diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te
new file mode 100644
index 0000000..9b63aba
--- /dev/null
+++ b/sepolicy/vendor/kernel.te
@@ -0,0 +1,7 @@
+allow kernel self:system syslog_read;
+
+# Allow kernel to read kmsg_device
+allow kernel kmsg_device:chr_file r_file_perms;
+
+# Allow kernel to search in block_device
+allow kernel block_device:dir search;