diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index ea107a66cb..7916f6a40f 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -75,6 +75,7 @@ corenet_tcp_sendrecv_all_ports(netutils_t)
 corenet_udp_sendrecv_all_ports(netutils_t)
 corenet_tcp_connect_all_ports(netutils_t)
 corenet_sendrecv_all_client_packets(netutils_t)
+corenet_rawip_bind_unreserved_port(netutils_t)
 corenet_udp_bind_generic_node(netutils_t)
 
 dev_read_sysfs(netutils_t)
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index 1858e41d53..9b631a8a68 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -1696,6 +1696,24 @@ interface(`corenet_udp_send_all_ports',`
 	allow $1 port_type:udp_socket send_msg;
 ')
 
+########################################
+## <summary>
+##	Bind rawip sockets to unreserved ports.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_rawip_bind_unreserved_port',`
+	gen_require(`
+		type unreserved_port_t;
+	')
+
+	allow $1 unreserved_port_t:rawip_socket name_bind;
+')
+
 ########################################
 ## <summary>
 ##	Bind SCTP sockets to generic ports.