diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 008b6ec719..d8bb82e7aa 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1839,6 +1839,44 @@ interface(`files_manage_all_files',`
')
')
+########################################
+##
+## Manage all block device files on the filesystem.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`files_manage_all_blk_files',`
+ gen_require(`
+ attribute file_type;
+ ')
+
+ manage_blk_files_pattern($1, file_type, file_type)
+')
+
+########################################
+##
+## Manage all character device files on the filesystem.
+##
+##
+##
+## Domain allowed access.
+##
+##
+##
+#
+interface(`files_manage_all_chr_files',`
+ gen_require(`
+ attribute file_type;
+ ')
+
+ manage_chr_files_pattern($1, file_type, file_type)
+')
+
########################################
##
## Grant execute access to all files on the filesystem,
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index bc1a41e4e3..6ff006a4b9 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -381,6 +381,9 @@ domain_rw_all_sockets(kernel_t)
domain_obj_id_change_exemption(kernel_t)
files_manage_all_files(kernel_t)
+files_manage_all_blk_files(kernel_t)
+files_manage_all_chr_files(kernel_t)
+files_relabel_all_files(kernel_t)
# The 'execute' permission on lower inodes is checked against the mounter
# cred by overlayfs, so we need to grant it to allow overlay mounts created
# during early boot to work.