diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
new file mode 100644
index 0000000..82f4d3d
--- /dev/null
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -0,0 +1,14 @@
+########################################
+#
+# sysnetwork_read_network_config(domain,[`optional'])
+#
+define(`sysnetwork_read_network_config',`
+requires_block_template(sysnetwork_read_network_config_depend,$2)
+# FIXME: allow $1 etc_t:dir search;
+allow $1 net_conf_t:file { getattr read };
+')
+
+define(`sysnetwork_read_network_config_depend',`
+type net_conf_t;
+class file { getattr read };
+')
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
new file mode 100644
index 0000000..c60908a
--- /dev/null
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -0,0 +1,2 @@
+type net_conf_t alias resolv_conf_t;
+files_make_file(net_conf_t)