diff --git a/policy/modules/apps/wm.if b/policy/modules/apps/wm.if
index 260a7b015..538d6968f 100644
--- a/policy/modules/apps/wm.if
+++ b/policy/modules/apps/wm.if
@@ -89,6 +89,10 @@ template(`wm_role_template',`
 		gnome_stream_connect_all_gkeyringd($1_wm_t)
 	')
 
+	optional_policy(`
+		networkmanager_watch_etc_dirs($1_wm_t)
+	')
+
 	optional_policy(`
 		policykit_run_auth($1_wm_t, $2)
 		policykit_signal_auth($1_wm_t)
diff --git a/policy/modules/services/networkmanager.if b/policy/modules/services/networkmanager.if
index 4c6dd3424..175ac7532 100644
--- a/policy/modules/services/networkmanager.if
+++ b/policy/modules/services/networkmanager.if
@@ -171,6 +171,24 @@ interface(`networkmanager_signal',`
 	allow $1 NetworkManager_t:process signal;
 ')
 
+########################################
+### <summary>
+###	Watch networkmanager etc dirs.
+### </summary>
+### <param name="domain">
+###	<summary>
+###	Domain allowed access.
+###	</summary>
+### </param>
+##
+interface(`networkmanager_watch_etc_dirs',`
+	gen_require(`
+		type NetworkManager_etc_t;
+	')
+
+	allow $1 NetworkManager_etc_t:dir watch;
+')
+
 ########################################
 ## <summary>
 ##	Read networkmanager etc files.