diff --git a/Changelog b/Changelog
index a7805b1..7b9c456 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Add kernel_service access vectors, from Stephen Smalley.
+
 * Wed Dec 10 2008 Chris PeBenito <selinux@tresys.com> - 2.20081210
 - Fix consistency of audioentropy and iscsi module naming.
 - Debian file context fix for xen from Russell Coker.
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 2ba6fa5..ec763b2 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -782,3 +782,9 @@ class x_application_data
 	paste_after_confirm
 	copy
 }
+
+class kernel_service
+{
+	use_as_override
+	create_files_as	
+}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 2a03e65..9e1bf1a 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -116,4 +116,7 @@ class x_event			# userspace
 class x_synthetic_event		# userspace
 class x_application_data	# userspace
 
+# kernel services that need to override task security, e.g. cachefiles
+class kernel_service 
+
 # FLASK