diff --git a/policy/modules/system/ipsec.if b/policy/modules/system/ipsec.if
index 433abf407..73ddc51ea 100644
--- a/policy/modules/system/ipsec.if
+++ b/policy/modules/system/ipsec.if
@@ -93,6 +93,43 @@ interface(`ipsec_read_config',`
allow $1 ipsec_conf_file_t:file read_file_perms;
')
+########################################
+##
+## Match the default SPD entry.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`ipsec_match_default_spd',`
+ gen_require(`
+ type ipsec_spd_t;
+ ')
+
+ allow $1 ipsec_spd_t:association polmatch;
+')
+
+########################################
+##
+## Set the context of a SPD entry to
+## the default context.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`ipsec_setcontext_default_spd',`
+ gen_require(`
+ type ipsec_spd_t;
+ ')
+
+ allow $1 ipsec_spd_t:association setcontext;
+')
+
########################################
##
## Create, read, write, and delete the IPSEC pid files.
@@ -112,24 +149,6 @@ interface(`ipsec_manage_pid',`
manage_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
')
-########################################
-##
-## Allow to set an default security context of IPsec Policy.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ipsec_setcontext_default_spd',`
- gen_require(`
- type ipsec_spd_t;
- ')
-
- allow $1 ipsec_spd_t:association setcontext;
-')
-
########################################
##
## Execute racoon in the racoon domain.
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
index 80f58e6fb..5743eb589 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -1,5 +1,5 @@
-policy_module(ipsec,1.4.3)
+policy_module(ipsec,1.4.4)
########################################
#
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
index 695ea5115..1bb9f5905 100644
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@@ -74,6 +74,7 @@ interface(`unconfined_domain_noaudit',`
optional_policy(`
ipsec_setcontext_default_spd($1)
+ ipsec_match_default_spd($1)
')
optional_policy(`
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 95a9fc8e3..23fdddf08 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -1,5 +1,5 @@
-policy_module(unconfined,2.0.1)
+policy_module(unconfined,2.0.2)
########################################
#