diff --git a/policy/modules/contrib/insights_client.if b/policy/modules/contrib/insights_client.if
index 3028e79eff..215c99b0d4 100644
--- a/policy/modules/contrib/insights_client.if
+++ b/policy/modules/contrib/insights_client.if
@@ -320,3 +320,25 @@ interface(`insights_client_write_tmp',`
files_search_tmp($1)
write_files_pattern($1, insights_client_tmp_t, insights_client_tmp_t)
')
+
+########################################
+##
+## Allow explicit transition to insights_core_t domain.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`insights_domtrans_core',`
+ gen_require(`
+ type insights_core_t;
+ ')
+
+ allow $1 insights_core_t: process transition;
+ allow insights_core_t $1:fd use;
+ allow insights_core_t $1:fifo_file rw_file_perms;
+ allow insights_core_t $1:process sigchld;
+ allow insights_core_t $1:dir search_dir_perms;
+')
diff --git a/policy/modules/contrib/insights_client.te b/policy/modules/contrib/insights_client.te
index 1c7f2040dd..a65386b756 100644
--- a/policy/modules/contrib/insights_client.te
+++ b/policy/modules/contrib/insights_client.te
@@ -43,6 +43,13 @@ files_tmpfs_file(insights_client_tmpfs_t)
type insights_client_unit_file_t;
systemd_unit_file(insights_client_unit_file_t)
+type insights_core_t;
+role system_r types insights_core_t;
+domain_type(insights_core_t)
+
+type insights_core_tmp_t;
+files_tmp_file(insights_core_tmp_t)
+
########################################
#
# insights_client local policy
@@ -417,3 +424,205 @@ optional_policy(`
optional_policy(`
virt_stream_connect(insights_client_t)
')
+
+########################################
+#
+# insights_core local policy
+#
+
+# an explicit transition using setexecfilecon()
+insights_domtrans_core(insights_client_t)
+allow init_t insights_core_t:fifo_file write;
+insights_client_filetrans_named_content(insights_core_t)
+
+allow insights_core_t self:capability { dac_read_search setgid sys_admin };
+allow insights_core_t self:capability2 { checkpoint_restore syslog };
+allow insights_core_t self:process { getattr setpgid };
+
+#allow insights_core_t self:socket_class_set create_socket_perms;
+allow insights_core_t self:appletalk_socket create_socket_perms;
+allow insights_core_t self:ax25_socket create_socket_perms;
+allow insights_core_t self:ipx_socket create_socket_perms;
+allow insights_core_t self:netlink_route_socket r_netlink_socket_perms;
+allow insights_core_t self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read };
+allow insights_core_t self:netrom_socket create_socket_perms;
+allow insights_core_t self:rose_socket create_socket_perms;
+allow insights_core_t self:socket create_socket_perms;
+allow insights_core_t self:tcp_socket create_stream_socket_perms;
+allow insights_core_t self:udp_socket create_socket_perms;
+allow insights_core_t self:unix_dgram_socket create_socket_perms;
+allow insights_core_t self:unix_stream_socket connectto;
+allow insights_core_t self:x25_socket create_socket_perms;
+
+manage_dirs_pattern(insights_core_t, insights_core_tmp_t, insights_core_tmp_t)
+manage_files_pattern(insights_core_t, insights_core_tmp_t, insights_core_tmp_t)
+files_tmp_filetrans(insights_core_t, insights_core_tmp_t, { dir file })
+
+manage_files_pattern(insights_core_t, insights_client_cache_t, insights_client_cache_t)
+
+read_files_pattern(insights_core_t, insights_client_etc_t, insights_client_etc_t)
+create_files_pattern(insights_core_t, insights_client_etc_t, insights_client_etc_t)
+#allow insights_core_t insights_client_etc_t:file { write };
+allow insights_core_t insights_client_etc_rw_t:file { getattr ioctl open read setattr write };
+
+manage_files_pattern(insights_core_t, insights_client_var_lib_t, insights_client_var_lib_t)
+manage_dirs_pattern(insights_core_t, insights_client_var_lib_t, insights_client_var_lib_t)
+
+append_files_pattern(insights_core_t, insights_client_var_log_t, insights_client_var_log_t)
+create_files_pattern(insights_core_t, insights_client_var_log_t, insights_client_var_log_t)
+
+allow insights_core_t insights_client_var_run_t:file { getattr read };
+
+allow insights_core_t insights_client_tmp_t:file { open };
+
+kernel_dgram_send(insights_core_t)
+kernel_read_all_sysctls(insights_core_t)
+kernel_list_all_proc(insights_core_t)
+kernel_read_proc_files(insights_core_t)
+kernel_list_proc(insights_core_t)
+kernel_read_fs_sysctls(insights_core_t)
+kernel_read_network_state_symlinks(insights_core_t)
+kernel_read_software_raid_state(insights_core_t)
+kernel_read_sysctl(insights_core_t)
+kernel_view_key(insights_core_t)
+
+corecmd_bin_entry_type(insights_core_t)
+corecmd_exec_bin(insights_core_t)
+
+corenet_tcp_bind_generic_node(insights_core_t)
+corenet_tcp_connect_http_port(insights_core_t)
+
+dev_getattr_all_chr_files(insights_core_t)
+dev_read_kmsg(insights_core_t)
+dev_read_netcontrol(insights_core_t)
+dev_read_sysfs(insights_core_t)
+
+domain_getattr_all_sockets(insights_core_t)
+domain_connect_all_stream_sockets(insights_core_t)
+domain_getattr_all_domains(insights_core_t)
+domain_getattr_all_pipes(insights_core_t)
+domain_read_all_domains_state(insights_core_t)
+
+files_getattr_all_files(insights_core_t)
+files_getattr_all_blk_files(insights_core_t)
+files_getattr_all_chr_files(insights_core_t)
+files_getattr_all_file_type_fs(insights_core_t)
+files_getattr_all_pipes(insights_core_t)
+files_getattr_all_sockets(insights_core_t)
+files_read_all_symlinks(insights_core_t)
+files_read_non_security_files(insights_core_t)
+
+fs_getattr_nsfs_files(insights_core_t)
+
+seutil_domtrans_semanage(insights_core_t)
+
+optional_policy(`
+ auth_read_passwd_file(insights_core_t)
+')
+
+optional_policy(`
+ bootloader_exec(insights_core_t)
+')
+
+optional_policy(`
+ chronyd_domtrans_chronyc(insights_core_t)
+')
+
+optional_policy(`
+ dmesg_exec(insights_core_t)
+')
+
+optional_policy(`
+ dmidecode_exec(insights_core_t)
+')
+
+optional_policy(`
+ fstools_domtrans(insights_core_t)
+')
+
+optional_policy(`
+ gnome_search_gconf(insights_core_t)
+')
+
+optional_policy(`
+ gpg_entry_type(insights_core_t)
+ gpg_domtrans(insights_core_t)
+')
+
+optional_policy(`
+ hostname_exec(insights_core_t)
+')
+
+
+optional_policy(`
+ init_rw_stream_sockets(insights_core_t)
+ init_view_key(insights_core_t)
+')
+
+optional_policy(`
+ iptables_domtrans(insights_core_t)
+')
+
+
+optional_policy(`
+ journalctl_domtrans(insights_core_t)
+')
+
+
+optional_policy(`
+ libs_exec_ldconfig(insights_core_t)
+')
+
+optional_policy(`
+ logging_domtrans_auditctl(insights_core_t)
+')
+
+optional_policy(`
+ lvm_domtrans(insights_core_t)
+')
+
+optional_policy(`
+ miscfiles_read_generic_certs(insights_core_t)
+')
+
+optional_policy(`
+ modutils_domtrans_kmod(insights_core_t)
+')
+
+optional_policy(`
+ mount_domtrans(insights_core_t)
+')
+
+
+optional_policy(`
+ networkmanager_dbus_chat(insights_core_t)
+')
+
+optional_policy(`
+ rhsmcertd_read_config_files(insights_core_t)
+')
+
+optional_policy(`
+ rpm_domtrans(insights_core_t)
+')
+
+optional_policy(`
+ ssh_exec(insights_core_t)
+')
+
+optional_policy(`
+ #?sysnet_read_config(insights_core_t)
+ sysnet_exec_ifconfig(insights_core_t)
+')
+
+optional_policy(`
+ systemd_dbus_chat_timedated(insights_core_t)
+ systemd_dbus_chat_localed(insights_core_t)
+ systemd_exec_notify(insights_core_t)
+ systemd_status_all_unit_files(insights_core_t)
+')
+
+optional_policy(`
+ userdom_search_user_tmp_dirs(insights_core_t)
+ userdom_view_all_users_keys(insights_core_t)
+')