diff --git a/Changelog b/Changelog
index 3685f81f2..bce84b4c6 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Change corenetwork port declaration to apply the reserved port type
+  attribute only, when the type has ports above and below 1024.
 - Change secure_mode_policyload to disable only toggling of this Boolean
   rather than disabling all Boolean toggling permissions.
 - Use role attributes to assist with domain transitions in interactive
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index c3864b4bc..5141dbfd8 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,4 +1,4 @@
-policy_module(corenetwork, 1.16.3)
+policy_module(corenetwork, 1.16.4)
 
 ########################################
 #
diff --git a/policy/modules/kernel/corenetwork.te.m4 b/policy/modules/kernel/corenetwork.te.m4
index 7bf25edcf..3f6e16889 100644
--- a/policy/modules/kernel/corenetwork.te.m4
+++ b/policy/modules/kernel/corenetwork.te.m4
@@ -77,13 +77,19 @@ type $1_node_t alias node_$1_t, node_type;
 declare_nodes($1_node_t,shift($*))
 ')
 
-# bindresvport in glibc starts searching for reserved ports at 512
-define(`declare_ports',`dnl
-ifelse(eval(range_start($3) < 1024),1,`typeattribute $1 reserved_port_type;
-ifelse(eval(range_start($3) >= 512),1,`typeattribute $1 rpc_port_type;',`dnl')
-',`typeattribute $1 unreserved_port_type;')
+define(`declare_portcons',`dnl
 portcon $2 $3 gen_context(system_u:object_r:$1,$4)
-ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
+ifelse(`$5',`',`',`declare_portcons($1,shiftn(4,$*))')dnl
+')
+
+define(`add_port_attribute',`dnl
+ifelse(eval(range_start($2) < 1024),1,`typeattribute $1 reserved_port_type;',`typeattribute $1 unreserved_port_type;')
+')
+
+# bindresvport in glibc starts searching for reserved ports at 512
+define(`add_rpc_attribute',`dnl
+ifelse(eval(range_start($3) >= 512 && range_start($3) < 1024),1,`typeattribute $1 rpc_port_type;
+',`ifelse(`$5',`',`',`add_rpc_attribute($1,shiftn(4,$*))')')dnl
 ')
 
 #
@@ -93,7 +99,9 @@ define(`network_port',`
 type $1_port_t, port_type, defined_port_type;
 type $1_client_packet_t, packet_type, client_packet_type;
 type $1_server_packet_t, packet_type, server_packet_type;
-ifelse(`$2',`',`',`declare_ports($1_port_t,shift($*))')dnl
+ifelse(`$2',`',`',`add_port_attribute($1_port_t,$3)')dnl
+ifelse(`$2',`',`',`add_rpc_attribute($1_port_t,shift($*))')dnl
+ifelse(`$2',`',`',`declare_portcons($1_port_t,shift($*))')dnl
 ')
 
 #