diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
index a9872c2b2..6c667f393 100644
--- a/policy/modules/system/systemd.fc
+++ b/policy/modules/system/systemd.fc
@@ -92,6 +92,7 @@ HOME_DIR/\.config/systemd/user(/.*)?		gen_context(system_u:object_r:systemd_unit
 /usr/lib/systemd/system-generators/status-mail-generator.sh	--	gen_context(system_u:object_r:systemd_status_mail_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/systemd-sysv-generator	--	gen_context(system_u:object_r:systemd_sysv_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/systemd-tpm2-generator	--	gen_context(system_u:object_r:systemd_tpm2_generator_exec_t,s0)
+/usr/lib/systemd/system-generators/udev-trigger-generator	--	gen_context(system_u:object_r:systemd_udev_trigger_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/zram-generator	--	gen_context(system_u:object_r:systemd_zram_generator_exec_t,s0)
 /usr/lib/systemd/system-generators/.+	--	gen_context(system_u:object_r:systemd_generic_generator_exec_t,s0)
 /usr/lib/systemd/zram-generator.conf	--	gen_context(system_u:object_r:systemd_zram_generator_conf_t,s0)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 13bad0502..7838c7653 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -221,6 +221,8 @@ systemd_generator_template(systemd_ssh_generator)
 systemd_generator_template(systemd_sysv_generator)
 # tpm2-generator
 systemd_generator_template(systemd_tpm2_generator)
+# udev-trigger-generator
+systemd_generator_template(systemd_udev_trigger_generator)
 # zram-generator
 systemd_generator_template(systemd_zram_generator)
 type systemd_zram_generator_conf_t;
@@ -1455,6 +1457,19 @@ init_read_script_files(systemd_sysv_generator_t)
 ### tpm2 generator
 dev_list_sysfs(systemd_tpm2_generator_t)
 
+### udev trigger generator
+corecmd_exec_bin(systemd_udev_trigger_generator_t)
+
+dev_list_sysfs(systemd_udev_trigger_generator_t)
+dev_read_sysfs(systemd_udev_trigger_generator_t)
+
+optional_policy(`
+        # ignore #!/bin/bash reading passwd file
+        auth_dontaudit_read_passwd_file(systemd_udev_trigger_generator_t)
+')
+
+permissive systemd_udev_trigger_generator_t;
+
 ### zram generator
 allow systemd_zram_generator_t systemd_fstab_generator_unit_file_t:file write_file_perms;
 permissive systemd_zram_generator_t;