diff --git a/container.te b/container.te
index a88fe27..533f978 100644
--- a/container.te
+++ b/container.te
@@ -1,4 +1,4 @@
-policy_module(container, 2.238.0)
+policy_module(container, 2.239.0)
 
 gen_require(`
 	class passwd rootok;
@@ -707,6 +707,14 @@ optional_policy(`
 	udev_read_db(container_runtime_domain)
 ')
 
+optional_policy(`
+	require {
+		type hsa_device_t;
+	}
+
+	allow container_domain hsa_device_t:chr_file rw_chr_file_perms;
+')
+
 optional_policy(`
 	gen_require(`
 		role unconfined_r;