diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index cc2052870..58c010fc8 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -2026,6 +2026,44 @@ interface(`corenet_dontaudit_tcp_connect_all_rpc_ports',`
 	dontaudit $1 rpc_port_type:tcp_socket name_connect;
 ')
 
+########################################
+## <summary>
+##	Read the TUN/TAP virtual network device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain read allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_read_tun_tap_dev',`
+	gen_require(`
+		type tun_tap_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tun_tap_device_t:chr_file read_chr_file_perms;
+')
+
+########################################
+## <summary>
+##	Write the TUN/TAP virtual network device.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The domain allowed write access.
+##	</summary>
+## </param>
+#
+interface(`corenet_write_tun_tap_dev',`
+	gen_require(`
+		type tun_tap_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 tun_tap_device_t:chr_file write_chr_file_perms;
+')
+
 ########################################
 ## <summary>
 ##	Read and write the TUN/TAP virtual network device.