diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
index 0dc1e23c9..30d0b814d 100644
--- a/policy/modules/services/clamav.if
+++ b/policy/modules/services/clamav.if
@@ -251,6 +251,70 @@ interface(`clamav_scannable_files',`
 	typeattribute $1 clam_scannable_type;
 ')
 
+########################################
+## <summary>
+##	Execute a domain transition to run freshclam.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`clamav_domtrans_freshclam',`
+	gen_require(`
+		type freshclam_t, freshclam_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, freshclam_exec_t, freshclam_t)
+')
+
+########################################
+## <summary>
+##	Execute freshclam in the freshclam domain, and
+##	allow the specified role the freshclam domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`clamav_run_freshclam',`
+	gen_require(`
+		type freshclam_t;
+	')
+
+	clamav_domtrans_freshclam($1)
+	role $2 types freshclam_t;
+')
+
+########################################
+## <summary>
+##	Execute freshclam in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`clamav_exec_freshclam',`
+	gen_require(`
+		type freshclam_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, freshclam_exec_t)
+')
+
 ########################################
 ## <summary>
 ##	Allow specified domain to enable clamd units