From: Openkylin Developers <packaging@lists.openkylin.top>
Date: Tue, 16 Jun 2026 15:28:27 +0800
Subject: latest

===================================================================
---
 policy/modules/system/udev.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 4b3e09e..c4126c3 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -40,7 +40,7 @@ optional_policy(`
 
 allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_ptrace sys_rawio sys_resource };
 allow udev_t self:capability2 { wake_alarm block_suspend };
-allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
+allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit setrlimit };
 allow udev_t self:fd use;
 allow udev_t self:fifo_file rw_fifo_file_perms;
 allow udev_t self:sock_file read_sock_file_perms;
@@ -88,6 +88,7 @@ manage_sock_files_pattern(udev_t, udev_runtime_t, udev_runtime_t)
 files_runtime_filetrans(udev_t, udev_runtime_t, dir, "udev")
 
 kernel_load_module(udev_t)
+kernel_read_fs_sysctls(udev_t)
 kernel_read_system_state(udev_t)
 kernel_request_load_module(udev_t)
 kernel_getattr_core_if(udev_t)
@@ -327,6 +328,7 @@ optional_policy(`
 
 optional_policy(`
 	fstools_domtrans(udev_t)
+	fstools_getattr_swap_files(udev_t)
 ')
 
 optional_policy(`
