diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index ecb6642ebe..9f3a8db2a0 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -1806,3 +1806,21 @@ interface(`domain_dyntrans',`
 
     dyntrans_pattern($1, domain)
 ')
+
+########################################
+## <summary>
+##	Allow read perf_event file descriptors from all domains 
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`domain_read_perf_event_all_domains',`
+	gen_require(`
+		attribute domain;
+	')
+
+	allow $1 domain:perf_event read;
+')
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
index 8471d8d2b9..fd53f6fa95 100644
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -81,6 +81,8 @@ kernel_rw_unlabeled_rawip_socket(unconfined_t)
 kernel_rw_unlabeled_smc_socket(unconfined_t)
 kernel_rw_unlabeled_vsock_socket(unconfined_t)
 
+domain_read_perf_event_all_domains(unconfined_t)
+
 files_create_boot_flag(unconfined_t)
 files_create_default_dir(unconfined_t)
 files_root_filetrans_default(unconfined_t, dir)