diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index d18eabc..e617929 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -1,4 +1,62 @@
 # Copyright (C) 2005 Tresys Technology, LLC
+## <module name="bootloader" layer="kernel">
+## <summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
+
+########################################
+## <interface name="bootloader_transition">
+##	<description>
+##		Execute bootloader in the bootloader domain.
+##	</description>
+##	<parameter name="domain">
+##		The type of the process performing this action.
+##	</parameter>
+##	<infoflow type="write" weight="10"/>
+## </interface>
+#
+define(`bootloader_transition',`
+requires_block_template(`$0'_depend)
+allow $1 bootloader_exec_t:file { getattr read execute };
+allow $1 bootloader_t:process transition;
+type_transition $1 bootloader_exec_t:file bootloader_t;
+dontaudit $1 bootloader_t:process { noatsecure siginh rlimitinh };
+')
+
+define(`bootloader_transition_depend',`
+type bootloader_t;
+class file { getattr read execute };
+class process { transition noatsecure siginh rlimitinh };
+')
+
+########################################
+## <interface name="bootloader_transition_add_role_use_terminal">
+##	<description>
+##		Execute bootloader in the bootloader domain, and
+##		allow the specified role the bootloader domain,
+##		and use the caller's terminal.
+##	</description>
+##	<parameter name="domain">
+##		The type of the process performing this action.
+##	</parameter>
+##	<parameter name="role">
+##		The role to be allowed the bootloader domain.
+##	</parameter>
+##	<parameter name="terminal">
+##		The type of the terminal allow the bootloader domain to use.
+##	</parameter>
+##	<infoflow type="write" weight="10"/>
+## </interface>
+#
+define(`bootloader_transition_add_role_use_terminal',`
+requires_block_template(`$0'_depend)
+bootloader_transition($1)
+role $2 types bootloader_t;
+allow bootloader_t $3:chr_file { getattr read write ioctl };
+')
+
+define(`bootloader_transition_add_role_use_terminal_depend',`
+type bootloader_t;
+class chr_file { getattr read write ioctl };
+')
 
 ########################################
 #
@@ -253,3 +311,5 @@ define(`bootloader_create_private_module_dir_entry_depend',`
 type modules_object_t;
 class dir { getattr search read write add_name remove_name };
 ')
+
+## </module>