diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 7ae858a..df42c80 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -14897,7 +14897,7 @@ index 7be4ddf..d5ef507 100644
+/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0)
+/sys/kernel/uevent_helper -- gen_context(system_u:object_r:usermodehelper_t,s0)
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
-index e100d88..c8e32a2 100644
+index e100d88..854e39d 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
@@ -15349,7 +15349,7 @@ index e100d88..c8e32a2 100644
## Unconfined access to kernel module resources.
##
##
-@@ -2972,5 +3192,505 @@ interface(`kernel_unconfined',`
+@@ -2972,5 +3192,525 @@ interface(`kernel_unconfined',`
')
typeattribute $1 kern_unconfined;
@@ -15746,6 +15746,26 @@ index e100d88..c8e32a2 100644
+
+########################################
+##
++## Allow caller to read the security state symbolic links.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`kernel_rw_security_state',`
++ gen_require(`
++ type proc_t, proc_security_t;
++ ')
++
++ rw_files_pattern($1, { proc_t proc_security_t }, proc_security_t)
++
++ list_dirs_pattern($1, proc_t, proc_security_t)
++')
++
++########################################
++##
+## Read and write userhelper state
+##
+##