From Debian package 0.2.20091117-3

  * Allow watchdog_t to read/write /dev/watchdog

Index: policy/modules/kernel/devices.if
===================================================================
--- policy/modules/kernel/devices.if.orig
+++ policy/modules/kernel/devices.if
@@ -4571,7 +4571,7 @@
 
 ########################################
 ## <summary>
-##	Write to watchdog devices.
+##	Read/Write watchdog devices.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -4579,12 +4579,12 @@
 ##	</summary>
 ## </param>
 #
-interface(`dev_write_watchdog',`
+interface(`dev_rw_watchdog',`
 	gen_require(`
 		type device_t, watchdog_device_t;
 	')
 
-	write_chr_files_pattern($1, device_t, watchdog_device_t)
+	rw_chr_files_pattern($1, device_t, watchdog_device_t)
 ')
 
 ########################################
Index: policy/modules/services/watchdog.te
===================================================================
--- policy/modules/services/watchdog.te.orig
+++ policy/modules/services/watchdog.te
@@ -54,7 +54,7 @@
 corenet_sendrecv_all_client_packets(watchdog_t)
 
 dev_read_sysfs(watchdog_t)
-dev_write_watchdog(watchdog_t)
+dev_rw_watchdog(watchdog_t)
 # do not care about saving the random seed
 dev_dontaudit_read_rand(watchdog_t)
 dev_dontaudit_read_urand(watchdog_t)