diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 682a419..6225edb 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -46,6 +46,7 @@
calamaris
cipe
clamav (Erich Schubert)
+ clockspeed (Petre Rodan)
courier
dante
dcc
diff --git a/refpolicy/policy/modules/services/clockspeed.fc b/refpolicy/policy/modules/services/clockspeed.fc
new file mode 100644
index 0000000..a7aa385
--- /dev/null
+++ b/refpolicy/policy/modules/services/clockspeed.fc
@@ -0,0 +1,14 @@
+
+#
+# /usr
+#
+/usr/bin/clockadd -- gen_context(system_u:object_r:clockspeed_cli_exec_t,s0)
+/usr/bin/clockspeed -- gen_context(system_u:object_r:clockspeed_srv_exec_t,s0)
+/usr/bin/sntpclock -- gen_context(system_u:object_r:clockspeed_cli_exec_t,s0)
+/usr/bin/taiclock -- gen_context(system_u:object_r:clockspeed_cli_exec_t,s0)
+/usr/bin/taiclockd -- gen_context(system_u:object_r:clockspeed_srv_exec_t,s0)
+
+#
+# /var
+#
+/var/lib/clockspeed(/.*)? gen_context(system_u:object_r:clockspeed_var_lib_t,s0)
diff --git a/refpolicy/policy/modules/services/clockspeed.if b/refpolicy/policy/modules/services/clockspeed.if
new file mode 100644
index 0000000..9d4c892
--- /dev/null
+++ b/refpolicy/policy/modules/services/clockspeed.if
@@ -0,0 +1,53 @@
+## Clockspeed simple network time protocol client
+
+########################################
+##
+## Execute clockspeed utilities in the clockspeed_cli domain.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`clockspeed_domtrans_cli',`
+ gen_require(`
+ type clockspeed_cli_t, clockspeed_cli_exec_t;
+ ')
+
+ domain_auto_trans($1, clockspeed_cli_exec_t, clockspeed_cli_t)
+ allow clockspeed_cli_t $1:fd use;
+ allow clockspeed_cli_t $1:fifo_file { read write };
+ allow clockspeed_cli_t $1:process sigchld;
+')
+
+########################################
+##
+## Allow the specified role the clockspeed_cli domain.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+##
+## The role to be allowed the clockspeed_cli domain.
+##
+##
+##
+##
+## The type of the terminal allow the clockspeed_cli domain to use.
+##
+##
+#
+template(`clockspeed_run_cli',`
+ gen_require(`
+ type clockspeed_cli_t;
+ ')
+
+ role $2 types clockspeed_cli_t;
+ clockspeed_domtrans_cli($1)
+ allow clockspeed_cli_t $3:chr_file { getattr read write ioctl };
+
+')
diff --git a/refpolicy/policy/modules/services/clockspeed.te b/refpolicy/policy/modules/services/clockspeed.te
new file mode 100644
index 0000000..b06c5ea
--- /dev/null
+++ b/refpolicy/policy/modules/services/clockspeed.te
@@ -0,0 +1,75 @@
+
+policy_module(clockspeed,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type clockspeed_cli_t;
+type clockspeed_cli_exec_t;
+domain_type(clockspeed_cli_t)
+domain_entry_file(clockspeed_cli_t,clockspeed_cli_exec_t)
+
+type clockspeed_srv_t;
+type clockspeed_srv_exec_t;
+init_daemon_domain(clockspeed_srv_t, clockspeed_srv_exec_t)
+
+type clockspeed_var_lib_t;
+files_type(clockspeed_var_lib_t)
+
+########################################
+#
+# Client local policy
+#
+
+allow clockspeed_cli_t self:capability sys_time;
+allow clockspeed_cli_t self:udp_socket create_socket_perms;
+allow clockspeed_cli_t clockspeed_var_lib_t:dir search;
+allow clockspeed_cli_t clockspeed_var_lib_t:file { getattr read };
+
+corenet_non_ipsec_sendrecv(clockspeed_cli_t)
+corenet_udp_sendrecv_generic_if(clockspeed_cli_t)
+corenet_udp_sendrecv_generic_node(clockspeed_cli_t)
+corenet_udp_sendrecv_ntp_port(clockspeed_cli_t)
+
+files_list_var_lib(clockspeed_cli_t)
+files_read_etc_files(clockspeed_cli_t)
+
+libs_use_ld_so(clockspeed_cli_t)
+libs_use_shared_libs(clockspeed_cli_t)
+
+miscfiles_read_localization(clockspeed_cli_t)
+
+########################################
+#
+# Server local policy
+#
+
+allow clockspeed_srv_t self:capability { sys_time net_bind_service };
+allow clockspeed_srv_t self:udp_socket create_socket_perms;
+allow clockspeed_srv_t self:unix_dgram_socket create_socket_perms;
+allow clockspeed_srv_t self:unix_stream_socket create_socket_perms;
+
+allow clockspeed_srv_t clockspeed_var_lib_t:dir rw_dir_perms;
+allow clockspeed_srv_t clockspeed_var_lib_t:file create_file_perms;
+allow clockspeed_srv_t clockspeed_var_lib_t:fifo_file create_file_perms;
+
+corenet_non_ipsec_sendrecv(clockspeed_srv_t)
+corenet_udp_sendrecv_generic_if(clockspeed_srv_t)
+corenet_udp_sendrecv_generic_node(clockspeed_srv_t)
+corenet_udp_sendrecv_ntp_port(clockspeed_srv_t)
+corenet_udp_bind_inaddr_any_node(clockspeed_srv_t)
+corenet_udp_bind_clockspeed_port(clockspeed_srv_t)
+
+files_read_etc_files(clockspeed_srv_t)
+files_list_var_lib(clockspeed_srv_t)
+
+libs_use_ld_so(clockspeed_srv_t)
+libs_use_shared_libs(clockspeed_srv_t)
+
+miscfiles_read_localization(clockspeed_srv_t)
+
+optional_policy(`
+ daemontools_service_domain(clockspeed_srv_t,clockspeed_srv_exec_t)
+')
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 6d9e126..1829821 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -232,6 +232,10 @@ ifdef(`targeted_policy',`
')
optional_policy(`
+ clockspeed_run_cli(sysadm_t,sysadm_r,admin_terminal)
+ ')
+
+ optional_policy(`
certwatach_run(sysadm_t,sysadm_r,admin_terminal)
')