diff --git a/policy/modules/contrib/bitcoin.fc b/policy/modules/contrib/bitcoin.fc
index 7acd99e..fb80005 100644
--- a/policy/modules/contrib/bitcoin.fc
+++ b/policy/modules/contrib/bitcoin.fc
@@ -8,3 +8,6 @@
 /var/lib/bitcoin/.*					gen_context(system_u:object_r:bitcoin_var_lib_t,s0)
 /etc/bitcoin(/.*)?					gen_context(system_u:object_r:bitcoin_etc_t,s0)
 /var/lib/bitcoin/\.bitcoin/bitcoin\.conf		gen_context(system_u:object_r:bitcoin_etc_t,s0)
+/var/lib/bitcoin/\.bitcoin/debug\.log			gen_context(system_u:object_r:bitcoin_log_t,s0)
+/var/lib/bitcoin/\.bitcoin/log(/.*)?			gen_context(system_u:object_r:bitcoin_log_t,s0)
+	
diff --git a/policy/modules/contrib/bitcoin.if b/policy/modules/contrib/bitcoin.if
index f6fe436..aec4e7c 100644
--- a/policy/modules/contrib/bitcoin.if
+++ b/policy/modules/contrib/bitcoin.if
@@ -14,14 +14,17 @@
 
 interface(`bitcoin_admin',`
 	gen_require(`
-		type bitcoin_t, bitcoin_initrc_exec_t, 
-		bitcoin_var_run_t, bitcoin_etc_t,
-		bitcoin_var_lib_t;
+		type bitcoin_t, bitcoin_initrc_exec_t; 
+		type bitcoin_var_run_t, bitcoin_etc_t;
+		type bitcoin_var_lib_t;
 	')
 
+	allow $1 bitcoin_t:process { ptrace signal_perms };
+	ps_process_pattern($1, bitcoin_t)
+
 	init_labeled_script_domtrans($1, bitcoin_initrc_exec_t)
-	role_transition $2 bitcoin_initrc_exec_t system_r;
 	domain_system_change_exemption($1)
+	role_transition $2 bitcoin_initrc_exec_t system_r;
 	allow $2 system_r;
 
 	rw_dirs_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
@@ -34,3 +37,44 @@ interface(`bitcoin_admin',`
 	write_lnk_files_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
 
 ')
+
+#######################################
+## <summary>
+##      bitcoin configuration file read interface.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed to transition.
+##      </summary>
+## </param>
+#
+
+interface(`bitcoin_read_conf_files',`
+	gen_require(`
+		type bitcoin_etc_t;
+	') 
+
+	read_files_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
+	read_lnk_files_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
+')
+
+#######################################
+## <summary>
+##      bitcoin log management
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed to transition.
+##      </summary>
+## </param>
+#
+
+interface(`bitcoin_manage_log',`
+
+	gen_require(`
+		type bitcoin_log_t;
+	')
+
+	write_files_pattern($1, bitcoin_log_t, bitcoin_log_t);
+	
+')
diff --git a/policy/modules/contrib/bitcoin.te b/policy/modules/contrib/bitcoin.te
index edb8c5f..8893c0b 100644
--- a/policy/modules/contrib/bitcoin.te
+++ b/policy/modules/contrib/bitcoin.te
@@ -22,36 +22,46 @@ type bitcoin_var_run_t;
 type bitcoin_log_t;
 type bitcoin_tmp_t;
 
-files_type(bitcoin_var_lib_t)
-files_type(bitcoin_var_run_t)
-files_type(bitcoin_log_t)
-files_type(bitcoin_tmp_t)
-files_type(bitcoin_etc_t)
-
-domain_type(bitcoin_t)
 init_daemon_domain(bitcoin_t, bitcoin_exec_t)
+files_type(bitcoin_exec_t)
 init_script_file(bitcoin_initrc_exec_t)
+files_type(bitcoin_var_lib_t)
+files_pid_file(bitcoin_var_run_t)
 logging_log_file(bitcoin_log_t)
+files_tmp_file(bitcoin_tmp_t)
+files_config_file(bitcoin_etc_t)
+files_read_etc_runtime_files(bitcoin_t)
+
+domain_type(bitcoin_t)
+
+files_read_etc_runtime_files(bitcoin_t)
 
-files_pid_file(bitcoin_var_run_t)
 miscfiles_read_localization(bitcoin_t)
 fs_getattr_xattr_fs(bitcoin_t)
 fs_associate(bitcoin_var_lib_t)
 
-files_tmp_file(bitcoin_tmp_t)
 allow bitcoin_t bitcoin_tmp_t:file { create_file_perms write_file_perms };
-files_tmp_filetrans(bitcoin_t, bitcoin_tmp_t, file)
-
-
-allow bitcoin_t self:process signal_perms;
 allow bitcoin_t bitcoin_var_lib_t:file { read write append create getattr open unlink rename lock };
+allow bitcoin_t bitcoin_log_t:file { read write append create getattr open unlink rename lock };
 allow bitcoin_t bitcoin_var_lib_t:dir { create write rmdir read open add_name remove_name search getattr };
 allow bitcoin_t bitcoin_etc_t:file read_file_perms;
 
+allow bitcoin_t self:process signal_perms;
+
+
+allow bitcoin_t bitcoin_log_t:lnk_file read;
+allow bitcoin_t bitcoin_var_lib_t:file { read create };
+
 read_lnk_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t);
 read_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t);
 list_dirs_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t);
 
+append_files_pattern(bitcoin_t, bitcoin_log_t, bitcoin_log_t)
+create_files_pattern(bitcoin_t, bitcoin_log_t, bitcoin_log_t)
+setattr_files_pattern(bitcoin_t, bitcoin_log_t, bitcoin_log_t)
+manage_sock_files_pattern(bitcoin_t, bitcoin_log_t, bitcoin_log_t)
+logging_log_filetrans(bitcoin_t, bitcoin_log_t, { sock_file file dir })
+
 kernel_read_system_state(bitcoin_t)
 kernel_read_vm_sysctls(bitcoin_t)
 
@@ -61,43 +71,46 @@ domain_use_interactive_fds(bitcoin_t)
 files_read_etc_runtime_files(bitcoin_t)
 files_read_usr_files(bitcoin_t)
 
+manage_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t)
+filetrans_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t, file)
+can_exec(bitcoin_t, bitcoin_etc_t)
 
 # networking 
 
-tunable_policy(`bitcoin_bind_all_unreserved_ports',`
-        corenet_sendrecv_all_server_packets(bitcoin_t)
-        corenet_tcp_bind_all_unreserved_ports(bitcoin_t)
-')
-
+# privileges to setup the ports
 
 allow bitcoin_t bitcoin_port_t:tcp_socket { name_connect name_bind };
 allow bitcoin_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
 allow bitcoin_t self:tcp_socket { connect accept listen };
 
-
+# dns
 auth_use_nsswitch(bitcoin_t)
-
-corenet_sendrecv_bitcoin_server_packets(bitcoin_t)
-corenet_tcp_bind_bitcoin_port(bitcoin_t)
-corenet_tcp_sendrecv_bitcoin_port(bitcoin_t)
-corenet_all_recvfrom_unlabeled(bitcoin_t)
-corenet_all_recvfrom_netlabel(bitcoin_t)
-corenet_tcp_sendrecv_generic_if(bitcoin_t)
-corenet_udp_sendrecv_generic_if(bitcoin_t)
-corenet_tcp_sendrecv_generic_node(bitcoin_t)
-corenet_udp_sendrecv_generic_node(bitcoin_t)
-corenet_tcp_bind_generic_node(bitcoin_t)
-corenet_udp_bind_generic_node(bitcoin_t)
-
 corenet_sendrecv_dns_server_packets(bitcoin_t)
 corenet_udp_bind_dns_port(bitcoin_t)
 corenet_udp_sendrecv_dns_port(bitcoin_t)
 
+# a boolean for binding to a non-standard high port
+
+tunable_policy(`bitcoin_bind_all_unreserved_ports',`
+        corenet_sendrecv_all_server_packets(bitcoin_t)
+        corenet_tcp_bind_all_unreserved_ports(bitcoin_t)
+')
+
+
+# allow usage of the bitcoin tcp ports (8333 + 8332)
+
 corenet_sendrecv_bitcoin_server_packets(bitcoin_t)
 corenet_tcp_bind_bitcoin_port(bitcoin_t)
 corenet_tcp_sendrecv_bitcoin_port(bitcoin_t)
-corenet_sendrecv_all_client_packets(bitcoin_t)
-corenet_tcp_connect_all_ports(bitcoin_t)
-corenet_tcp_connect_all_reserved_ports(bitcoin_t)
+
+# allow tcp transit to people's random bitcoin ports 
+
 corenet_tcp_sendrecv_all_ports(bitcoin_t)
-corenet_tcp_sendrecv_all_reserved_ports(bitcoin_t)
+corenet_tcp_connect_all_ports(bitcoin_t)
+
+# allow the usage of tcp through network interfaces
+
+corenet_tcp_sendrecv_generic_if(bitcoin_t)
+corenet_tcp_bind_generic_node(bitcoin_t)
+
+
diff --git a/policy/modules/contrib/logrotate.te b/policy/modules/contrib/logrotate.te
index 62b05af..c1452f8 100644
--- a/policy/modules/contrib/logrotate.te
+++ b/policy/modules/contrib/logrotate.te
@@ -152,6 +152,11 @@ optional_policy(`
 ')
 
 optional_policy(`
+	bitcoin_manage_log(logrotate_t)
+')
+
+
+optional_policy(`
 	callweaver_exec(logrotate_t)
 	callweaver_stream_connect(logrotate_t)
 ')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index cd2b0e4..3db640a 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -528,6 +528,10 @@ ifdef(`distro_gentoo',`
 	optional_policy(`
 		dhcpd_setattr_state_files(initrc_t)
 	')
+
+	optional_policy(`
+		bitcoin_read_conf_files(initrc_t)
+	')
 ')
 
 ifdef(`distro_redhat',`