diff --git a/core/lib/Drupal/Core/Entity/EntityAccessController.php b/core/lib/Drupal/Core/Entity/EntityAccessController.php
index b092914..ef96170 100644
--- a/core/lib/Drupal/Core/Entity/EntityAccessController.php
+++ b/core/lib/Drupal/Core/Entity/EntityAccessController.php
@@ -19,8 +19,11 @@
  */
 class EntityAccessController extends EntityControllerBase implements EntityAccessControllerInterface {
 
+
+  protected $defaultAccess = FALSE;
+
   /**
-   * Stores calculcated access check results.
+   * Stores calculated access check results.
    *
    * @var array
    */
@@ -67,45 +70,32 @@ public function access(EntityInterface $entity, $operation, $langcode = Language
     // EntityAccessController::checkAccess(). Entities that have checks that
     // need to be done before the hook is invoked should do so by overriding
     // this method.
+    $grant = new EntityGrant($this->defaultAccess);
 
     // We grant access to the entity if both of these conditions are met:
     // - No modules say to deny access.
     // - At least one module says to grant access.
-    $access = array_merge(
-      $this->moduleHandler()->invokeAll('entity_access', array($entity, $operation, $account, $langcode)),
-      $this->moduleHandler()->invokeAll($entity->getEntityTypeId() . '_access', array($entity, $operation, $account, $langcode))
-    );
-
-    if (($return = $this->processAccessHookResults($access)) === NULL) {
-      // No module had an opinion about the access, so let's the access
-      // controller check create access.
-      $return = (bool) $this->checkAccess($entity, $operation, $langcode, $account);
-    }
+    $this->moduleHandler()->invokeAll('entity_access', array($entity, $operation, $account, $langcode, $grant));
+    $this->moduleHandler()->invokeAll($entity->getEntityTypeId() . '_access', array(
+        $entity,
+        $operation,
+        $account,
+        $langcode,
+        $grant
+      ));
+    $return = $this->processGrant($entity, $operation, $langcode, $account, $grant);
     return $this->setCache($return, $entity->uuid(), $operation, $langcode, $account);
   }
 
-  /**
-   * We grant access to the entity if both of these conditions are met:
-   * - No modules say to deny access.
-   * - At least one module says to grant access.
-   *
-   * @param array $access
-   *   An array of access results of the fired access hook.
-   *
-   * @return bool|null
-   *   Returns FALSE if access should be denied, TRUE if access should be
-   *   granted and NULL if no module denied access.
-   */
-  protected function processAccessHookResults(array $access) {
-    if (in_array(FALSE, $access, TRUE)) {
-      return FALSE;
+  protected function processGrant($entity, $operation, $langcode, $account, EntityGrantInterface $grant) {
+    $return = $this->defaultAccess;
+    if ($grant->denied()) {
+      $return = FALSE;
     }
-    elseif (in_array(TRUE, $access, TRUE)) {
-      return TRUE;
-    }
-    else {
-      return;
+    elseif ($grant->allowed()) {
+      $return = (bool) $this->checkAccess($entity, $operation, $langcode, $account);
     }
+    return $return;
   }
 
   /**
diff --git a/core/lib/Drupal/Core/Entity/EntityGrant.php b/core/lib/Drupal/Core/Entity/EntityGrant.php
new file mode 100644
index 0000000..4211b58
--- /dev/null
+++ b/core/lib/Drupal/Core/Entity/EntityGrant.php
@@ -0,0 +1,32 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\Core\Entity\EntityGrant.
+ */
+
+
+namespace Drupal\Core\Entity;
+
+class EntityGrant implements EntityGrantInterface {
+
+  protected $allowed = FALSE;
+
+  protected $denied = FALSE;
+
+  public function voteAllow() {
+    $this->allowed = TRUE;
+  }
+
+  public function voteDeny() {
+    $this->denied = TRUE;
+  }
+
+  public function allowed() {
+    return $this->allowed;
+  }
+
+  public function denied() {
+    return $this->denied;
+  }
+}
diff --git a/core/lib/Drupal/Core/Entity/EntityGrantInterface.php b/core/lib/Drupal/Core/Entity/EntityGrantInterface.php
new file mode 100644
index 0000000..3e79d20
--- /dev/null
+++ b/core/lib/Drupal/Core/Entity/EntityGrantInterface.php
@@ -0,0 +1,20 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\Core\Entity\EntityGrantInterface.
+ */
+
+namespace Drupal\Core\Entity;
+
+interface EntityGrantInterface {
+
+  public function voteAllow();
+
+  public function voteDeny();
+
+  public function allowed();
+
+  public function denied();
+
+}
diff --git a/core/modules/block/src/BlockAccessController.php b/core/modules/block/src/BlockAccessController.php
index 3bd9fb3..c6d70be 100644
--- a/core/modules/block/src/BlockAccessController.php
+++ b/core/modules/block/src/BlockAccessController.php
@@ -21,6 +21,8 @@
  */
 class BlockAccessController extends EntityAccessController implements EntityControllerInterface {
 
+  protected $defaultAccess = TRUE;
+
   /**
    * The node grant storage.
    *
diff --git a/core/modules/migrate_drupal/src/Plugin/migrate/process/d6/FileImageHandler.php b/core/modules/migrate_drupal/src/Plugin/migrate/process/d6/FileImageHandler.php
index b188bee..ff78858 100644
--- a/core/modules/migrate_drupal/src/Plugin/migrate/process/d6/FileImageHandler.php
+++ b/core/modules/migrate_drupal/src/Plugin/migrate/process/d6/FileImageHandler.php
@@ -28,16 +28,7 @@ public function transform($value, MigrateExecutable $migrate_executable, Row $ro
 
     // If it's an array then the map missed.
     if (is_array($value)) {
-
-      // Filefields in D6 have no way to tell if it's an image or file so we
-      // have to look at the widget type as well.
-      if ($row->getSourceProperty('module') == 'filefield') {
-        $widget_type = $row->getSourceProperty('widget_type');
-        $value = $widget_type == "imagefield_widget" ? "image" : "file";
-      }
-      else {
         throw new MigrateSkipRowException();
-      }
     }
 
     return $value;
diff --git a/core/modules/node/node.module b/core/modules/node/node.module
index 38e047b..0eb30c5 100644
--- a/core/modules/node/node.module
+++ b/core/modules/node/node.module
@@ -9,6 +9,7 @@
  */
 
 use Drupal\Component\Utility\Xss;
+use Drupal\Core\Entity\EntityGrantInterface;
 use Drupal\Core\Language\Language;
 use Drupal\Core\Render\Element;
 use Drupal\Core\Url;
@@ -973,7 +974,7 @@ function node_form_block_form_alter(&$form, &$form_state) {
  * Checks the content type specific visibility settings and removes the block
  * if the visibility conditions are not met.
  */
-function node_block_access(Block $block, $operation, AccountInterface $account, $langcode) {
+function node_block_access(Block $block, $operation, AccountInterface $account, $langcode, EntityGrantInterface $grant) {
   // Only affect access when viewing the block.
   if ($operation != 'view') {
     return;
@@ -993,16 +994,17 @@ function node_block_access(Block $block, $operation, AccountInterface $account,
     // For blocks with node types associated, if the node type does not match
     // the settings from this block, deny access to it.
     $request = \Drupal::request();
-    if ($node = $request->attributes->get('node')) {
-      // Page has node.
-      return in_array($node->bundle(), $allowed_types);
+    if (($node = $request->attributes->get('node')) && !in_array($node->bundle(), $allowed_types)) {
+      $grant->voteDeny();
     }
     // This is a node creation page.
     // $request->attributes->has('node_type') would also match administration
     // configuration pages, which the previous URI path options did not.
     if ($request->attributes->get(RouteObjectInterface::ROUTE_NAME) == 'node.add') {
       $node_type = $request->attributes->get('node_type');
-      return in_array($node_type->id(), $allowed_types);
+      if (!in_array($node_type->id(), $allowed_types)) {
+        $grant->voteDeny();
+      }
     }
 
     return FALSE;