diff --git a/.gitignore b/.gitignore
index 8033cbf..dadda7b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 /v6.4.3.tar.gz
 /v6.5.0.tar.gz
 /v6.5.2.tar.gz
+/keylime-selinux-1.0.0.tar.gz
diff --git a/keylime.fc b/keylime.fc
deleted file mode 100644
index 5114c47..0000000
--- a/keylime.fc
+++ /dev/null
@@ -1,24 +0,0 @@
-/usr/bin/keylime_agent		--	gen_context(system_u:object_r:keylime_agent_exec_t,s0)
-/usr/bin/keylime_ima_emulator		--	gen_context(system_u:object_r:keylime_agent_exec_t,s0)
-/usr/bin/keylime_userdata_encrypt		--	gen_context(system_u:object_r:keylime_agent_exec_t,s0)
-
-/usr/bin/keylime_ca		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-/usr/bin/keylime_migrations_apply		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-/usr/bin/keylime_registrar		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-/usr/bin/keylime_verifier		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-/usr/bin/keylime_tenant		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-
-/usr/local/bin/keylime_agent		--	gen_context(system_u:object_r:keylime_agent_exec_t,s0)
-/usr/local/bin/keylime_ima_emulator		--	gen_context(system_u:object_r:keylime_agent_exec_t,s0)
-/usr/local/bin/keylime_userdata_encrypt		--	gen_context(system_u:object_r:keylime_agent_exec_t,s0)
-
-/usr/local/bin/keylime_ca		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-/usr/local/bin/keylime_migrations_apply		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-/usr/local/bin/keylime_registrar		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-/usr/local/bin/keylime_verifier		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-/usr/local/bin/keylime_tenant		--	gen_context(system_u:object_r:keylime_server_exec_t,s0)
-
-/var/lib/keylime(/.*)?		gen_context(system_u:object_r:keylime_var_lib_t,s0)
-/var/lib/keylime-agent(/.*)?		gen_context(system_u:object_r:keylime_var_lib_t,s0)
-
-/var/log/keylime(/.*)?		gen_context(system_u:object_r:keylime_log_t,s0)
diff --git a/keylime.spec b/keylime.spec
index 6ae3078..be9857f 100644
--- a/keylime.spec
+++ b/keylime.spec
@@ -1,4 +1,5 @@
 %global srcname keylime
+%global policy_version 1.0.0
 %global with_selinux 1
 %global selinuxtype targeted
 
@@ -8,15 +9,13 @@
 
 Name:    keylime
 Version: 6.5.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Open source TPM software for Bootstrapping and Maintaining Trust
 
 URL:            https://github.com/keylime/keylime
 Source0:        https://github.com/keylime/keylime/archive/refs/tags/v%{version}.tar.gz
 Source1:        %{srcname}.sysusers
-Source2:        %{srcname}.te
-Source3:        %{srcname}.if
-Source4:        %{srcname}.fc
+Source2:        https://github.com/RedHat-SP-Security/%{name}-selinux/archive/v%{policy_version}/keylime-selinux-%{policy_version}.tar.gz
 
 Patch0: 0001-Do-not-use-default-values-that-need-reading-the-conf.patch
 Patch1: 0002-Switch-to-sha256-hashes-for-signatures.patch
@@ -143,15 +142,12 @@ Requires: python3-%{srcname} = %{version}-%{release}
 The Keylime Tenant can be used to provision a Keylime Agent.
 
 %prep
-%autosetup -S git -n %{srcname}-%{version}
+%autosetup -S git -n %{srcname}-%{version} -a2
 
 %if 0%{?with_selinux}
 # SELinux policy (originally from selinux-policy-contrib)
 # this policy module will override the production module
 mkdir selinux
-cp -p %{SOURCE2} selinux/
-cp -p %{SOURCE3} selinux/
-cp -p %{SOURCE4} selinux/
 
 make -f %{_datadir}/selinux/devel/Makefile %{srcname}.pp
 bzip2 -9 %{srcname}.pp
@@ -195,7 +191,7 @@ done
 
 %if 0%{?with_selinux}
 install -D -m 0644 %{srcname}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{srcname}.pp.bz2
-install -D -p -m 0644 selinux/%{srcname}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{srcname}.if
+install -D -p -m 0644 keylime-selinux-%{policy_version}/%{srcname}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{srcname}.if
 %endif
 
 
@@ -345,6 +341,10 @@ fi
 %license LICENSE
 
 %changelog
+* Thu Dec 1 2022 Patrik Koncity <pkoncity@redhat.com> - 6.5.2-2
+- Use keylime selinux policy from upstream.
+  Resolves: rhbz#2152135
+
 * Mon Nov 14 2022 Sergio Correia <scorreia@redhat.com> - 6.5.2-1
 - Update to 6.5.2
   Resolves: CVE-2022-3500
diff --git a/keylime.te b/keylime.te
deleted file mode 100644
index cd02baf..0000000
--- a/keylime.te
+++ /dev/null
@@ -1,140 +0,0 @@
-policy_module(keylime, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-attribute keylime_domain;
-
-type keylime_agent_t;
-keylime_use_keylime_domain(keylime_agent_t)
-type keylime_agent_exec_t;
-init_daemon_domain(keylime_agent_t, keylime_agent_exec_t)
-
-type keylime_server_t;
-keylime_use_keylime_domain(keylime_server_t)
-type keylime_server_exec_t;
-init_daemon_domain(keylime_server_t, keylime_server_exec_t)
-
-type keylime_log_t;
-logging_log_file(keylime_log_t)
-
-type keylime_var_lib_t;
-files_type(keylime_var_lib_t)
-
-type keylime_tmp_t;
-files_tmp_file(keylime_tmp_t)
-
-########################################
-#
-# keylime domain policy
-#
-
-allow keylime_domain self:tcp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(keylime_domain, keylime_tmp_t, keylime_tmp_t)
-manage_files_pattern(keylime_domain, keylime_tmp_t, keylime_tmp_t)
-files_tmp_filetrans(keylime_domain, keylime_tmp_t, { dir file })
-
-manage_dirs_pattern(keylime_domain, keylime_var_lib_t, keylime_var_lib_t)
-manage_files_pattern(keylime_domain, keylime_var_lib_t, keylime_var_lib_t)
-files_var_lib_filetrans(keylime_domain, keylime_var_lib_t, { dir file lnk_file })
-
-corecmd_exec_bin(keylime_domain)
-
-corenet_tcp_bind_generic_node(keylime_domain)
-corenet_tcp_bind_all_ports(keylime_domain)
-corenet_tcp_connect_all_unreserved_ports(keylime_domain)
-
-dev_read_sysfs(keylime_domain)
-
-fs_tmpfs_filetrans(keylime_domain, keylime_var_lib_t, { dir file })
-
-init_named_socket_activation(keylime_domain, keylime_var_lib_t, "keylime")
-
-miscfiles_read_generic_certs(keylime_domain)
-
-sysnet_read_config(keylime_domain)
-
-userdom_exec_user_tmp_files(keylime_domain)
-userdom_manage_user_tmp_dirs(keylime_domain)
-userdom_manage_user_tmp_files(keylime_domain)
-
-########################################
-#
-# keylime server policy
-#
-
-allow keylime_server_t self:netlink_route_socket { create_stream_socket_perms nlmsg_read };
-allow keylime_server_t self:udp_socket create_stream_socket_perms;
-
-manage_dirs_pattern(keylime_server_t, keylime_log_t, keylime_log_t)
-manage_files_pattern(keylime_server_t, keylime_log_t, keylime_log_t)
-
-fs_rw_inherited_tmpfs_files(keylime_server_t)
-
-optional_policy(`
-        gpg_exec(keylime_server_t)
-')
-
-optional_policy(`
-        kerberos_read_config(keylime_server_t)
-        kerberos_read_keytab(keylime_server_t)
-')
-
-optional_policy(`
-        sssd_run_stream_connect(keylime_server_t)
-')
-
-
-########################################
-#
-# keylime agent policy
-#
-#work with /var/lib/keylime/secure
-allow keylime_agent_t self:capability { chown dac_override dac_read_search setgid setuid sys_nice sys_ptrace };
-allow keylime_agent_t self:chr_file getattr;
-
-#FIX ME, add to tabrmd policy interface related with this
-allow keylime_agent_t domain:unix_stream_socket rw_stream_socket_perms; #selint-disable:W-001
-
-dev_rw_tpm(keylime_agent_t)
-
-exec_files_pattern(keylime_agent_t, keylime_var_lib_t, keylime_var_lib_t)
-files_read_var_lib_files(keylime_agent_t)
-
-fs_dontaudit_search_cgroup_dirs(keylime_agent_t)
-fs_getattr_cgroup(keylime_agent_t)
-fs_mount_tmpfs(keylime_agent_t)
-fs_setattr_tmpfs_dirs(keylime_agent_t)
-
-init_dontaudit_stream_connect(keylime_agent_t)
-
-kernel_read_all_proc(keylime_agent_t)
-
-userdom_dontaudit_search_user_home_dirs(keylime_agent_t)
-
-auth_read_passwd(keylime_agent_t)
-
-keylime_mounton_var_lib(keylime_agent_t)
-
-mount_domtrans(keylime_agent_t)
-
-selinux_read_policy(keylime_agent_t)
-
-optional_policy(`
-        #FIX ME, add to tabrmd policy interface related with this
-        #https://github.com/tpm2-software/tpm2-abrmd/blob/master/selinux
-        dbus_chat_system_bus(keylime_agent_t)
-')
-
-optional_policy(`
-        dbus_stream_connect_system_dbusd(keylime_agent_t)
-        dbus_system_bus_client(keylime_agent_t)
-')
-
-optional_policy(`
-        systemd_userdbd_stream_connect(keylime_agent_t)
-        systemd_machined_stream_connect(keylime_agent_t)
-')
diff --git a/sources b/sources
index a879d04..7ad1cb0 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
 SHA512 (v6.5.2.tar.gz) = de73de8d88dbf3bf394ea65036ef22cd5098318c09ff92b5548af2344a9a6f28d2432356d792b0eae72fe619255c4ecfa51f5c7d185b9612a4a04d2fb8e91649
+SHA512 (keylime-selinux-1.0.0.tar.gz) = d0b4fea7407ad493b08e6f087e8f32b1a65acbee59bf6e20a0e26aaa139f56c1206c7e707898fd8a2e11468cd918f76cb6985f68b8a2faa8a2a4b7a9ba4c3674