diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc
index 7d45d15ab..0ea25b653 100644
--- a/policy/modules/kernel/terminal.fc
+++ b/policy/modules/kernel/terminal.fc
@@ -19,6 +19,7 @@
 /dev/slamr[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
 /dev/tty		-c	gen_context(system_u:object_r:devtty_t,s0)
 /dev/ttySG.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
+/dev/vport[0-9]p[0-9]+	-c	gen_context(system_u:object_r:virtio_device_t,s0)
 /dev/xvc[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
 
 /dev/pty/.*		-c	gen_context(system_u:object_r:bsdpty_device_t,s0)
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
index 771bce186..cbb729b66 100644
--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -1512,3 +1512,22 @@ interface(`term_dontaudit_use_all_user_ttys',`
 	refpolicywarn(`$0() is deprecated, use term_dontaudit_use_all_ttys() instead.')
 	term_dontaudit_use_all_ttys($1)
 ')
+
+#####################################
+## <summary>
+##	Read from and write virtio console.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`term_use_virtio_console',`
+	gen_require(`
+		type virtio_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 virtio_device_t:chr_file rw_term_perms;
+')
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
index 224e500c1..a4c999890 100644
--- a/policy/modules/kernel/terminal.te
+++ b/policy/modules/kernel/terminal.te
@@ -56,3 +56,7 @@ dev_node(tty_device_t)
 #
 type usbtty_device_t, serial_device;
 dev_node(usbtty_device_t)
+
+type virtio_device_t, serial_device;
+dev_node(virtio_device_t)
+