policy/modules/system/fstools.te
@@ -150,6 +150,11 @@ init_use_script_ptys(fsadm_t)
 init_dontaudit_getattr_initctl(fsadm_t)
 init_rw_script_stream_sockets(fsadm_t)
 
+ifdef(`hide_broken_symptoms',`
+	# for /run/pm-utils/locks/pm-powersave.lock
+	init_read_utmp(fsadm_t)
+')
+
 logging_send_syslog_msg(fsadm_t)
 
 miscfiles_read_localization(fsadm_t)
Index: refpolicy-2.20190201/policy/modules/system/sysnetwork.te
===================================================================
--- refpolicy-2.20190201.orig/policy/modules/system/sysnetwork.te
+++ refpolicy-2.20190201/policy/modules/system/sysnetwork.te
@@ -357,6 +357,11 @@ files_dontaudit_read_root_files(ifconfig
 init_use_fds(ifconfig_t)
 init_use_script_ptys(ifconfig_t)
 
+ifdef(`hide_broken_symptoms',`
+	# for /run/pm-utils/locks/pm-powersave.lock
+	init_read_utmp(ifconfig_t)
+')
+
 logging_send_syslog_msg(ifconfig_t)
 
 miscfiles_read_localization(ifconfig_t)
Index: refpolicy-2.20190201/policy/constraints
===================================================================
--- refpolicy-2.20190201.orig/policy/constraints
+++ refpolicy-2.20190201/policy/constraints
@@ -28,6 +28,7 @@
 define(`basic_ubac_conditions',`
 	ifdef(`enable_ubac',`
 		u1 == u2
+		or r1 == sysadm_r
 		or u1 == system_u
 		or u2 == system_u
 		or t1 != ubac_constrained_type
