diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index 3e3f40d749..aea774e8c6 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -37,6 +37,7 @@ template(`sudo_role_template',`
 
 	gen_require(`
 		type sudo_exec_t;
+		type sudo_log_t;
 		attribute sudodomain;
 	')
 
@@ -74,6 +75,10 @@ template(`sudo_role_template',`
 	allow $1_sudo_t self:key manage_key_perms;
 	dontaudit $1_sudo_t self:capability { dac_read_search sys_ptrace };
 
+	allow $1_sudo_t sudo_log_t:dir add_entry_dir_perms;
+	allow $1_sudo_t sudo_log_t:file { append_file_perms create_file_perms };
+	logging_log_filetrans($1_sudo_t, sudo_log_t, file)
+
 	# allow getting the process group of the parent process
 	allow $1_sudo_t $2:process getpgid;
 	allow $1_sudo_t $2:unix_stream_socket rw_socket_perms;
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
index 9364d37683..725b917607 100644
--- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te
@@ -29,6 +29,9 @@ attribute sudodomain;
 type sudo_exec_t;
 application_executable_file(sudo_exec_t)
 
+type sudo_log_t;
+logging_log_file(sudo_log_t)
+
 tunable_policy(`sudo_all_tcp_connect_http_port',`
 	corenet_tcp_connect_http_port(sudodomain)
 ')