diff --git a/Add-pcp_domain-selinux-policy.patch b/Add-pcp_domain-selinux-policy.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1139cef242dc102c74ee5754442bd8ed4942293c
--- /dev/null
+++ b/Add-pcp_domain-selinux-policy.patch
@@ -0,0 +1,55 @@
+From 630e0e4e304c751127329009000dc0abcb5a62dc Mon Sep 17 00:00:00 2001
+From: lingsheng <lingsheng@huawei.com>
+Date: Tue, 8 Jun 2021 10:39:37 +0800
+Subject: [PATCH] Add pcp_domain selinux policy
+
+---
+ src/selinux/pcpupstream.te.in | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/selinux/pcpupstream.te.in b/src/selinux/pcpupstream.te.in
+index 8a8cc22..77ede46 100644
+--- a/src/selinux/pcpupstream.te.in
++++ b/src/selinux/pcpupstream.te.in
+@@ -1,6 +1,9 @@
+ module pcpupstream @PACKAGE_VERSION@;
+ 
+ require {
++	attribute domain;
++	attribute pcp_domain;
++
+ 	type pcp_pmcd_t;
+ 	type user_home_t;
+ 	type user_home_dir_t; #RHBZ1488116
+@@ -79,7 +82,7 @@ require {
+         type system_cronjob_t;
+         type xdm_t;
+         type postgresql_t;
+-        class sem { unix_read associate getattr };
++        class sem { unix_read associate getattr read};
+ 	class lnk_file { read getattr };
+ 	class file { append create execute execute_no_trans getattr ioctl lock open read write @PCP_HOSTNAME_EXEC_MAP@ };
+ 	class dir { add_name open read search write getattr };
+@@ -93,7 +96,7 @@ require {
+ 	@PCP_SOCK_FILE_GETATTR@
+ 	@PCP_CLASS_STATUS@
+ 	class tcp_socket { name_bind name_connect };
+-	class shm { unix_read associate getattr };
++	class shm { unix_read associate getattr read};
+ 	class filesystem mount;
+ 	class blk_file { ioctl open read };
+ 	class msgq { unix_read };
+@@ -286,6 +289,10 @@ allow pcp_pmcd_t postgresql_t:shm { associate getattr unix_read };
+ #type=AVC msg=audit(...): avc:  denied  { connectto } for  pid=NNN comm="python" path="/run/postgresql/.s.PGSQL.5432" scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:postgresql_t:s0 tclass=unix_stream_socket
+ allow pcp_pmcd_t postgresql_t:unix_stream_socket connectto;
+ 
++# allow pcp_pmcd_t domain to read shared memory and semaphores of all domain on system
++allow pcp_domain domain:shm r_sem_perms;
++allow pcp_domain domain:sem r_shm_perms;
++
+ #============= pcp_pmlogger_t ==============
+ allow pcp_pmlogger_t kmsg_device_t:chr_file { open write };
+ allow pcp_pmlogger_t self:capability kill;
+-- 
+2.23.0
+
diff --git a/pcp.spec b/pcp.spec
index cc7753d310a765b395ec43048e6163fc7e874d48..537e6960e08d5aef508e534b77fa4bcd748b473b 100644
--- a/pcp.spec
+++ b/pcp.spec
@@ -11,7 +11,7 @@
 Name:             pcp
 Version:          4.1.3
 Summary:          System-level performance monitoring and performance management
-Release:          15
+Release:          16
 License:          GPLv2+ and LGPLv2.1+ and CC-BY
 URL:              https://pcp.io
 Source0:          https://dl.bintray.com/pcp/source/pcp-4.1.3.tar.gz
@@ -21,11 +21,12 @@ Source3:          https://github.com/performancecopilot/pcp-webapp-graphite/arch
 Source4:          https://github.com/performancecopilot/pcp-webapp-blinkenlights/archive/1.0.1/pcp-webapp-blinkenlights-1.0.1.tar.gz
 Patch0000:        0000-Fix-some-options-and-syntax-errors.patch
 Patch0001:        0001-Fix-collectl2pcp-option.patch
+Patch0002:        0002-fix-some-pcp-pidstat-bugs.patch
+Patch0003:        0003-fix-pcp-pidstat-bug.patch
+Patch0004:        0004-modify-python2-to-python3.patch
+Patch0005:        Add-pcp_domain-selinux-policy.patch
 Patch6000:        CVE-2019-3695-CVE-2019-3696.patch
 Patch9000:        9000-fix-new-function-not-found-when-Install.patch
-Patch9001:        0002-fix-some-pcp-pidstat-bugs.patch
-Patch9002:        0003-fix-pcp-pidstat-bug.patch
-Patch9003:        0004-modify-python2-to-python3.patch
 
 BuildRequires:    gcc gcc-c++ procps autoconf bison flex nss-devel rpm-devel avahi-devel xz-devel zlib-devel
 BuildRequires:    python3-devel ncurses-devel readline-devel cyrus-sasl-devel papi-devel libpfm-devel >= 4
@@ -860,11 +861,12 @@ This package installs selinux support files for PCP.
 %setup -q
 %patch0000 -p1
 %patch0001 -p1
+%patch0002 -p1
+%patch0003 -p1
+%patch0004 -p1
+%patch0005 -p1
 %patch6000 -p1
 %patch9000 -p1
-%patch9001 -p1
-%patch9002 -p1
-%patch9003 -p1
 
 %build
 
@@ -2218,6 +2220,9 @@ fi
 %config(noreplace) /etc/pcp/pmrep/*
 
 %changelog
+* Tue Jun  8 2021 lingsheng <lingsheng@huawei.com> - 4.1.3-16
+- Add pcp_domain selinux policy
+
 * Mon Nov 09 2020 lingsheng <lingsheng@huawei.com> - 4.1.3-15
 - Change require to python3-bpfcc