Index: refpolicy-2.20190201/policy/modules/services/aptcacher.fc
===================================================================
--- /dev/null
+++ refpolicy-2.20190201/policy/modules/services/aptcacher.fc
@@ -0,0 +1,10 @@
+/usr/sbin/apt-cacher.*	--	gen_context(system_u:object_r:aptcacher_exec_t,s0)
+/usr/lib/apt-cacher-ng/acngtool	-- gen_context(system_u:object_r:aptcacher_exec_t,s0)
+/var/log/apt-cacher(/.*)?	gen_context(system_u:object_r:aptcacher_log_t,s0)
+/var/log/apt-cacher-ng(/.*)?	gen_context(system_u:object_r:aptcacher_log_t,s0)
+/var/lib/apt-cacher-ng(/.*)?	gen_context(system_u:object_r:aptcacher_var_lib_t,s0)
+/var/cache/apt-cacher(/.*)?	gen_context(system_u:object_r:aptcacher_var_lib_t,s0)
+/var/cache/apt-cacher-ng(/.*)?	gen_context(system_u:object_r:aptcacher_var_lib_t,s0)
+/run/apt-cacher(/.*)?		gen_context(system_u:object_r:aptcacher_run_t,s0)
+/run/apt-cacher-ng(/.*)?	gen_context(system_u:object_r:aptcacher_run_t,s0)
+/etc/apt-cacher-ng(/.*)?	gen_context(system_u:object_r:aptcacher_etc_t,s0)
Index: refpolicy-2.20190201/policy/modules/services/aptcacher.if
===================================================================
--- /dev/null
+++ refpolicy-2.20190201/policy/modules/services/aptcacher.if
@@ -0,0 +1,21 @@
+## <summary>apt-cacher, cache for Debian APT repositories.</summary>
+
+######################################
+## <summary>
+##	read aptcacher config
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to read it.
+##	</summary>
+## </param>
+#
+interface(`aptcacher_read_config',`
+	gen_require(`
+		type aptcacher_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 aptcacher_etc_t:dir list_dir_perms;
+	allow $1 aptcacher_etc_t:file mmap_read_file_perms;
+')
Index: refpolicy-2.20190201/policy/modules/services/aptcacher.te
===================================================================
--- /dev/null
+++ refpolicy-2.20190201/policy/modules/services/aptcacher.te
@@ -0,0 +1,70 @@
+policy_module(aptcacher, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type aptcacher_t;
+type aptcacher_exec_t;
+init_daemon_domain(aptcacher_t, aptcacher_exec_t)
+
+type aptcacher_etc_t;
+files_config_file(aptcacher_etc_t)
+
+type aptcacher_log_t;
+logging_log_file(aptcacher_log_t)
+
+type aptcacher_run_t;
+files_pid_file(aptcacher_run_t)
+typealias aptcacher_run_t alias aptcacher_var_run_t;
+
+type aptcacher_var_lib_t;
+files_type(aptcacher_var_lib_t)
+
+########################################
+#
+# Local policy
+#
+
+allow aptcacher_t self:process signal;
+
+allow aptcacher_t self:tcp_socket all_tcp_socket_perms;
+allow aptcacher_t self:netlink_route_socket rw_netlink_socket_perms;
+corenet_tcp_bind_generic_node(aptcacher_t)
+corenet_tcp_connect_http_port(aptcacher_t)
+allow aptcacher_t self:udp_socket create_socket_perms;
+allow aptcacher_t self:unix_stream_socket create_stream_socket_perms;
+allow aptcacher_t self:unix_dgram_socket create_socket_perms;
+
+corenet_tcp_bind_aptcacher_port(aptcacher_t)
+
+sysnet_read_config(aptcacher_t)
+sysnet_map_config(aptcacher_t)
+files_read_etc_files(aptcacher_t)
+
+init_search_pids(aptcacher_t)
+
+allow aptcacher_t aptcacher_etc_t:dir list_dir_perms;
+allow aptcacher_t aptcacher_etc_t:file mmap_read_file_perms;
+allow aptcacher_t aptcacher_etc_t:lnk_file read_lnk_file_perms;
+
+files_pid_filetrans(aptcacher_t, aptcacher_run_t, file)
+manage_files_pattern(aptcacher_t, aptcacher_run_t, aptcacher_run_t)
+allow aptcacher_t aptcacher_run_t:sock_file manage_sock_file_perms;
+
+logging_search_logs(aptcacher_t)
+allow aptcacher_t aptcacher_log_t:dir manage_dir_perms;
+allow aptcacher_t aptcacher_log_t:file manage_file_perms;
+
+files_search_var_lib(aptcacher_t)
+allow aptcacher_t aptcacher_var_lib_t:dir manage_dir_perms;
+allow aptcacher_t aptcacher_var_lib_t:file { map manage_file_perms };
+allow aptcacher_t aptcacher_var_lib_t:lnk_file manage_lnk_file_perms;
+
+kernel_search_fs_sysctls(aptcacher_t)
+
+miscfiles_read_generic_certs(aptcacher_t)
+miscfiles_read_localization(aptcacher_t)
+files_read_usr_files(aptcacher_t)
+
Index: refpolicy-2.20190201/policy/modules/kernel/corenetwork.te.in
===================================================================
--- refpolicy-2.20190201.orig/policy/modules/kernel/corenetwork.te.in
+++ refpolicy-2.20190201/policy/modules/kernel/corenetwork.te.in
@@ -89,6 +89,7 @@ network_port(amqp, udp,5671-5672,s0, tcp
 network_port(aol, udp,5190-5193,s0, tcp,5190-5193,s0)
 network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
 network_port(apertus_ldp, tcp,539,s0, udp,539,s0)
+network_port(aptcacher, tcp,3142,s0)
 network_port(armtechdaemon, tcp,9292,s0, udp,9292,s0)
 network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0)
 network_port(audit, tcp,60,s0)
Index: refpolicy-2.20190201/policy/modules/services/cron.te
===================================================================
--- refpolicy-2.20190201.orig/policy/modules/services/cron.te
+++ refpolicy-2.20190201/policy/modules/services/cron.te
@@ -344,6 +344,11 @@ ifdef(`distro_debian',`
 	')
 
 	optional_policy(`
+		aptcacher_read_config(system_cronjob_t)
+		corenet_tcp_connect_aptcacher_port(system_cronjob_t)
+	')
+
+	optional_policy(`
 		logwatch_search_cache_dir(crond_t)
 	')
 ')
Index: refpolicy-2.20190201/policy/modules/admin/apt.fc
===================================================================
--- refpolicy-2.20190201.orig/policy/modules/admin/apt.fc
+++ refpolicy-2.20190201/policy/modules/admin/apt.fc
@@ -5,6 +5,8 @@
 /usr/bin/apt-shell	--	gen_context(system_u:object_r:apt_exec_t,s0)
 /usr/bin/aptitude	--	gen_context(system_u:object_r:apt_exec_t,s0)
 /usr/sbin/update-apt-xapian-index -- gen_context(system_u:object_r:apt_exec_t,s0)
+/usr/share/unattended-upgrades/unattended-upgrade-shutdown -- gen_context(system_u:object_r:apt_exec_t,s0)
+/usr/bin/unattended-upgrade --	gen_context(system_u:object_r:apt_exec_t,s0)
 
 ifndef(`distro_redhat',`
 /usr/sbin/synaptic	--	gen_context(system_u:object_r:apt_exec_t,s0)
