diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index a167126da..bd08f81d3 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -198,8 +198,10 @@ ifdef(`distro_suse', `
 /dev/xen/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
 /dev/xen/gntdev		-c	gen_context(system_u:object_r:xen_device_t,s0)
 /dev/xen/gntalloc	-c	gen_context(system_u:object_r:xen_device_t,s0)
+/dev/xen/hypercall	-c	gen_context(system_u:object_r:xen_device_t,s0)
 /dev/xen/privcmd	-c	gen_context(system_u:object_r:xen_device_t,s0)
 /dev/xen/xenbus		-c	gen_context(system_u:object_r:xen_device_t,s0)
+/dev/xen/xenbus_backend	-c	gen_context(system_u:object_r:xen_device_t,s0)
 
 ifdef(`distro_debian',`
 # this is a static /dev dir "backup mount"
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index b6775c061..8811d77a4 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -323,6 +323,10 @@ optional_policy(`
 	devicekit_admin(sysadm_t, sysadm_r)
 ')
 
+optional_policy(`
+	dev_rw_xen(sysadm_t)
+')
+
 optional_policy(`
 	dhcpd_admin(sysadm_t, sysadm_r)
 ')