diff --git a/selinux/ly.fc b/selinux/ly.fc
new file mode 100644
index 0000000..4a96a7b
--- /dev/null
+++ b/selinux/ly.fc
@@ -0,0 +1 @@
+/usr/bin/ly		--	gen_context(system_u:object_r:ly_exec_t,s0)
diff --git a/selinux/ly.if b/selinux/ly.if
new file mode 100644
index 0000000..568f979
--- /dev/null
+++ b/selinux/ly.if
@@ -0,0 +1,41 @@
+
+## <summary>policy for ly</summary>
+
+########################################
+## <summary>
+##	Execute ly_exec_t in the ly domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`ly_domtrans',`
+	gen_require(`
+		type ly_t, ly_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, ly_exec_t, ly_t)
+')
+
+######################################
+## <summary>
+##	Execute ly in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`ly_exec',`
+	gen_require(`
+		type ly_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, ly_exec_t)
+')
+