POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT,
        POLICYDB_CAP_NETLINK_XPERM,
        POLICYDB_CAP_NETIF_WILDCARD,
+       POLICYDB_CAP_GENFS_SECLABEL_WILDCARD,
        __POLICYDB_CAP_MAX
 };
 #define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1)
 
 #include <linux/parser.h>
 #include <linux/vmalloc.h>
 #include <linux/lsm_hooks.h>
+#include <linux/parser.h>
 #include <net/netlabel.h>
 
 #include "flask.h"
        struct genfs *genfs;
        struct ocontext *c;
        int cmp = 0;
+       bool wildcard;
 
        while (path[0] == '/' && path[1] == '/')
                path++;
        if (!genfs || cmp)
                return -ENOENT;
 
+       wildcard = ebitmap_get_bit(&policy->policydb.policycaps,
+                                  POLICYDB_CAP_GENFS_SECLABEL_WILDCARD);
        for (c = genfs->head; c; c = c->next) {
-               size_t len = strlen(c->u.name);
-               if ((!c->v.sclass || sclass == c->v.sclass) &&
-                   (strncmp(c->u.name, path, len) == 0))
-                       break;
+               if (!c->v.sclass || sclass == c->v.sclass) {
+                       if (wildcard) {
+                               if (match_wildcard(c->u.name, path))
+                                       break;
+                       } else {
+                               size_t len = strlen(c->u.name);
+
+                               if ((strncmp(c->u.name, path, len)) == 0)
+                                       break;
+                       }
+               }
        }
 
        if (!c)