diff --git a/dist/targeted/modules.conf b/dist/targeted/modules.conf
index 186bfd3c25..bebf30f59d 100644
--- a/dist/targeted/modules.conf
+++ b/dist/targeted/modules.conf
@@ -3036,3 +3036,11 @@ powerprofiles = module
 #
 #
 pcm = module
+
+# Layer: contrib
+# Module: ktls
+#
+# Policy for ktls - TLS handshake agent for kernel sockets
+#
+#
+ktls = module
diff --git a/policy/modules/contrib/ktls.fc b/policy/modules/contrib/ktls.fc
new file mode 100644
index 0000000000..4545ca7b09
--- /dev/null
+++ b/policy/modules/contrib/ktls.fc
@@ -0,0 +1 @@
+/usr/sbin/tlshd		--	gen_context(system_u:object_r:ktlshd_exec_t,s0)
diff --git a/policy/modules/contrib/ktls.if b/policy/modules/contrib/ktls.if
new file mode 100644
index 0000000000..d6041be3b3
--- /dev/null
+++ b/policy/modules/contrib/ktls.if
@@ -0,0 +1 @@
+## <summary>ktls - TLS handshake agent for kernel sockets</summary>
diff --git a/policy/modules/contrib/ktls.te b/policy/modules/contrib/ktls.te
new file mode 100644
index 0000000000..b1efe9951d
--- /dev/null
+++ b/policy/modules/contrib/ktls.te
@@ -0,0 +1,13 @@
+policy_module(ktls, 1.0)
+
+########################################
+#
+# Declarations
+#
+
+type ktlshd_t;
+type ktlshd_exec_t;
+init_daemon_domain(ktlshd_t, ktlshd_exec_t)
+
+permissive ktlshd_t;
+