diff --git a/linuxptp.if b/linuxptp.if
index cddf96b..ab8cda5 100644
--- a/linuxptp.if
+++ b/linuxptp.if
@@ -158,3 +158,21 @@ interface(`phc2sys_rw_shm',`
read_lnk_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
fs_search_tmpfs($1)
')
+
+#######################################
+##
+## Get timemaster services status
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`timemaster_service_status',`
+ gen_require(`
+ type timemaster_unit_file_t;
+ ')
+
+ allow $1 timemaster_unit_file_t:service status;
+')
diff --git a/linuxptp.te b/linuxptp.te
index 0eb7fff..fc8c2f2 100644
--- a/linuxptp.te
+++ b/linuxptp.te
@@ -67,6 +67,10 @@ corenet_udp_bind_generic_node(timemaster_t)
corenet_udp_bind_ntp_port(timemaster_t)
dev_read_urand(timemaster_t)
+dev_list_sysfs(timemaster_t)
+#dev_write_sysfs(timemaster_t)
+write_files_pattern(timemaster_t, sysfs_t, sysfs_t)
+read_lnk_files_pattern(timemaster_t, sysfs_t, sysfs_t)
logging_send_syslog_msg(timemaster_t)
@@ -157,7 +161,7 @@ allow ptp4l_t self:packet_socket create_socket_perms;
allow ptp4l_t self:unix_stream_socket create_stream_socket_perms;
allow ptp4l_t self:shm create_shm_perms;
allow ptp4l_t self:udp_socket create_socket_perms;
-allow ptp4l_t self:capability { net_admin net_raw sys_time };
+allow ptp4l_t self:capability { net_admin net_raw sys_admin sys_time };
allow ptp4l_t self:capability2 { bpf wake_alarm };
allow ptp4l_t self:netlink_route_socket rw_netlink_socket_perms;
@@ -177,6 +181,7 @@ corenet_udp_bind_ptp_event_port(ptp4l_t)
corenet_udp_bind_reserved_port(ptp4l_t)
kernel_read_network_state(ptp4l_t)
+kernel_request_load_module(ptp4l_t)
dev_rw_realtime_clock(ptp4l_t)