diff --git a/xen.te b/xen.te
index e2b80ac..8358a63 100644
--- a/xen.te
+++ b/xen.te
@@ -207,7 +207,7 @@ tunable_policy(`xend_run_qemu',`
 # xend local policy
 #
 
-allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_admin sys_nice sys_tty_config net_raw };
+allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_admin sys_nice sys_tty_config net_raw sys_rawio };
 allow xend_t self:process { signal sigkill };
 
 # needed by qemu_dm
@@ -314,6 +314,8 @@ files_read_default_symlinks(xend_t)
 
 fs_read_removable_blk_files(xend_t)
 
+storage_read_scsi_generic(xend_t)
+
 term_setattr_generic_ptys(xend_t)
 term_getattr_all_ptys(xend_t)
 term_setattr_all_ptys(xend_t)