diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index 15cb3282..f5daf1e3 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1398,6 +1398,144 @@ interface(`corenet_sendrecv_unlabeled_packets',`
kernel_sendrecv_unlabeled_packets($1)
')
+########################################
+##
+## Send all client packets.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`corenet_send_all_client_packets',`
+ gen_require(`
+ attribute client_packet_type;
+ ')
+
+ allow $1 client_packet_type:packet send;
+')
+
+########################################
+##
+## Receive all client packets.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`corenet_receive_all_client_packets',`
+ gen_require(`
+ attribute client_packet_type;
+ ')
+
+ allow $1 client_packet_type:packet recv;
+')
+
+########################################
+##
+## Send and receive all client packets.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`corenet_sendrecv_all_client_packets',`
+ corenet_send_all_client_packets($1)
+ corenet_recveive_all_client_packets($1)
+')
+
+########################################
+##
+## Relabel packets to any client packet type.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`corenet_relabelto_all_client_packets',`
+ gen_require(`
+ attribute client_packet_type;
+ ')
+
+ allow $1 client_packet_type:packet relabelto;
+')
+
+########################################
+##
+## Send all server packets.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`corenet_send_all_server_packets',`
+ gen_require(`
+ attribute server_packet_type;
+ ')
+
+ allow $1 server_packet_type:packet send;
+')
+
+########################################
+##
+## Receive all server packets.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`corenet_receive_all_server_packets',`
+ gen_require(`
+ attribute server_packet_type;
+ ')
+
+ allow $1 server_packet_type:packet recv;
+')
+
+########################################
+##
+## Send and receive all server packets.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`corenet_sendrecv_all_server_packets',`
+ corenet_send_all_server_packets($1)
+ corenet_recveive_all_server_packets($1)
+')
+
+########################################
+##
+## Relabel packets to any server packet type.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`corenet_relabelto_all_server_packets',`
+ gen_require(`
+ attribute server_packet_type;
+ ')
+
+ allow $1 server_packet_type:packet relabelto;
+')
+
########################################
##
## Send all packets.
diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.in b/refpolicy/policy/modules/kernel/corenetwork.te.in
index cba356f0..abb1370a 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.te.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.in
@@ -1,17 +1,19 @@
-policy_module(corenetwork,1.1.9)
+policy_module(corenetwork,1.1.10)
########################################
#
# Declarations
#
+attribute client_packet_type;
attribute netif_type;
attribute node_type;
attribute packet_type;
attribute port_type;
attribute reserved_port_type;
attribute rpc_port_type;
+attribute server_packet_type;
attribute corenet_unconfined_type;
diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.m4 b/refpolicy/policy/modules/kernel/corenetwork.te.m4
index 70858974..ecae8628 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.te.m4
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.m4
@@ -60,8 +60,8 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
#
define(`network_port',`
type $1_port_t, port_type;
-type $1_client_packet_t, packet_type;
-type $1_server_packet_t, packet_type;
+type $1_client_packet_t, packet_type, client_packet_type;
+type $1_server_packet_t, packet_type, server_packet_type;
declare_ports($1_port_t,shift($*))
')
@@ -69,6 +69,6 @@ declare_ports($1_port_t,shift($*))
# network_packet(packet_name)
#
define(`network_packet',`
-type $1_client_packet_t, packet_type;
-type $1_server_packet_t, packet_type;
+type $1_client_packet_t, packet_type, client_packet_type;
+type $1_server_packet_t, packet_type, server_packet_type;
')