diff --git a/public/init.te b/public/init.te
index 22754a313a77ae503985ce442e703cf613e7e286..bf43ad3cf475e23872d465f0dc477976d9e23eea 100644
--- a/public/init.te
+++ b/public/init.te
@@ -29,8 +29,8 @@ allow init device:file relabelfrom;
 allow init runtime_event_log_tags_file:file { open write setattr relabelto create };
 # /dev/socket
 allow init { device socket_device }:dir relabelto;
-# /dev/random, /dev/urandom
-allow init random_device:chr_file relabelto;
+# Relabel /dev nodes created in first stage init, /dev/null, /dev/ptmx, /dev/random, /dev/urandom
+allow init { null_device ptmx_device random_device } : chr_file relabelto;
 # /dev/device-mapper, /dev/block(/.*)?
 allow init tmpfs:{ chr_file blk_file } relabelfrom;
 allow init tmpfs:blk_file getattr;