diff --git a/policy/modules/apps/ptchown.if b/policy/modules/apps/ptchown.if
index cc8a359..f1c2698 100644
--- a/policy/modules/apps/ptchown.if
+++ b/policy/modules/apps/ptchown.if
@@ -18,3 +18,27 @@ interface(`ptchown_domtrans',`
 	domtrans_pattern($1, ptchown_exec_t, ptchown_t)
 ')
 
+########################################
+## <summary>
+##	Execute ptchown in the ptchown domain, and
+##	allow the specified role the ptchown domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the ptchown domain.
+##	</summary>
+## </param>
+#
+interface(`ptchown_run',`
+	gen_require(`
+		type ptchown_t;
+	')
+
+	ptchown_domtrans($1)
+	role $2 types ptchown_t;
+')
diff --git a/policy/modules/apps/ptchown.te b/policy/modules/apps/ptchown.te
index 7fbaec6..7f09e01 100644
--- a/policy/modules/apps/ptchown.te
+++ b/policy/modules/apps/ptchown.te
@@ -24,6 +24,7 @@ files_read_etc_files(ptchown_t)
 fs_rw_anon_inodefs_files(ptchown_t)
 
 term_setattr_generic_ptys(ptchown_t)
+term_getattr_all_ptys(ptchown_t)
 term_setattr_all_ptys(ptchown_t)
 term_use_generic_ptys(ptchown_t)
 term_use_ptmx(ptchown_t)