diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 426122604..24e7c4fd4 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -216,6 +216,25 @@ interface(`corecmd_dontaudit_getattr_bin_files',`
dontaudit $1 bin_t:file getattr_file_perms;
')
+########################################
+##
+## Check if files in bin directories are executable (DAC-wise)
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`corecmd_check_exec_bin_files',`
+ gen_require(`
+ type bin_t;
+ ')
+
+ allow $1 bin_t:dir search_dir_perms;
+ allow $1 bin_t:file { execute getattr };
+')
+
########################################
##
## Read files in bin directories.