new file mode 100644
@@ -0,0 +1,28 @@
+From 38b0116d8504a9c4cc7d9d322fe83ac689a295f6 Mon Sep 17 00:00:00 2001
+From: Gargi Misra <quic_gmisra@quicinc.com>
+Date: Wed, 27 May 2026 13:49:35 +0530
+Subject: [PATCH] refpolicy: Addressing denial seen on alsa to allow write on
+ event dev node
+
+avc: denied { write } for pid=792 comm="alsactl" name="controlC0" dev="devtmpfs" ino=1613 scontext=system_u:system_r:alsa_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file permissive=0
+
+Signed-off-by: Gargi Misra <gmisra@qti.qualcomm.com>
+---
+ policy/modules/admin/alsa.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
+index 37d04a9e5..fd967cb82 100644
+--- a/policy/modules/admin/alsa.te
++++ b/policy/modules/admin/alsa.te
+@@ -87,6 +87,7 @@ dev_read_sound(alsa_t)
+ dev_read_sysfs(alsa_t)
+ dev_read_urand(alsa_t)
+ dev_write_sound(alsa_t)
++dev_rw_input_dev(alsa_t)
+
+ files_read_usr_files(alsa_t)
+ files_search_var_lib(alsa_t)
+--
+2.43.0
+
@@ -74,6 +74,7 @@ SRC_URI += " \
file://0056-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
file://0057-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
file://0058-policy-modules-system-logging-make-syslogd_runtime_t.patch \
+ file://0059-refpolicy-Addressing-denial-seen-on-alsa.patch \
"
S = "${UNPACKDIR}/refpolicy"
avc: denied { write } for pid=792 comm="alsactl" name="controlC0" dev="devtmpfs" ino=1613 scontext=system_u:system_r:alsa_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file permissive=0 Upstream-status: Merged [ https://github.com/SELinuxProject/refpolicy/pull/1117/changes/e0fd56a58954dc234b1a4d5ca30d4e80f84edd31 ] Signed-off-by: Gargi Misra <gmisra@qti.qualcomm.com> --- ...olicy-Addressing-denial-seen-on-alsa.patch | 28 +++++++++++++++++++ .../refpolicy/refpolicy_common.inc | 1 + 2 files changed, 29 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy/0059-refpolicy-Addressing-denial-seen-on-alsa.patch