From 46f2e627e6ab295a69a12f97ab32866ac32d6f58 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <chpebeni@linux.microsoft.com>
Date: Fri, 20 Dec 2019 14:37:29 -0500
Subject: [PATCH] udev: Watch devices.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
---
 policy/modules/kernel/devices.if | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 6ace740f0..b9f90b189 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -920,6 +920,11 @@ interface(`dev_manage_all_dev_nodes',`
 	relabel_dirs_pattern($1, device_t, device_t)
 	relabel_chr_files_pattern($1, device_t, { device_t device_node })
 	relabel_blk_files_pattern($1, device_t, { device_t device_node })
+	allow $1 { device_t device_node }:dir watch;
+	allow $1 { device_t device_node }:sock_file watch;
+	allow $1 { device_t device_node }:lnk_file watch;
+	allow $1 { device_t device_node }:chr_file watch;
+	allow $1 { device_t device_node }:blk_file watch;
 
 	# these next rules are to satisfy assertions broken by the above lines.
 	# the permissions hopefully can be cut back a lot