diff --git a/policy/policy_capabilities b/policy/policy_capabilities
index db3cbca45..70a431180 100644
--- a/policy/policy_capabilities
+++ b/policy/policy_capabilities
@@ -31,3 +31,13 @@ policycap network_peer_controls;
 # blk_file: open
 #
 policycap open_perms;
+
+# Always enforce network access controls, even
+# if labeling is not configured for them.
+# Available in kernel 3.13+
+#
+# Checks enabled:
+# packet: send recv
+# peer: recv
+#
+# policycap always_check_network;