diff --git a/Changelog b/Changelog
index b0e4cb6..a618ed2 100644
--- a/Changelog
+++ b/Changelog
@@ -11,6 +11,7 @@
- Added modules:
abrt (Dan Walsh)
gitosis (Miroslav Grepl)
+ gnomeclock (Dan Walsh)
hddtemp (Dan Walsh)
kdump (Dan Walsh)
modemmanager(Dan Walsh)
diff --git a/policy/modules/services/gnomeclock.fc b/policy/modules/services/gnomeclock.fc
new file mode 100644
index 0000000..462de63
--- /dev/null
+++ b/policy/modules/services/gnomeclock.fc
@@ -0,0 +1,2 @@
+/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
diff --git a/policy/modules/services/gnomeclock.if b/policy/modules/services/gnomeclock.if
new file mode 100644
index 0000000..716006b
--- /dev/null
+++ b/policy/modules/services/gnomeclock.if
@@ -0,0 +1,65 @@
+## Gnome clock handler for setting the time.
+
+########################################
+##
+## Execute a domain transition to run gnomeclock.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`gnomeclock_domtrans',`
+ gen_require(`
+ type gnomeclock_t, gnomeclock_exec_t;
+ ')
+
+ domtrans_pattern($1, gnomeclock_exec_t, gnomeclock_t)
+')
+
+########################################
+##
+## Execute gnomeclock in the gnomeclock domain, and
+## allow the specified role the gnomeclock domain.
+##
+##
+##
+## Domain allowed access
+##
+##
+##
+##
+## The role to be allowed the gnomeclock domain.
+##
+##
+#
+interface(`gnomeclock_run',`
+ gen_require(`
+ type gnomeclock_t;
+ ')
+
+ gnomeclock_domtrans($1)
+ role $2 types gnomeclock_t;
+')
+
+########################################
+##
+## Send and receive messages from
+## gnomeclock over dbus.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`gnomeclock_dbus_chat',`
+ gen_require(`
+ type gnomeclock_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 gnomeclock_t:dbus send_msg;
+ allow gnomeclock_t $1:dbus send_msg;
+')
diff --git a/policy/modules/services/gnomeclock.te b/policy/modules/services/gnomeclock.te
new file mode 100644
index 0000000..0837f97
--- /dev/null
+++ b/policy/modules/services/gnomeclock.te
@@ -0,0 +1,47 @@
+
+policy_module(gnomeclock, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type gnomeclock_t;
+type gnomeclock_exec_t;
+dbus_system_domain(gnomeclock_t, gnomeclock_exec_t)
+
+########################################
+#
+# gnomeclock local policy
+#
+
+allow gnomeclock_t self:capability { sys_nice sys_time sys_ptrace };
+allow gnomeclock_t self:process { getattr getsched };
+allow gnomeclock_t self:fifo_file rw_fifo_file_perms;
+allow gnomeclock_t self:unix_stream_socket create_stream_socket_perms;
+
+corecmd_exec_bin(gnomeclock_t)
+
+files_read_etc_files(gnomeclock_t)
+files_read_usr_files(gnomeclock_t)
+
+auth_use_nsswitch(gnomeclock_t)
+
+clock_domtrans(gnomeclock_t)
+
+miscfiles_read_localization(gnomeclock_t)
+miscfiles_manage_localization(gnomeclock_t)
+miscfiles_etc_filetrans_localization(gnomeclock_t)
+
+userdom_read_all_users_state(gnomeclock_t)
+
+optional_policy(`
+ consolekit_dbus_chat(gnomeclock_t)
+')
+
+optional_policy(`
+ policykit_dbus_chat(gnomeclock_t)
+ policykit_domtrans_auth(gnomeclock_t)
+ policykit_read_lib(gnomeclock_t)
+ policykit_read_reload(gnomeclock_t)
+')