diff --git a/SOURCES/radicale.fc b/SOURCES/radicale.fc
new file mode 100644
index 0000000..5d4a89b
--- /dev/null
+++ b/SOURCES/radicale.fc
@@ -0,0 +1,13 @@
+/usr/bin/radicale -- gen_context(system_u:object_r:radicale_exec_t,s0)
+
+/usr/lib/systemd/system/radicale.service -- gen_context(system_u:object_r:radicale_unit_file_t,s0)
+
+/var/lib/radicale(/.*)? gen_context(system_u:object_r:radicale_var_lib_t,s0)
+
+/var/log/radicale(/.*)? gen_context(system_u:object_r:radicale_log_t,s0)
+
+/var/run/radicale(/.*)? gen_context(system_u:object_r:radicale_var_run_t,s0)
+
+/etc/radicale(/.*)? gen_context(system_u:object_r:radicale_etc_t,s0)
+
+#portcon tcp 5232 gen_context(system_u:object_r:radicale_port_t,s0)
diff --git a/SOURCES/radicale.if b/SOURCES/radicale.if
new file mode 100644
index 0000000..8fcb228
--- /dev/null
+++ b/SOURCES/radicale.if
@@ -0,0 +1,265 @@
+
+## policy for radicale
+
+########################################
+##
+## Execute TEMPLATE in the radicale domin.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`radicale_domtrans',`
+ gen_require(`
+ type radicale_t, radicale_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, radicale_exec_t, radicale_t)
+')
+########################################
+##
+## Read radicale's log files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`radicale_read_log',`
+ gen_require(`
+ type radicale_log_t;
+ ')
+
+ logging_search_logs($1)
+ read_files_pattern($1, radicale_log_t, radicale_log_t)
+')
+
+########################################
+##
+## Append to radicale log files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`radicale_append_log',`
+ gen_require(`
+ type radicale_log_t;
+ ')
+
+ logging_search_logs($1)
+ append_files_pattern($1, radicale_log_t, radicale_log_t)
+')
+
+########################################
+##
+## Manage radicale log files
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`radicale_manage_log',`
+ gen_require(`
+ type radicale_log_t;
+ ')
+
+ logging_search_logs($1)
+ manage_dirs_pattern($1, radicale_log_t, radicale_log_t)
+ manage_files_pattern($1, radicale_log_t, radicale_log_t)
+ manage_lnk_files_pattern($1, radicale_log_t, radicale_log_t)
+')
+
+########################################
+##
+## Search radicale lib directories.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`radicale_search_lib',`
+ gen_require(`
+ type radicale_var_lib_t;
+ ')
+
+ allow $1 radicale_var_lib_t:dir search_dir_perms;
+ files_search_var_lib($1)
+')
+
+########################################
+##
+## Read radicale lib files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`radicale_read_lib_files',`
+ gen_require(`
+ type radicale_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ read_files_pattern($1, radicale_var_lib_t, radicale_var_lib_t)
+')
+
+########################################
+##
+## Manage radicale lib files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`radicale_manage_lib_files',`
+ gen_require(`
+ type radicale_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ manage_files_pattern($1, radicale_var_lib_t, radicale_var_lib_t)
+')
+
+########################################
+##
+## Manage radicale lib directories.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`radicale_manage_lib_dirs',`
+ gen_require(`
+ type radicale_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ manage_dirs_pattern($1, radicale_var_lib_t, radicale_var_lib_t)
+')
+
+#####################################
+##
+## Read radicale pid files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`radicale_read_pid_files',`
+ gen_require(`
+ type radicale_var_run_t;
+ ')
+ files_search_pids($1)
+ read_files_pattern($1, radicale_var_run_t, radicale_var_run_t)
+')
+
+#####################################
+##
+## Search radicale pid files.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`radicale_search_pid_files',`
+ gen_require(`
+ type radicale_var_run_t;
+ ')
+ files_search_pids($1)
+ search_dirs_pattern($1, radicale_var_run_t, radicale_var_run_t)
+')
+
+########################################
+##
+## Execute radicale server in the radicale domain.
+##
+##
+##
+## Domain allowed to transition.
+##
+##
+#
+interface(`radicale_systemctl',`
+ gen_require(`
+ type radicale_t;
+ type radicale_unit_file_t;
+ ')
+
+ systemd_exec_systemctl($1)
+ systemd_read_fifo_file_password_run($1)
+ allow $1 radicale_unit_file_t:file read_file_perms;
+ allow $1 radicale_unit_file_t:service manage_service_perms;
+
+ ps_process_pattern($1, radicale_t)
+')
+
+
+########################################
+##
+## All of the rules required to administrate
+## an radicale environment
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+##
+## Role allowed access.
+##
+##
+##
+#
+interface(`radicale_admin',`
+ gen_require(`
+ type radicale_t;
+ type radicale_log_t;
+ type radicale_var_lib_t;
+ type radicale_var_run_t;
+ type radicale_unit_file_t;
+ ')
+
+ allow $1 radicale_t:process { ptrace signal_perms };
+ ps_process_pattern($1, radicale_t)
+
+ logging_search_logs($1)
+ admin_pattern($1, radicale_log_t)
+
+ files_search_var_lib($1)
+ admin_pattern($1, radicale_var_lib_t)
+
+ radicale_search_pid_files($1)
+ radicale_read_pid_files($1)
+
+ radicale_systemctl($1)
+ admin_pattern($1, radicale_unit_file_t)
+ allow $1 radicale_unit_file_t:service all_service_perms;
+ optional_policy(`
+ systemd_passwd_agent_exec($1)
+ systemd_read_fifo_file_passwd_run($1)
+ ')
+')
diff --git a/SOURCES/radicale.service b/SOURCES/radicale.service
new file mode 100644
index 0000000..3ff1b75
--- /dev/null
+++ b/SOURCES/radicale.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Radicale CalDAV and CardDAV server
+Documentation=http://radicale.org/documentation/
+After=network-online.target
+Requires=network-online.target
+
+[Service]
+Type=forking
+WorkingDirectory=/var/lib/radicale
+User=radicale
+Group=radicale
+UMask=0027
+PIDFile=/var/run/radicale/radicale.pid
+ExecStart=/usr/bin/radicale --daemon --pid=/var/run/radicale/radicale.pid
+PrivateTmp=true
+CapabilityBoundingSet=
+ProtectSystem=full
+ProtectHome=true
+Restart=on-abnormal
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SOURCES/radicale.te b/SOURCES/radicale.te
new file mode 100644
index 0000000..2a82f38
--- /dev/null
+++ b/SOURCES/radicale.te
@@ -0,0 +1,92 @@
+policy_module(radicale, 1.0.8)
+
+gen_require(`
+ type httpd_t;
+ type pop_port_t;
+')
+
+########################################
+#
+# Declarations
+#
+
+type radicale_t;
+type radicale_exec_t;
+init_daemon_domain(radicale_t, radicale_exec_t)
+
+type radicale_log_t;
+logging_log_file(radicale_log_t)
+
+type radicale_var_lib_t;
+files_type(radicale_var_lib_t)
+
+type radicale_var_run_t;
+files_pid_file(radicale_var_run_t)
+
+type radicale_etc_t;
+files_config_file(radicale_etc_t);
+
+type radicale_unit_file_t;
+systemd_unit_file(radicale_unit_file_t)
+
+type radicale_port_t;
+corenet_port(radicale_port_t)
+
+########################################
+#
+# radicale local policy
+#
+allow radicale_t self:fifo_file rw_fifo_file_perms;
+allow radicale_t self:unix_stream_socket create_stream_socket_perms;
+allow radicale_t self:tcp_socket create_stream_socket_perms;
+allow radicale_t self:unix_dgram_socket create_stream_socket_perms;
+
+allow radicale_t radicale_port_t:tcp_socket name_bind;
+allow radicale_t pop_port_t:tcp_socket name_connect;
+
+manage_dirs_pattern(radicale_t, radicale_log_t, radicale_log_t)
+manage_files_pattern(radicale_t, radicale_log_t, radicale_log_t)
+manage_lnk_files_pattern(radicale_t, radicale_log_t, radicale_log_t)
+logging_log_filetrans(radicale_t, radicale_log_t, { dir file lnk_file })
+
+manage_dirs_pattern(radicale_t, radicale_var_lib_t, radicale_var_lib_t)
+manage_files_pattern(radicale_t, radicale_var_lib_t, radicale_var_lib_t)
+manage_lnk_files_pattern(radicale_t, radicale_var_lib_t, radicale_var_lib_t)
+files_var_lib_filetrans(radicale_t, radicale_var_lib_t, { dir file lnk_file })
+
+manage_files_pattern(radicale_t, radicale_var_run_t, radicale_var_run_t)
+files_pid_filetrans(radicale_t, radicale_var_lib_t, file)
+
+domain_use_interactive_fds(radicale_t)
+
+files_read_etc_files(radicale_t)
+read_files_pattern(radicale_t, radicale_etc_t, radicale_etc_t)
+
+bool httpd_can_read_write_radicale false;
+
+if (httpd_can_read_write_radicale) {
+ manage_dirs_pattern(httpd_t, radicale_log_t, radicale_log_t)
+ manage_files_pattern(httpd_t, radicale_log_t, radicale_log_t)
+ manage_lnk_files_pattern(httpd_t, radicale_log_t, radicale_log_t)
+ #logging_log_filetrans(httpd_t, radicale_log_t, { dir file lnk_file })
+
+ manage_dirs_pattern(httpd_t, radicale_var_lib_t, radicale_var_lib_t)
+ manage_files_pattern(httpd_t, radicale_var_lib_t, radicale_var_lib_t)
+ manage_lnk_files_pattern(httpd_t, radicale_var_lib_t, radicale_var_lib_t)
+ #files_var_lib_filetrans(httpd_t, radicale_var_lib_t, { dir file lnk_file })
+
+ #domain_use_interactive_fds(httpd_t)
+
+ #files_read_etc_files(radicale_t)
+ read_files_pattern(httpd_t, radicale_etc_t, radicale_etc_t)
+}
+
+miscfiles_read_localization(radicale_t)
+dev_read_urand(radicale_t)
+dev_read_rand(radicale_t)
+auth_use_nsswitch(radicale_t)
+corecmd_exec_shell(radicale_t)
+corecmd_exec_bin(radicale_t)
+libs_exec_ldconfig(radicale_t)
+kernel_read_system_state(radicale_t)
+apache_search_config(radicale_t)