diff --git a/policy/modules/contrib/qatlib.te b/policy/modules/contrib/qatlib.te
index 0e0cf2242d..72c13816c8 100644
--- a/policy/modules/contrib/qatlib.te
+++ b/policy/modules/contrib/qatlib.te
@@ -22,6 +22,7 @@ files_pid_file(qatlib_var_run_t)
 #
 # qatlib local policy
 #
+allow qatlib_t self:capability { sys_admin sys_module };
 allow qatlib_t self:fifo_file rw_fifo_file_perms;
 allow qatlib_t self:system module_load;
 allow qatlib_t self:unix_stream_socket create_stream_socket_perms;
@@ -33,7 +34,8 @@ list_dirs_pattern(qatlib_t, qatlib_conf_t, qatlib_conf_t)
 
 manage_dirs_pattern(qatlib_t, qatlib_var_run_t, qatlib_var_run_t)
 manage_files_pattern(qatlib_t, qatlib_var_run_t, qatlib_var_run_t)
-files_pid_filetrans(qatlib_t, qatlib_var_run_t, { dir file } )
+manage_sock_files_pattern(qatlib_t, qatlib_var_run_t, qatlib_var_run_t)
+files_pid_filetrans(qatlib_t, qatlib_var_run_t, { dir file sock_file } )
 
 kernel_read_proc_files(qatlib_t)
 kernel_request_load_module(qatlib_t)
@@ -43,6 +45,7 @@ corecmd_exec_bin(qatlib_t)
 
 dev_create_sysfs_files(qatlib_t)
 dev_rw_sysfs(qatlib_t)
+dev_rw_vfio_dev(qatlib_t)
 dev_setattr_generic_dirs(qatlib_t)
 
 domain_use_interactive_fds(qatlib_t)
@@ -54,6 +57,7 @@ optional_policy(`
 ')
 
 optional_policy(`
+	miscfiles_read_hwdata(qatlib_t)
 	miscfiles_read_localization(qatlib_t)
 ')