diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
index 58e4d1666b..9dbf6c9e23 100644
--- a/policy/modules/system/systemd.fc
+++ b/policy/modules/system/systemd.fc
@@ -84,6 +84,7 @@ HOME_DIR/\.config/systemd/user(/.*)?		gen_context(system_u:object_r:systemd_unit
 /usr/lib/systemd/system-generators/systemd-fstab-generator	--	gen_context(system_u:object_r:systemd_fstab_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/systemd-getty-generator	--	gen_context(system_u:object_r:systemd_getty_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/systemd-gpt-auto-generator	--	gen_context(system_u:object_r:systemd_gpt_generator_exec_t,s0)
+/usr/lib/systemd/system-generators/systemd-import-generator	--	gen_context(system_u:object_r:systemd_import_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/systemd-rc-local-generator	--	gen_context(system_u:object_r:systemd_rc_local_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/systemd-ssh-generator	--	gen_context(system_u:object_r:systemd_ssh_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/systemd-sysv-generator	--	gen_context(system_u:object_r:systemd_sysv_generator_exec_t,s0)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 676c497ced..2a9583dd4e 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -208,6 +208,8 @@ systemd_generator_template(systemd_fstab_generator)
 systemd_generator_template(systemd_getty_generator)
 # gpt-generator
 systemd_generator_template(systemd_gpt_generator)
+# import-generator
+systemd_generator_template(systemd_import_generator)
 # rc-local-generator
 systemd_generator_template(systemd_rc_local_generator)
 # ssh-generator
@@ -1374,6 +1376,9 @@ optional_policy(`
 ### systemd rc_local generator
 init_exec_script_files(systemd_rc_local_generator_t)
 
+### systemd import generator
+permissive systemd_import_generator_t;
+
 ### ssh generator
 allow systemd_ssh_generator_t self:vsock_socket create;
 allow systemd_ssh_generator_t vsock_device_t:chr_file { read_chr_file_perms };