diff --git a/Changelog b/Changelog
index 382ac7a..9497a31 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Init script file and domain support.
 - Glibc 2.7 fix from Vaclav Ovsik.
 - Samba/winbind update from Mike Edenfield.
 - Policy size optimization with a non-security file attribute from James
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index c923e6f..3cdd56a 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -2,6 +2,73 @@
 
 ########################################
 ## <summary>
+##	Create a file type used for init scripts.
+## </summary>
+## <desc>
+##	<p>
+##	Create a file type used for init scripts.
+##	Can not be used in conjunction with
+##	init_script_domain().
+##	</p>
+## </desc>
+## <param name="script_file">
+##	<summary>
+##	Type of the script file used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+interface(`init_script_file',`
+	gen_require(`
+		type initrc_t;
+		attribute init_script_file_type, init_run_all_scripts_domain;
+	')
+
+	typeattribute $1 init_script_file_type;
+
+	domain_entry_file(initrc_t, $1)
+
+	domtrans_pattern(init_run_all_scripts_domain, $1, initrc_t)
+')
+
+########################################
+## <summary>
+##	Create a domain used for init scripts.
+## </summary>
+## <desc>
+##	<p>
+##	Create a domain used for init scripts.
+##	Can not be used in conjunction with
+##	init_script_file().
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Type to be used as an init script domain.
+##	</summary>
+## </param>
+## <param name="script_file">
+##	<summary>
+##	Type of the script file used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+interface(`init_script_domain',`
+	gen_require(`
+		attribute init_script_domain_type, init_script_file_type;
+		attribute init_run_all_scripts_domain;
+	')
+
+	typeattribute $1 init_script_domain_type;
+	typeattribute $2 init_script_file_type;
+
+	domain_type($1)
+	domain_entry_file($1, $2)
+
+	domtrans_pattern(init_run_all_scripts_domain, $2, $1)
+')
+
+########################################
+## <summary>
 ##	Create a domain which can be started by init.
 ## </summary>
 ## <param name="domain">
@@ -703,6 +770,25 @@ interface(`init_getattr_script_files',`
 
 ########################################
 ## <summary>
+##	Read init scripts.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_read_script_files',`
+	gen_require(`
+		type initrc_exec_t;
+	')
+
+	files_search_etc($1)
+	allow $1 initrc_exec_t:file read_file_perms;
+')
+
+########################################
+## <summary>
 ##	Execute init scripts in the caller domain.
 ## </summary>
 ## <param name="domain">
@@ -722,6 +808,63 @@ interface(`init_exec_script_files',`
 
 ########################################
 ## <summary>
+##	Get the attribute of all init script entrypoint files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_getattr_all_script_files',`
+	gen_require(`
+		attribute init_script_file_type;
+	')
+
+	files_list_etc($1)
+	allow $1 init_script_file_type:file getattr;
+')
+
+########################################
+## <summary>
+##	Read all init script files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_read_all_script_files',`
+	gen_require(`
+		attribute init_script_file_type;
+	')
+
+	files_search_etc($1)
+	allow $1 init_script_file_type:file read_file_perms;
+')
+
+########################################
+## <summary>
+##	Execute all init scripts in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_exec_all_script_files',`
+	gen_require(`
+		attribute init_script_file_type;
+	')
+
+	files_list_etc($1)
+	can_exec($1, init_script_file_type)
+')
+
+########################################
+## <summary>
 ##	Read the process state (/proc/pid) of the init scripts.
 ## </summary>
 ## <param name="domain">
@@ -1030,25 +1173,6 @@ interface(`init_dontaudit_use_script_ptys',`
 
 ########################################
 ## <summary>
-##	Read init scripts.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`init_read_script_files',`
-	gen_require(`
-		type initrc_exec_t;
-	')
-
-	files_search_etc($1)
-	allow $1 initrc_exec_t:file read_file_perms;
-')
-
-########################################
-## <summary>
 ##	Get the attributes of init script
 ##	status files.
 ## </summary>
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 51b714c..ebc586d 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -23,6 +23,10 @@ attribute direct_run_init;
 attribute direct_init;
 attribute direct_init_entry;
 
+attribute init_script_domain_type;
+attribute init_script_file_type;
+attribute init_run_all_scripts_domain;
+
 # Mark process types as daemons
 attribute daemon;
 
@@ -51,8 +55,8 @@ type initctl_t;
 files_type(initctl_t)
 mls_trusted_object(initctl_t)
 
-type initrc_t;
-type initrc_exec_t;
+type initrc_t, init_script_domain_type, init_run_all_scripts_domain;
+type initrc_exec_t, init_script_file_type;
 domain_type(initrc_t)
 domain_entry_file(initrc_t,initrc_exec_t)
 role system_r types initrc_t;
@@ -217,7 +221,9 @@ term_create_pty(initrc_t,initrc_devpts_t)
 # Going to single user mode
 init_exec(initrc_t)
 
-can_exec(initrc_t,initrc_exec_t)
+can_exec(initrc_t, init_script_file_type)
+
+domtrans_pattern(init_run_all_scripts_domain, initrc_exec_t, initrc_t)
 
 manage_dirs_pattern(initrc_t,initrc_state_t,initrc_state_t)
 manage_files_pattern(initrc_t,initrc_state_t,initrc_state_t)