diff --git a/policy/modules/contrib/pcm.te b/policy/modules/contrib/pcm.te
index 0ac4be4786..3f4c26b106 100644
--- a/policy/modules/contrib/pcm.te
+++ b/policy/modules/contrib/pcm.te
@@ -17,7 +17,7 @@ allow pcmsensor_t self:process { ptrace setrlimit };
 
 kernel_read_proc_files(pcmsensor_t)
 kernel_read_debugfs(pcmsensor_t)
-kernel_write_nmi_watchdog_state(pcmsensor_t)
+kernel_rw_nmi_watchdog_state(pcmsensor_t)
 
 dev_rw_cpu_microcode(pcmsensor_t)
 # /sys/module/msr/parameters/allow_writes
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index b1e83a0ece..8b7ae00af3 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -4159,6 +4159,25 @@ interface(`kernel_read_security_state_symlinks',`
 	list_dirs_pattern($1, proc_t, proc_security_t)
 ')
 
+########################################
+## <summary>
+##	Allow caller to read/write nmi_watchdog state information.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+##
+#
+interface(`kernel_rw_nmi_watchdog_state',`
+	gen_require(`
+		type sysctl_t, sysctl_kernel_t, sysctl_nmi_watchdog_t;
+	')
+
+	rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_nmi_watchdog_t)
+')
+
 ########################################
 ## <summary>
 ##	Allow caller to write nmi_watchdog state information.