diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
index 6e6d758d0..5eef8960b 100644
--- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te
@@ -67,6 +67,7 @@ kernel_read_software_raid_state(bootloader_t)
 kernel_read_kernel_sysctls(bootloader_t)
 kernel_search_debugfs(bootloader_t)
 kernel_setsched(bootloader_t)
+kernel_dontaudit_getattr_proc(bootloader_t)
 # for grub-probe
 kernel_request_load_module(bootloader_t)
 
@@ -90,6 +91,7 @@ fs_getattr_dos_fs(bootloader_t)
 fs_getattr_tmpfs(bootloader_t)
 fs_read_tmpfs_symlinks(bootloader_t)
 #Needed for EFI
+fs_getattr_efivarfs(bootloader_t)
 fs_manage_dos_files(bootloader_t)
 fs_mmap_read_dos_files(bootloader_t)
 
@@ -153,6 +155,7 @@ miscfiles_read_localization(bootloader_t)
 mount_rw_runtime_files(bootloader_t)
 
 selinux_getattr_fs(bootloader_t)
+selinux_use_status_page(bootloader_t)
 seutil_read_bin_policy(bootloader_t)
 seutil_read_file_contexts(bootloader_t)
 seutil_read_loadpolicy(bootloader_t)
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index e0a7e4bc7..0047ea89e 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -2155,6 +2155,24 @@ interface(`fs_manage_dos_files',`
 	manage_files_pattern($1, dosfs_t, dosfs_t)
 ')
 
+########################################
+## <summary>
+##	Get the attributes of efivarfs filesystems.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`fs_getattr_efivarfs',`
+	gen_require(`
+		type efivarfs_t;
+	')
+
+	allow $1 efivarfs_t:filesystem getattr;
+')
+
 ########################################
 ## <summary>
 ##	List dirs in efivarfs filesystem.