diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 4bfc55b29..065567004 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -89,6 +89,7 @@ network_port(amqp, udp,5671-5672,s0, tcp,5671-5672,s0)
 network_port(aol, udp,5190-5193,s0, tcp,5190-5193,s0)
 network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
 network_port(apertus_ldp, tcp,539,s0, udp,539,s0)
+network_port(aptcacher, tcp,3142,s0)
 network_port(armtechdaemon, tcp,9292,s0, udp,9292,s0)
 network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0)
 network_port(audit, tcp,60,s0)
diff --git a/policy/modules/services/aptcacher.fc b/policy/modules/services/aptcacher.fc
new file mode 100644
index 000000000..928623131
--- /dev/null
+++ b/policy/modules/services/aptcacher.fc
@@ -0,0 +1,11 @@
+/etc/apt-cacher-ng(/.*)?  gen_context(system_u:object_r:aptcacher_conf_t,s0)
+
+/usr/sbin/apt-cacher-ng -- gen_context(system_u:object_r:aptcacher_exec_t,s0)
+
+/run/apt-cacher-ng(/.*)?  gen_context(system_u:object_r:aptcacher_runtime_t,s0)
+
+/var/cache/apt-cacher-ng(/.*)?	gen_context(system_u:object_r:aptcacher_cache_t,s0)
+
+/var/lib/apt-cacher-ng(/.*)? gen_context(system_u:object_r:aptcacher_lib_t,s0)
+
+/var/log/apt-cacher-ng(/.*)? gen_context(system_u:object_r:aptcacher_log_t,s0)
diff --git a/policy/modules/services/aptcacher.if b/policy/modules/services/aptcacher.if
new file mode 100644
index 000000000..201514e6a
--- /dev/null
+++ b/policy/modules/services/aptcacher.if
@@ -0,0 +1,21 @@
+## <summary>apt-cacher, cache for Debian APT repositories.</summary>
+
+########################################
+## <summary>
+##	Connect to aptcacher using a unix
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`aptcacher_stream_connect',`
+	gen_require(`
+		type aptcacher_t, aptcacher_runtime_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, aptcacher_runtime_t, aptcacher_runtime_t, aptcacher_t)
+')
diff --git a/policy/modules/services/aptcacher.te b/policy/modules/services/aptcacher.te
new file mode 100644
index 000000000..3e4442809
--- /dev/null
+++ b/policy/modules/services/aptcacher.te
@@ -0,0 +1,75 @@
+policy_module(aptcacher, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type aptcacher_t;
+type aptcacher_exec_t;
+init_daemon_domain(aptcacher_t, aptcacher_exec_t)
+
+type aptcacher_conf_t;
+files_config_file(aptcacher_conf_t)
+
+type aptcacher_cache_t;
+files_type(aptcacher_cache_t)
+
+type aptcacher_lib_t;
+files_type(aptcacher_lib_t)
+
+type aptcacher_log_t;
+logging_log_file(aptcacher_log_t)
+
+type aptcacher_runtime_t;
+files_pid_file(aptcacher_runtime_t)
+
+########################################
+#
+# Local policy
+#
+
+allow aptcacher_t self:process signal;
+
+allow aptcacher_t self:fifo_file rw_inherited_fifo_file_perms;
+allow aptcacher_t self:tcp_socket create_stream_socket_perms;
+allow aptcacher_t self:unix_dgram_socket create_socket_perms;
+allow aptcacher_t self:unix_stream_socket create_stream_socket_perms;
+
+allow aptcacher_t aptcacher_conf_t:dir list_dir_perms;
+allow aptcacher_t aptcacher_conf_t:file mmap_read_file_perms;
+# /etc/apt-cacher-ng/ contains symlinks that point to /var/lib/apt-cacher-ng/
+allow aptcacher_t aptcacher_conf_t:lnk_file read_lnk_file_perms;
+
+allow aptcacher_t aptcacher_cache_t:dir manage_dir_perms;
+allow aptcacher_t aptcacher_cache_t:file { manage_file_perms map };
+allow aptcacher_t aptcacher_cache_t:lnk_file manage_lnk_file_perms;
+
+allow aptcacher_t aptcacher_lib_t:file map;
+files_search_var_lib(aptcacher_t)
+read_files_pattern(aptcacher_t, aptcacher_lib_t, aptcacher_lib_t)
+
+allow aptcacher_t aptcacher_log_t:file map;
+logging_search_logs(aptcacher_t)
+manage_files_pattern(aptcacher_t, aptcacher_log_t, aptcacher_log_t)
+
+manage_sock_files_pattern(aptcacher_t, aptcacher_runtime_t, aptcacher_runtime_t)
+
+kernel_read_vm_overcommit_sysctl(aptcacher_t)
+
+corenet_tcp_bind_aptcacher_port(aptcacher_t)
+corenet_tcp_bind_generic_node(aptcacher_t)
+corenet_tcp_connect_http_port(aptcacher_t)
+
+auth_use_nsswitch(aptcacher_t)
+
+# Uses sd_notify() to inform systemd it has properly started
+init_dgram_send(aptcacher_t)
+
+miscfiles_read_generic_certs(aptcacher_t)
+
+# Reads /usr/share/zoneinfo/
+miscfiles_read_localization(aptcacher_t)
+
+# For some reasons it's trying to mmap /etc/hosts.deny
+sysnet_mmap_config_files(aptcacher_t)