diff --git a/policy/modules/services/networkmanager.fc b/policy/modules/services/networkmanager.fc
index b365e93c3..a0f2f2687 100644
--- a/policy/modules/services/networkmanager.fc
+++ b/policy/modules/services/networkmanager.fc
@@ -9,6 +9,8 @@
 /etc/dhcp/wireless-settings\.conf	--	gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
 /etc/dhcp/wired-settings\.conf	--	gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
 
+/etc/iwd/main\.conf	--	gen_context(system_u:object_r:NetworkManager_etc_t, s0)
+
 /etc/wicd/manager-settings\.conf	--	gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
 /etc/wicd/wireless-settings\.conf	--	gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
 /etc/wicd/wired-settings\.conf	--	gen_context(system_u:object_r:NetworkManager_etc_rw_t, s0)
@@ -16,13 +18,17 @@
 /usr/lib/NetworkManager/nm-dispatcher.*	--	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
 /usr/lib/networkmanager/nm-dispatcher.*	--	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
 /usr/libexec/nm-dispatcher.*	--	gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
+/usr/libexec/iwd			--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 
 # Systemd unit files
 /usr/lib/systemd/system/[^/]*NetworkManager.*	--	gen_context(system_u:object_r:NetworkManager_unit_t,s0)
+/usr/lib/systemd/system/[^/]*iwd.*		--	gen_context(system_u:object_r:NetworkManager_unit_t,s0)
 /usr/lib/systemd/system/[^/]*wpa_supplicant.*	--	gen_context(system_u:object_r:NetworkManager_unit_t,s0)
 
 /usr/bin/NetworkManager			--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 /usr/bin/NetworkManagerDispatcher	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
+/usr/bin/iwctl				--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
+/usr/bin/iwmon				--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 /usr/bin/nm-system-settings		--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 /usr/bin/wicd				--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 /usr/bin/wpa_cli			--	gen_context(system_u:object_r:wpa_cli_exec_t,s0)
@@ -35,6 +41,7 @@
 /usr/sbin/wpa_cli	--	gen_context(system_u:object_r:wpa_cli_exec_t,s0)
 /usr/sbin/wpa_supplicant	--	gen_context(system_u:object_r:NetworkManager_exec_t,s0)
 
+/var/lib/iwd(/.*)?	gen_context(system_u:object_r:NetworkManager_var_lib_t,s0)
 /var/lib/wicd(/.*)?	gen_context(system_u:object_r:NetworkManager_var_lib_t,s0)
 /var/lib/NetworkManager(/.*)?	gen_context(system_u:object_r:NetworkManager_var_lib_t,s0)
 
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index 7abf7b520..c23e3f86b 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -57,6 +57,7 @@ allow NetworkManager_t self:tcp_socket { accept listen };
 allow NetworkManager_t self:tun_socket { create_socket_perms relabelfrom relabelto };
 allow NetworkManager_t self:packet_socket create_socket_perms;
 allow NetworkManager_t self:socket create_socket_perms;
+allow NetworkManager_t self:alg_socket { accept bind create read setopt write };
 # ICMPv6 router solicitation/advertisement
 allow NetworkManager_t self:rawip_socket { create setopt getattr write read };
 
@@ -83,6 +84,7 @@ files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, { sock_file file })
 manage_dirs_pattern(NetworkManager_t, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
 manage_files_pattern(NetworkManager_t, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
 files_var_lib_filetrans(NetworkManager_t, NetworkManager_var_lib_t, dir)
+allow NetworkManager_t NetworkManager_var_lib_t:file map;
 
 manage_dirs_pattern(NetworkManager_t, NetworkManager_runtime_t, NetworkManager_runtime_t)
 manage_files_pattern(NetworkManager_t, NetworkManager_runtime_t, NetworkManager_runtime_t)