diff --git a/parser/libapparmor_re/Makefile b/parser/libapparmor_re/Makefile
index 620dd297e..43d0cee5c 100644
--- a/parser/libapparmor_re/Makefile
+++ b/parser/libapparmor_re/Makefile
@@ -14,6 +14,14 @@ AR ?= ar
 CFLAGS ?= -g -Wall -O2 ${EXTRA_CFLAGS} -std=gnu++0x
 CXXFLAGS := ${CFLAGS} ${INCLUDE_APPARMOR}
 
+LIB_HDRS = aare_rules.h flex-tables.h apparmor_re.h hfa.h chfa.h parse.h \
+	expr-tree.h policy_compat.h
+
+OTHER_HDRS =  ../common_optarg.h ../common_flags.h ../immunix.h \
+	../policydb.h ../perms.h ../rule.h
+
+HDRS = ${LIB_HDRS} ${OTHER_HDRS}
+
 ARFLAGS=-rcs
 
 BISON := bison
@@ -27,17 +35,17 @@ libapparmor_re.a: parse.o expr-tree.o hfa.o chfa.o aare_rules.o policy_compat.o
 
 expr-tree.o: expr-tree.cc expr-tree.h
 
-hfa.o: hfa.cc apparmor_re.h hfa.h ../immunix.h  policy_compat.h
+hfa.o: hfa.cc ${HDRS}
 
-aare_rules.o: aare_rules.cc aare_rules.h apparmor_re.h expr-tree.h hfa.h chfa.h parse.h ../immunix.h
+aare_rules.o: aare_rules.cc ${HDRS}
 
-chfa.o: chfa.cc chfa.h ../immunix.h
+chfa.o: chfa.cc ${HDRS}
 
-policy_compat.o: policy_compat.cc policy_compat.h ../perms.h ../immunix.h
+policy_compat.o: policy_compat.cc ${HDRS}
 
-parse.o : parse.cc apparmor_re.h expr-tree.h
+parse.o : parse.cc ${HDRS}
 
-parse.cc : parse.y parse.h flex-tables.h ../immunix.h
+parse.cc : parse.y ${HDRS}
 	${BISON} -o $@ $<
 
 clean:
diff --git a/parser/libapparmor_re/aare_rules.cc b/parser/libapparmor_re/aare_rules.cc
index c0aea3898..fc903a0e8 100644
--- a/parser/libapparmor_re/aare_rules.cc
+++ b/parser/libapparmor_re/aare_rules.cc
@@ -305,7 +305,19 @@ CHFA *aare_rules::create_chfa(int *min_match_len,
 		//cerr << "Checking extended perms " << extended_perms << "\n";
 		if (extended_perms) {
 			//cerr << "creating permstable\n";
-		  dfa.compute_perms_table(perms_table, prompt);
+			dfa.compute_perms_table(perms_table, prompt);
+			// TODO: move perms table to a class
+			if (opts.dump & DUMP_DFA_TRANS_TABLE && perms_table.size()) {
+				cerr << "Perms Table size: " << perms_table.size() << "\n";
+				perms_table[0].dump_header(cerr);
+				for (size_t i = 0; i < perms_table.size(); i++) {
+					perms_table[i].dump(cerr);
+					cerr << "accept1: 0x";
+					cerr << ", accept2: 0x";
+					cerr << "\n";
+				}
+				cerr << "\n";
+			}
 		}
 		chfa = new CHFA(dfa, eq, opts, extended_perms, prompt);
 		if (opts.dump & DUMP_DFA_TRANS_TABLE)
diff --git a/parser/libapparmor_re/chfa.cc b/parser/libapparmor_re/chfa.cc
index b340c5130..809bcefed 100644
--- a/parser/libapparmor_re/chfa.cc
+++ b/parser/libapparmor_re/chfa.cc
@@ -309,11 +309,16 @@ void CHFA::dump(ostream &os)
 		st.insert(make_pair(i->second, i->first));
 	}
 
-	os << "size=" << default_base.size() << " (accept, default, base):  {state} -> {default state}" << "\n";
+	os << "size=" << default_base.size() << " (accept, accept2, default, base):  {state} -> {default state}" << "\n";
 	for (size_t i = 0; i < default_base.size(); i++) {
 		os << i << ": ";
-		os << "(" << accept[i] << ", " << num[default_base[i].first]
-		   << ", " << default_base[i].second << ")";
+		os << "(" << accept[i] << ", ";
+		if (accept2.size() > 0)
+			os << accept2[i];
+		else
+			os << "---, ";
+		os << num[default_base[i].first] << ", " <<
+			default_base[i].second << ")";
 		if (st[i])
 			os << " " << *st[i];
 		if (default_base[i].first)
diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc
index 9318f8562..575d72073 100644
--- a/parser/libapparmor_re/hfa.cc
+++ b/parser/libapparmor_re/hfa.cc
@@ -1334,8 +1334,7 @@ void DFA::compute_perms_table(vector <aa_perms> &perms_table, bool prompt)
 	perms_table.resize(states.size() * mult);
 
 	// nonmatching and start need to be 0 and 1 so handle outside of loop
-	if (filedfa)
-	  compute_perms_table_ent(nonmatching, 0, perms_table, prompt);
+	compute_perms_table_ent(nonmatching, 0, perms_table, prompt);
 	compute_perms_table_ent(start, 1, perms_table, prompt);
 
 	for (Partition::iterator i = states.begin(); i != states.end(); i++) {
diff --git a/parser/perms.h b/parser/perms.h
index 0d194d9a1..d174565e6 100644
--- a/parser/perms.h
+++ b/parser/perms.h
@@ -24,6 +24,11 @@
  * older versions
  */
 
+#include <ostream>
+#include <iostream>
+using std::ostream;
+using std::cerr;
+
 #include <stdint.h>
 #include <sys/apparmor.h>
 
@@ -82,7 +87,7 @@
  * - exec type - which determines how the executable name and index are used
  * - flags - which modify how the destination name is applied
  */
-#define AA_X_INDEX_MASK		AA_INDEX_MASK
+#define AA_X_INDEX_MASK		0xffffff
 
 #define AA_X_TYPE_MASK		0x0c000000
 #define AA_X_NONE		AA_INDEX_NONE
@@ -96,7 +101,8 @@
 
 typedef uint32_t perm32_t;
 
-struct aa_perms {
+class aa_perms {
+public:
 	perm32_t allow;
 	perm32_t deny;	/* explicit deny, or conflict if allow also set */
 
@@ -115,6 +121,33 @@ struct aa_perms {
 	uint32_t xindex;
 	uint32_t tag;	/* tag string index, if present */
 	uint32_t label;	/* label string index, if present */
+
+	void dump_header(ostream &os)
+	{
+		os << "(allow/deny/prompt//audit/quiet//xindex)\n";
+	}
+
+	void dump(ostream &os)
+	{
+		os << std::hex << "(0x" << allow << "/0x" << deny << "/0x"
+		   << prompt << "//0x" << audit << "/0x" << quiet
+		   << std::dec << "//";
+		if (xindex & AA_X_UNSAFE)
+			os << "unsafe ";
+		if (xindex & AA_X_TYPE_MASK) {
+			if (xindex & AA_X_CHILD)
+				os << "c";
+			else
+				os << "p";
+		}
+		if (xindex & AA_X_INHERIT)
+			os << "i";
+		if (xindex & AA_X_UNCONFINED)
+			os << "u";
+		os << (xindex & AA_X_INDEX_MASK);
+		os << ")";
+	}
+
 };
 
 #endif /* __AA_PERM_H */