diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 6ace740f0..b9f90b189 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -920,6 +920,11 @@ interface(`dev_manage_all_dev_nodes',`
 	relabel_dirs_pattern($1, device_t, device_t)
 	relabel_chr_files_pattern($1, device_t, { device_t device_node })
 	relabel_blk_files_pattern($1, device_t, { device_t device_node })
+	allow $1 { device_t device_node }:dir watch;
+	allow $1 { device_t device_node }:sock_file watch;
+	allow $1 { device_t device_node }:lnk_file watch;
+	allow $1 { device_t device_node }:chr_file watch;
+	allow $1 { device_t device_node }:blk_file watch;
 
 	# these next rules are to satisfy assertions broken by the above lines.
 	# the permissions hopefully can be cut back a lot