diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index b634ab90ac..1ef50c9dde 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -2009,6 +2009,8 @@ dev_write_sysfs_dirs(virtnodedevd_t)
files_map_var_lib_files(virtnodedevd_t)
files_watch_etc_dirs(virtnodedevd_t)
+files_etc_filetrans_mdevctl_conf(virtnodedevd_t)
+files_manage_mdevctl_conf_files(virtnodedevd_t)
miscfiles_read_hwdata(virtnodedevd_t)
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index 13920e5839..249ee19e6f 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -60,6 +60,7 @@ ifdef(`distro_suse',`
/etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/securetty -- gen_context(system_u:object_r:etc_runtime_t,s0)
+/etc/mdevctl\.d(/.*) gen_context(system_u:object_r:mdevctl_conf_t,s0)
/etc/sysctl\.conf(\.old)? -- gen_context(system_u:object_r:system_conf_t,s0)
/etc/sysconfig/ebtables.* -- gen_context(system_u:object_r:system_conf_t,s0)
/etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:system_conf_t,s0)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 9828bde921..55fc099ee4 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6028,6 +6028,43 @@ interface(`files_read_world_readable_sockets',`
allow $1 readable_t:sock_file read_sock_file_perms;
')
+#######################################
+##
+## Manage mdevctl configuration files
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`files_manage_mdevctl_conf_files',`
+ gen_require(`
+ type mdevctl_conf_t;
+ ')
+
+ files_search_etc(mdevctl_conf_t)
+ manage_files_pattern($1, mdevctl_conf_t, mdevctl_conf_t)
+')
+
+###################################
+##
+## Create /etc/mdevctl.d with the correct type
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`files_etc_filetrans_mdevctl_conf',`
+ gen_require(`
+ type etc_t, mdevctl_conf_t;
+ ')
+
+ filetrans_pattern($1, etc_t, mdevctl_conf_t, dir, "mdevctl.d")
+')
+
#######################################
##
## Read manageable system configuration files in /etc
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 7cd4518545..f86e4572cf 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -80,6 +80,9 @@ files_ro_base_file(system_conf_t)
# compatibility aliases for removed type:
typealias system_conf_t alias iptables_conf_t;
+# mdevctl_conf_t is a type for files in /etc/mdevctl.d
+type mdevctl_conf_t, configfile;
+
# system_db_t is a new type of various
# db files.
type system_db_t;