diff --git a/Changelog b/Changelog
index 9154f9a8..c291c280 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Debian policykit fixes from Martin Orr.
 - Fix unconfined_r use of unconfined_java_t.
 - Add missing x_device rules for XI2 functions, from Eamon Walsh.
 - Add missing rules to make unconfined_cronjob_t a valid cron job domain.
diff --git a/policy/modules/services/policykit.fc b/policy/modules/services/policykit.fc
index d7264537..27c739c9 100644
--- a/policy/modules/services/policykit.fc
+++ b/policy/modules/services/policykit.fc
@@ -1,3 +1,8 @@
+/usr/lib/policykit/polkit-read-auth-helper --	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
+/usr/lib/policykit/polkit-grant-helper.*   --	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
+/usr/lib/policykit/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
+/usr/lib/policykit/polkitd		--	gen_context(system_u:object_r:policykit_exec_t,s0)
+
 /usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
 /usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
 /usr/libexec/polkit-resolve-exe-helper.* --	gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
diff --git a/policy/modules/services/policykit.te b/policy/modules/services/policykit.te
index 9913701d..4334f27b 100644
--- a/policy/modules/services/policykit.te
+++ b/policy/modules/services/policykit.te
@@ -1,5 +1,5 @@
 
-policy_module(policykit, 1.0.0)
+policy_module(policykit, 1.0.1)
 
 ########################################
 #
@@ -92,6 +92,8 @@ manage_dirs_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
 manage_files_pattern(policykit_auth_t, policykit_var_run_t, policykit_var_run_t)
 files_pid_filetrans(policykit_auth_t, policykit_var_run_t, { file dir })
 
+kernel_read_system_state(policykit_auth_t)
+
 files_read_etc_files(policykit_auth_t)
 files_read_usr_files(policykit_auth_t)
 
@@ -104,6 +106,7 @@ miscfiles_read_localization(policykit_auth_t)
 userdom_dontaudit_read_user_home_content_files(policykit_auth_t)
 
 optional_policy(`
+	dbus_system_bus_client(policykit_auth_t)
 	dbus_session_bus_client(policykit_auth_t)
 
 	optional_policy(`