# kdevtmpfs accesses devices before ueventd restorecon
allow kernel device: { blk_file chr_file } { create setattr };
allow kernel device:dir { create write add_name };
allow kernel self:capability mknod;