On a post a couple of years back, I showed a solution to enable cross-domain calls for Silverlight apps on self-hosted WCF services. In Silverlight 4, we added a new transport (net.tcp), which needs its own policy file as well (see more details at http://blogs.msdn.com/b/silverlightws/archive/2010/04/09/policy-file-for-nettcp.aspx). If you are running IIS (or some other web service) on port 80 the machine on which the TCP service is running, the easiest way to deploy the appropriate policy file is to simply copy the file to its root directory (in IIS it would be something like c:\inetpub\wwwroot), and you're ready to go.
If you don't have IIS, however, you can use a similar solution than the one I had for "normal" (i.e., HTTP-based) WCF services to serve the policy file for the TCP service. Again, if you have IIS (or other web service running on port 80), you don't need to do this, just drop the policy file on the server root directory and you're good to go. Essentially, the code will act as a web server and serve the "policy file" to SL apps when requested. The base address for the WCF REST service would be listening at port 80 on the machine, and its endpoint would be listening at the "" address. Here's the code: