diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 008b6ec719..d8bb82e7aa 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1839,6 +1839,44 @@ interface(`files_manage_all_files',`
 	')
 ')
 
+########################################
+## <summary>
+##	Manage all block device files on the filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_manage_all_blk_files',`
+	gen_require(`
+		attribute file_type;
+	')
+
+	manage_blk_files_pattern($1, file_type, file_type)
+')
+
+########################################
+## <summary>
+##	Manage all character device files on the filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_manage_all_chr_files',`
+	gen_require(`
+		attribute file_type;
+	')
+
+	manage_chr_files_pattern($1, file_type, file_type)
+')
+
 ########################################
 ## <summary>
 ##	Grant execute access to all files on the filesystem,
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index bc1a41e4e3..6ff006a4b9 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -381,6 +381,9 @@ domain_rw_all_sockets(kernel_t)
 domain_obj_id_change_exemption(kernel_t)
 
 files_manage_all_files(kernel_t)
+files_manage_all_blk_files(kernel_t)
+files_manage_all_chr_files(kernel_t)
+files_relabel_all_files(kernel_t)
 # The 'execute' permission on lower inodes is checked against the mounter
 # cred by overlayfs, so we need to grant it to allow overlay mounts created
 # during early boot to work.