diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
index 0dc1e23c9..30d0b814d 100644
--- a/policy/modules/services/clamav.if
+++ b/policy/modules/services/clamav.if
@@ -251,6 +251,70 @@ interface(`clamav_scannable_files',`
typeattribute $1 clam_scannable_type;
')
+########################################
+##
+## Execute a domain transition to run freshclam.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`clamav_domtrans_freshclam',`
+ gen_require(`
+ type freshclam_t, freshclam_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, freshclam_exec_t, freshclam_t)
+')
+
+########################################
+##
+## Execute freshclam in the freshclam domain, and
+## allow the specified role the freshclam domain.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+##
+##
+## Role allowed access.
+##
+##
+##
+#
+interface(`clamav_run_freshclam',`
+ gen_require(`
+ type freshclam_t;
+ ')
+
+ clamav_domtrans_freshclam($1)
+ role $2 types freshclam_t;
+')
+
+########################################
+##
+## Execute freshclam in the caller domain.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`clamav_exec_freshclam',`
+ gen_require(`
+ type freshclam_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ can_exec($1, freshclam_exec_t)
+')
+
########################################
##
## Allow specified domain to enable clamd units